New setup framework in 6.0 is not so good for large deployments

[vbohata]

In 6.0 if I need to import winlogbeat's (or any other beat's) dashboard, templates I will have to use setup command for winlogbeat. This requires connection to kibana and to elasticsearch. Usually beats are connected to logstash, the logstash is connected to kafka ... so there is no direct connection (even from security point of view it is disallowed) from beats to elasticsearch. So I will have to export it from winlogbeat and because we are using linux based infrastructure for elastic I will have to use another beat to import winlogbeat things. I think it is not a flexible design and there should be some special "loader" ... so some loader application which could be called from ansible for example and this loader will contain all templates for all the beats and also for logstash modules dashboards ... because currently I even did not see the option to change index patterns for e.g. arcsign module in logstash. But I can change it in setup fw in beats.

So it would be very nice feature to have some kind of dashboard_and_templates_loader app and just run it from some tool like ansible with arguments like "-beat winlogbeat - dashboards" or "-logstash -module arcsign -dashboards".

Current design is great for small deployments but this would be great for every kind of deployment.

[exekias]

I guess in your case a different instance of winlogbeat, with access to Kibana would be your loader, isn't it?

[vbohata]

Theoretically if winlogbeat could be run under linux I could use it to load its own dashboards, templates into ES and make it automatically. Currently it seems the "setup" principle will be used more even in logstash so there should be more unified solution to handle it.

[botelastic[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[botelastic[bot]]

This issue doesn't have a Team:<team> label.