Elastic APM utilizes Elasticsearch’s cross-cluster search functionality. Cross-cluster search lets you run a single search request against one or more remote clusters — making it easy to search APM data across multiple sources. This means you can also have deployments per data type, making sizing and scaling more predictable, and allowing for better performance while managing multiple observability use cases.
Set up cross-cluster searchedit
Step 1. Set up remote clusters.
If you’re using the Hosted Elasticsearch Service, see Enable cross-cluster search.
You can add remote clusters directly in Kibana, under Management > Elasticsearch > Remote clusters. All you need is a name for the remote cluster and the seed node(s). Remember the names of your remote clusters, you’ll need them in step two. See managing remote clusters for detailed information on the setup process.
Alternatively, you can configure remote clusters
Step 2. Edit the default APM app data views.
APM app data views determine which clusters and indices to display data from.
Data views follow this convention:
To display data from all remote clusters and the local cluster,
duplicate and prepend the defaults with
For example, the default data view for Error indices is
To add all remote clusters, change this to
You can also specify certain clusters to display data from, for example,
There are two ways to edit the default data view:
In the APM app — Navigate to APM > Settings > Indices, and change all
xpack.apm.indices.*values to include remote clusters.
kibana.yml— Update the
xpack.apm.indices.*configuration values to include remote clusters.
Intro to Kibana
ELK for Logs & Metrics