Elastic Entity Model
Learn about the model that empowers entity-centric Elastic solution features and workflows.
The Elastic Entity Model consists of:
- a data model and related entity indices
- an Entity Discovery Framework, which consists of transforms and Ingest pipelines that read from signal indices and write data to entity indices
- a set of management APIs that empower entity-centric Elastic solution features and workflows
In the context of Elastic Observability, an entity is an object of interest that can be associated with produced telemetry and identified as unique. Note that this definition is intentionally closely aligned to the work of the OpenTelemetry Entities SIG. Examples of entities include (but are not limited to) services, hosts, and containers.
The concept of an entity is important as a means to unify observability signals based on the underlying entity that the signals describe.
Notes
- The Elastic Entity Model currently supports the new service inventory experience limited to service-based entities (as identified by
service.name
) located in data identified bylogs-*
andfilebeat*
index patterns - During Technical Preview, Entity Discovery Framework components are not enabled by default
Enable the Elastic Entity Model
Required role
The Admin role or higher is required to enable the Elastic Entity Model. To learn more, refer to Assign user roles and privileges.
During Technical Preview, the Elastic Entity Model is enabled when you turn on the entity-centric service inventory described in New services experience.
Disable the Elastic Entity Model
Required role
The Admin role or higher is required to enable the Elastic Entity Model. To learn more, refer to Assign user roles and privileges.
From the Dev Console, run the command: DELETE kbn:/internal/entities/managed/enablement