Hi
How do you configure Elastic Agent to stream security logs to a dedicated instance of Elasticsearch and other data to a different instance of ElsticSearch? I want two segregated instances of Elasticsearch: one dedicated to support SIEM functionality; second to support obervability/enterprise system performance monitoring. I want to avoid performance monitoring impacting the operational performance of the SIEM functionality.
Thanks.
From Elastic Search to Beats
Added elastic-agent
Hi @starstone
Today (8.15.2), Elastic Agent can only ship telemetry to a single output per Agent / Fleet Policy, even when the policy has multiple integrations. That is an Elastic Agent limitation.
However if you look/follow this issue you will you will see that the feature for defining and output per integration well under development. You can follow this. We do not announce future feature release dates on this discuss forum.
You can also create an architecture like
Elastic Agent -> Logstash -> To Many Elasticsearch Clusters
@stephenb Thanks for the advice. I get it. I look forward to the release of the new enhancement.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.