Hey all,
As time is going on, it appears that elastic in peeling functionality out of individual beats, and diverting it to elastic agents (ex. Remove RSA2ELK deprecated modules by pkoutsovasilis · Pull Request #38037 · elastic/beats · GitHub). This is all well and good, but for Searchguard users, who need to disable the builtin security plugin, we aren’t able to utilize fleet, and the idea of a ‘fleet management cluster’ that tells the agents to send data into the searchguard enabled cluster doesn’t work, as you need a paid version of elastic in order to configure remote cluster output in elastic agents (based on my testing at least). Given those pieces of information, what does the future look like for Searchguard users? Might it be possible to do some work to make fleet operable with Searchguard enabled, or are those of us using that functionality going to need to migrate to an elastic license? Maybe the migration of Elastic back to an open source license (Elasticsearch is Open Source, Again | Elastic Blog) perhaps there’s some option I’m not considering. Given how useful the modules and integrations are, especially for the standardization of fields, it would be a shame to eventually lose access to those features.
Just food for thought.