Set integration-level outputs
editSet integration-level outputs
editIf you have an Enterprise
Elastic Stack subscription, you can configure Elastic Agent data to be sent to different outputs for different integration policies. Note that the output clusters that you send data to must also be on the same subscription level.
Integration-level outputs are very useful for certain scenarios. For example:
- You can may want to send security logs monitored by an Elastic Agent to one Logstash output, while informational logs are sent to a another Logstash output.
- If you operate multiple Beats on a system and want to migrate these to Elastic Agent, integration-level outputs enable you to maintain the distinct outputs that are currently used by each Beat.
Order of precedence
editFor each Elastic Agent, the agent policy configures sending data to the following outputs in decreasing order of priority:
- The output set in the integration policy.
- The output set in the integration’s parent Elastic Agent policy. This includes the case where an integration policy belongs to multiple Elastic Agent policies.
- The global, default data output set in the Fleet settings.
Configure the output for an integration policy
editTo configure an integration-level output for Elastic Agent data:
- In Kibana, go to Integrations.
- On the Installed integrations tab, select the integration that you’d like to update.
- Open the Integration policies tab.
- From the Actions menu next to the integration, select Edit integration.
- In the integration settings section, expand Advanced options.
- Use the Output dropdown menu to select an output specific to this integration policy.
- Click Save and continue to confirm your changes.
View the output configured for an integration
editTo view which Elastic Agent output is set for an integration policy:
- In Fleet, open the Agent policies tab.
- Select an Elastic Agent policy.
- On the Integrations tab, the Output column indicates the output used for each integration policy. If data is configured to be sent to either the global output defined in Fleet settings or to the integration’s parent Elastic Agent policy, this is indicated in a tooltip.