- Observability: other versions:
- Get started
- What is Elastic Observability?
- What’s new in 8.17
- Quickstart: Monitor hosts with Elastic Agent
- Quickstart: Monitor your Kubernetes cluster with Elastic Agent
- Quickstart: Monitor hosts with OpenTelemetry
- Quickstart: Unified Kubernetes Observability with Elastic Distributions of OpenTelemetry (EDOT)
- Quickstart: Collect data with AWS Firehose
- Add data from Splunk
- Applications and services
- Application performance monitoring (APM)
- Get started
- Learn about data types
- Collect application data
- View and analyze data
- Act on data
- Use APM securely
- Manage storage
- Configure APM Server
- Monitor APM Server
- APM APIs
- Troubleshooting
- Upgrade
- Release notes
- Known issues
- Synthetic monitoring
- Get started
- Scripting browser monitors
- Configure lightweight monitors
- Manage monitors
- Work with params and secrets
- Analyze monitor data
- Monitor resources on private networks
- Use the CLI
- Configure projects
- Multi-factor Authentication
- Configure Synthetics settings
- Grant users access to secured resources
- Manage data retention
- Use Synthetics with traffic filters
- Migrate from the Elastic Synthetics integration
- Scale and architect a deployment
- Synthetics support matrix
- Synthetics Encryption and Security
- Troubleshooting
- Real user monitoring
- Uptime monitoring (deprecated)
- Tutorial: Monitor a Java application
- Application performance monitoring (APM)
- CI/CD
- Cloud
- Infrastructure and hosts
- Logs
- Troubleshooting
- Incident management
- Data set quality
- Observability AI Assistant
- Reference
Elastic Entity Model
editElastic Entity Model
editThis functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
The Elastic Entity Model consists of:
- a data model and related entity indices
- an Entity Discovery Framework, which consists of transforms and Ingest pipelines that read from signal indices and write data to entity indices
- a set of management APIs that empower entity-centric Elastic solution features and workflows
In the context of Elastic Observability, an entity is an object of interest that can be associated with produced telemetry and identified as unique. Note that this definition is intentionally closely aligned to the work of the OpenTelemetry Entities SIG. Examples of entities include (but are not limited to) services, hosts, and containers.
The concept of an entity is important as a means to unify observability signals based on the underlying entity that the signals describe.
- The Elastic Entity Model currently supports the new Inventory experience limited to service, host, and container entities.
- During Technical Preview, Entity Discovery Framework components are not enabled by default.
Enable the Elastic Entity Model
editYou can enable the Elastic Entity Model from the new Inventory. If already enabled, you will not be prompted to enable the Elastic Entity Model.
The following Elasticsearch privileges are required:
Index privileges |
names: [ names: [ |
Cluster privileges |
|
Application privileges |
application: |
For more information, refer to Security privileges in the Elasticsearch documentation.
Disable the Elastic Entity Model
editFrom the Dev Console, run the command: DELETE kbn:/internal/entities/managed/enablement
The following Elasticsearch privileges are required to delete Elasticsearch resources:
Index privileges |
names: [ |
Cluster privileges |
|
Application privileges |
application: |
Limitations
edit- Cross-cluster search (CCS) is not supported. EEM cannot leverage data stored on a remote cluster.
-
Services are only detected from documents where
service.name
is detected in index patterns that match eitherlogs-*
orapm-*
.