Currently in progress of migrating from standalone beats to Fleet Agent Policies.
Currently got a Custom Application Observability production ES cluster and a remote monitoring ES cluster, both Air Gapped v.8.19 clusters.
Have deployed Fleet Service on the monitoring cluster and currently got agents/policies monitoring both ES clusters ingesting into the monitoring cluster.
Thus the default ES Output is pointing at the monitoring cluster (Fleet→Settings→Outputs), but also defined a second Fleet Output pointing at the production cluster, intended for usage in Fleet→Policies→custom-app-agent-policy→Settings→Output→Output for integrations, while keeping the Fleet→Policies→custom-app-agent-policy→Settings→Output→Output for agent monitoring pointing at default Output aka the monitoring cluster when having agent monitoring enabled.
Only the Kibana UI Dropdown list are showing both global Fleet Outputs but they are dimmed out in Fleet→Policies→ custom-app-agent-policy→Settings→Output→Output for integrations, thus I seem not to be able to select another output that default (aka pointing to the monitoring cluster) for Integrations, why not?
Isn’t this single monitor-residing Fleet Service architecture a proper way to being able to apply Agents to multiple clusters?
As mentioned in the documentation for Set integration-level outputs, having per integration or policy output requires a proper subscription license level. Either Platinum or Enterprise subscription is required. Depending on if you require per policy or integration.
With the basic license you cannot have different outputs, with the platinum license you can have different outputs per policy and with the enterprise license you can have different outputs per integration.
One alternative would be to use Logstash as the default output and then do the redirect logic in Logstash.
Plaining Entrprise on production cluster following. So for now either deploy a second Fleet service on production cluster for Custom App Agents or ingest through a logstash instance(s) which can redirect between multiple outputs eg. based on our Custom App tags, something to consider….
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
