Security rules over remote clusters

Hello, I've setup an infrastructure with a central Elastic cluster and other remote connected using "Remote clusters" feature.
When I create detection rules I set the index pattern like :filebeat to match events also from remote cluster.
What about one of this goes offline temporarily?
I saw a failure on rule like that: Bulk Indexing of signals failed: {"error":{"root_cause":[{"type":"connect_transport_exception","reason":"[] connect_exception"}],.....
and seems rules isn't working anymore.
Is there a way to run the rule using the connected clusters and ignore the offline ones? I don't want to have all rules stopped until a remote cluster come back online.


Hi @Enrico_Pasqualotto! Thanks for your question. Can you use the skip_unavailable flag as documented here? Search across clusters | Elasticsearch Guide [8.3] | Elastic

Hope this helps!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.