I'm trying out the new Ingest Manager on 7.9.1, all looks great!
I was wondering if anyone could clarify how best to design configurations and integrations.
Consider this setup:
All hosts require "System" and "Endpoint" integration.
A subset of those hosts also require for example "Nginx"
A different subset of those hosts require for example "Apache"
Lets also assume a further subset may require both "Nginx" and "Apache"
Are we to define separate configurations for each integration, then enroll 3 times? (probably not)
Or must we create separate configs, like "System+Endpoint+Nginx" or "System+Endpoint+Apache" and
"System+Endpoint+Apache+Nginx"? (seems convoluted)
Or, do we perhaps add system and endpoint integration into every config, and create separate for those that may differ? (for instance, "nginx", "apache", "nginx+apache".
At this time, the recommended solution is to create separate configs like you described that contain different sets of integrations that you want to use across your agents:
"System+Endpoint+Nginx" or "System+Endpoint+Apache" and
"System+Endpoint+Apache+Nginx"
We are actively considering how we can make this experience better for future releases, such as being able to reuse the same integration across multiple agent configs, or allowing constraints to be added when an integration is being configured so that they are able to target certain agents based on some criteria (actually, Elastic Agent has some support for this today, but the spec is not fully fleshed out, so adding constraints is not surfaced in Ingest Manager UI yet).
With the constraints model, you can imagine having one System+Endpoint+Apache+Nginx config where Apache and Nginx integrations are configured to only run on certain agents based on (for example) what OS the agents are running.
Thanks for trying out Ingest Manger and Elastic Agent and letting us know of your use case!
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.