Fleet and Elastic Agent overview

edit

Fleet and Elastic Agent overview

edit

Elastic Agent

edit

Elastic Agent is a single, unified way to add monitoring for logs, metrics, and other types of data to each host. A single agent makes it easier and faster to deploy monitoring across your infrastructure. The agent’s single, unified policy makes it easier to add integrations for new data sources.

For more information, refer to Elastic Agents.

Fleet

edit

Fleet provides a web-based UI in Kibana to add and manage integrations for popular services and platforms, as well as manage a fleet of Elastic Agents. Our integrations provide an easy way to add new sources of data, plus they ship with out-of-the-box assets like dashboards, visualizations, and pipelines to extract structured fields out of logs. This makes it easier to get insights within seconds.

Integrations page

Fleet Server

edit

Fleet Server is the mechanism to connect Elastic Agents to Fleet. It allows for a scalable infrastructure and is supported in Elastic Cloud and self-managed clusters. Fleet Server is a separate process that communicates with the deployed Elastic Agents. It can be started from any available x64 architecture Elastic Agent artifact.

For more information, refer to Fleet Server.

Elastic Package Registry

edit

The Elastic Package Registry is an online package hosting service for the integrations available in the Fleet UI in Kibana.

Kibana connects to the Elastic Package Registry at epr.elastic.co using the Elastic Package Manager, downloads the latest integration package and stores its assets in Elasticsearch. This process currently requires an internet connection because integrations are updated and released periodically.

If you are running a self-managed deployment, you may need to configure the outbound connection so that the Elastic Package Manager can reach the Elastic Package Registry.

To do so, add the following setting to your kibana.yml file:

xpack.fleet.registryProxyUrl: <your-proxy-address>

Integrations

edit

Kibana provides a web-based UI for configuring integrations with your data sources. This includes popular services and platforms like Nginx or AWS, as well as many generic input types like log files. For a list of available integrations, refer to Elastic Integrations.

The Elastic Agent policy allows you to use any number of integrations for data sources. You can apply the Elastic Agent policy to multiple agents, making it even easier to manage configuration at scale.

Add integration page

When you add an integration, you select the agent policy to use then configure inputs for logs and metrics, such as the path to your Nginx access logs. When you’re done, you save the integration to update the Elastic Agent policy. The next time enrolled agents check in, they receive the update. Having the policies automatically deployed is more convenient than doing it yourself by using SSH, Ansible playbooks, or some other tool.

For more information, refer to Integrations.

If you prefer infrastructure as code, you may use YAML files and APIs. Fleet has an API-first design. Anything you can do in the UI, you can also do using the API. This makes it easy to automate and integrate with other systems.

Elastic Agent self-protection

edit

On MacOS and Windows, Elastic Agent can self-protect against malicious users and attackers when the Endpoint Security integration is added to the agent policy. For more information, refer to Elastic Endpoint self-protection.

Central management in Fleet

edit

You can see the state of all your Elastic Agents in Fleet. On the Agents page, you can see which agents are online, which have errors, and the last time they checked in. You can also see the version of the Elastic Agent binary and policy.

Agents page

Fleet serves as the communication channel back to the Elastic Agents. Agents check in for the latest updates on a regular basis. You can have any number of agents enrolled into each agent policy, which allows you to scale up to thousands of hosts. When you make a change to an agent policy, all the agents receive the update during their next check-in. You no longer have to distribute policy updates yourself.

Data streams make index management easier

edit

The data collected by Elastic Agent is stored in indices that are more granular than you’d get by default with the Beats shippers or APM Server. This gives you more visibility into the sources of data volume, and control over lifecycle management policies and index permissions. These indices are called data streams.