0

I'm currently using a the trial of Elastic Cloud for my project.

I would like to be able to monitor 2 infrastructures at the same time, I have created a space for each infrastructure as well as 2 agent policies linked to the agents of their own infrastructure.

I was wondering if there was a way to separate the agents by agent policy, for example with a filter, to get only the agents belonging to the space of the chosen infrastructure or by another way.

Thanks in advance for your help

Sénéchal Julien
  • 43
  • 9

1 Answers1

1

It's definitely possible to create filtered aliases and then in each Kibana space you can create an index pattern over each alias to only show the data relevant to the underlying agent in the relevant space.

Val
  • 207,596
  • 13
  • 358
  • 360
  • Sorry but i'm trying to understand. I've to create an alias of an index patern to create an index pattern to only show the data for a specific agent ? Sorry i'm learning. Do you have an exemple for me please ? – Sénéchal Julien Mar 07 '22 at 12:54
  • Can you explain which kind of monitoring data you'll be sending to the cluster? – Val Mar 07 '22 at 13:04
  • I'm sending metrics and logs from an Azure Infrastructure – Sénéchal Julien Mar 07 '22 at 13:20
  • Using Metricbeat and Filebeat? – Val Mar 07 '22 at 13:30
  • Yes with Elastic Agents and i get some informations with a "custom" filebeat – Sénéchal Julien Mar 07 '22 at 13:31
  • Does each agent send the data in their own index or they all send the data in the same index? – Val Mar 07 '22 at 13:32
  • Each agent are sending the data to the same index because it's like that by default. – Sénéchal Julien Mar 07 '22 at 13:36
  • I think I just understood your explanation, I tried to make an alias of my metric-* index with a filter to retrieve in my alias only the documents linked to a single machine. And it works. But the problem is that I would like to do this for a whole agent policy, there is no way ? – Sénéchal Julien Mar 07 '22 at 13:36
  • You can apply filters on any searchable field that you can find in your documents, I'm not sure the agent policy is saved in a field though – Val Mar 07 '22 at 13:52
  • I see... Thank you so much for your help, you just gave me a huge help for my final thesis. Can I put you in the acknowledgements ? – Sénéchal Julien Mar 07 '22 at 13:56