I have a technical doubt regarding the capabilities of Kibana. I currently run an Elasticsearch Cluster with some storage issues and we cannot increase the storage size due to some limitations. However, we do have the resources to create another cluster in a different network segment. My question is if it is possible to run one single instance of Kibana and use it with the two clusters. In that case, what would that look like? Would I notice something different in Kibana, besides the number of indexes?
To my current understanding, this setup should work since Kibana only cares about indexes, and the searching is done through index templates, so as long as I keep those working, it should be ok, I think.
No, it is not possible, Kibana can only connects to one Elasticsearch cluster.
What you can do is to use Cross-cluster Search, you would still have your Kibana connected to your main cluster, but you would be able to search on the data on another cluster.
Check this documentation explaining what Cross Cluster Search is and the steps to configure it.
Thank you for showing me the right direction, I later did some quick lookups with this in mind and everything points to the same documentation.
I have some questions that I haven't found an answer to, yet:
Taking into account the cross-cluster search enabled, I'm not sure how this affects Kibana from the perspective of a user. Would I be able to keep running searches normally and keep all of my dashboards working, regardless of the cluster where the indexes are?
According to the documentation, to add a remote cluster I need to choose between 2 security models. Is this mandatory? Does it affect the security model applied to ELKS?? (For instance, if I use the TLS model, would I need to use it also with Kibana, Logstash and so on?)
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.