I have a question about forwarding Beat data from a Customer's network to an offsite network. The idea is to get insight in the hosts data, retrieve those data with agents(Beats) and process them on a separate system within their network. Once processed, forward the data through a VPN Tunnel to the Elasticsearch cluster which will analyse the data.
I know it's really easy to set up the following situation: Hosts(auditbeat,packetbeat etc.) -> sends data directly to Elasticsearch over the VPN. This is not ideal, this would expose the external network CIDR and ES ip-address to those hosts.
A more ideal situation would be: Hosts -> sends data to forwarder within the same network -> forwarder sends data to offsite ES cluster.
I know Splunk has a forwarding/collector solution for this, I'm not sure if Elastic ever thought about this situation.