Elastic APM utilizes Elasticsearch’s cross-cluster search functionality. Cross-cluster search lets you run a single search request against one or more remote clusters — making it easy to search APM data across multiple sources. This means you can also have deployments per data type, making sizing and scaling more predictable, and allowing for better performance while managing multiple observability use cases.

Set up cross-cluster searchedit

Step 1. Set up remote clusters.

If you’re using the Hosted Elasticsearch Service, see Enable cross-cluster search.

You can add remote clusters directly in Kibana, under Management > Elasticsearch > Remote clusters. All you need is a name for the remote cluster and the seed node(s). Remember the names of your remote clusters, you’ll need them in step two. See managing remote clusters for detailed information on the setup process.

Alternatively, you can configure remote clusters in Elasticsearch’s elasticsearch.yml file.

Step 2. Edit the default APM app data views.

APM app data views determine which clusters and indices to display data from. Data views follow this convention: <cluster-name>:<index-pattern>.

To display data from all remote clusters and the local cluster, duplicate and prepend the defaults with *:. For example, the default data view for Error indices is logs-apm*,apm*. To add all remote clusters, change this to *:logs-apm*,*:apm*,logs-apm*,apm*

You can also specify certain clusters to display data from, for example, cluster-one:logs-apm*,cluster-one:apm*,logs-apm*,apm*.

There are two ways to edit the default data view: