Is it mutitenecy supported by ELK?

japarka2 · August 27, 2020, 11:53am

He Tam,

We need to monitor multiple accounts servers from centralize location.
what data collection method is used by Beat ? weather pull by ElasticSearch or push by Beat to Elastic ?
if any failure in network in between Beat and ElasticSearch can data store locally and push on schedule time ?

How we can add multiple account server and segregation based on the account name in dashboard?
what the option available for windows server monitoring?
Is it multi tenecy supported by ELK ?

japarka2 · August 31, 2020, 3:01am

How to aggregate the host from multiple account under on ELK stack for more details

warkolm · August 31, 2020, 4:21am

Elasticsearch is passive in its approach, so you need to push data to it. Beats will pull the information from their source, and push to Elasticsearch.
If Beats cannot connect to Elasticsearch, it will remember the file location, or cache data locally so that it can send it over when it can reconnect.

On your points;

Yes, Security can handle that
Metricbeat can collect metrics, Winlogbeat will pull event log data, Filebeat can collect other file based data. It depends on what you need
Depends on what you mean by this. It can handle multiple users reading the data. It can handle multiple sources of data

japarka2 · August 31, 2020, 4:53am

Is possible to push the Data transportation from Beat to ElasticSearch as per schedule houlry instead of continuously

warkolm · August 31, 2020, 4:56am

Not natively, you'd need to wrap each Beat with something to manage this.

system · September 28, 2020, 4:56am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.