How do you configure Elastic Agent to stream security logs to a dedicated instance of Elasticsearch and other data to a different instance of ElsticSearch? I want two segregated instances of Elasticsearch: one dedicated to support SIEM functionality; second to support obervability/enterprise system performance monitoring. I want to avoid performance monitoring impacting the operational performance of the SIEM functionality.
Today (8.15.2), Elastic Agent can only ship telemetry to a single output per Agent / Fleet Policy, even when the policy has multiple integrations. That is an Elastic Agent limitation.
However if you look/follow this issue you will you will see that the feature for defining and output per integration well under development. You can follow this. We do not announce future feature release dates on this discuss forum.
You can also create an architecture like
Elastic Agent -> Logstash -> To Many Elasticsearch Clusters
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.