One Kibana for three clusters

Based on the discussion threads I've reviewed and my understanding, Kibana can connect to only one Elasticsearch cluster. Even if Cross-Cluster Search (CCS) and Cross-Cluster Replication (CCR) are configured, Kibana still depends on its primary Elasticsearch cluster.

If Kibana is connected to Elasticsearch Cluster 1 and Cluster 1 becomes unavailable, Kibana will also become unavailable.

Can you please confirm if this understanding is correct? Also, is there any supported approach to keep Kibana operational if the primary Elasticsearch cluster goes down?

Welcome!

Yes. Your understanding is correct.

Kibana is designed to connect to a single Elasticsearch cluster as its primary backend. It can be configured with multiple elasticsearch.hosts, but those hosts are expected to be nodes in the same cluster, not different independent clusters. If one node is unavailable, Kibana can fail over to another node in that same cluster.

I don't really expect to have a full cluster having a fault. A single Elasticsearch instance might have a failure but that won't break the whole cluster unless you have one single node.

CCS/CCR do not change this dependency model:

  • CCS lets the primary/local Elasticsearch cluster query remote clusters.
  • CCR replicates indices between clusters.
  • But Kibana still connects to its primary/local cluster and relies on it for saved objects, security/session state, APIs, and general operation.

So if Kibana is connected to Cluster 1 and Cluster 1 becomes unavailable, Kibana will also become unavailable, even if CCS/CCR to Cluster 2 are configured.

The supported approach is to make the primary Elasticsearch cluster highly available, rather than expecting Kibana to fail over across independent clusters.

Typical supported patterns:

  • Run a multi-node Elasticsearch cluster
  • Configure Kibana with multiple elasticsearch.hosts pointing to nodes in that same cluster, or use a load balancer
  • In orchestrated environments, rely on the platform’s built-in load-balanced Elasticsearch endpoint

Hope this helps.