Update Fleet documentation to indicate that Defend does not support using a remote cluster #6711
Comments
|
Yeah, that one or this one seem the right place. |
|
Thanks @ferullo. I'll open a pull request to add a note indicating that remote Elasticsearch outputs are not supported for Elastic Agents using the Elastic Defend integration. I should get to it today or tomorrow. |
|
@ferullo I just wanted to check something. On the Fleet Remote Elasticsearch output page we already have a warning about Elastic Defend response actions not working. Shall I just change that warning to indicate that the Elastic Defend integration isn't currently supported at all with a remote Elasticsearch cluster, or do you think the warning as it is already covers the problem? 
|
|
Oh interesting. I didn't realize that was there. Thanks for the callout @kilfoyle ! @caitlinbetz @roxana-gheorghe @dasansol92 what are you thoughts? I doubt we want to fully document what doesn't work but the current warning is narrower than it should be. FWIW, here's what I know won't work with remote ES output:
|
|
@ferullo I've opened elastic/ingest-docs#1759 to add the limitations that you've noted above. I'm not at all familiar with the Security app though, so please suggest any changes that you think we may need for the text. |
What can we change to make the docs better?
In the Fleet output settings users can set up Agent Integrations and Agent Monitoring so they go to different clusters. Doing that causes problems with Defend, we should mention that it is not supported yet.
Doc URL
No response
Which documentation set needs improvement?
ESS and serverless
Software version
This has been the case since remote ES support was added. I can figure out that version if you don't know already it.
The text was updated successfully, but these errors were encountered: