Filebeat and Okta System Logs HA scenario

Hi guys,

I need to send Okta System Logs to our Elastic Cloud tenant and I'm looking for a scenario that satisfies active-active or active-passive high availability configuration.
In case of the active-active one, 2 concurrent filebeat instances will run in 2 different AWS AZs as per AWS Best Practices, but I don't know if this is a valid scenario as per as the Okta integration works.
In case of the active-passive one, how can I make the passive start where the active finished so as to avoid duplication?
Any useful idea will be appreciated.



it's only an idea, so to avoid duplication, you can use the filebeat.registry.path configuration option. This option specifies the location where Filebeat keeps its registry file, which is used to track the last read offset. By storing this file on a shared filesystem accessible from both AZs, you can ensure that both Filebeat instances start reading from where the other one left off.


Dear @yago82

your idea is the best workaround I found until now, thanks man.