Data streams

edit

This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.

Elastic Agent uses data streams to store append-only time series data across multiple indices while giving users a single named resource for requests. If you’re new to data streams, see the Fleet and Elastic Agent Guide to learn more.

apm input data is divided into three types:

Traces

Traces are comprised of spans and transactions. Traces are stored in the following data stream:

  • Application traces: traces-apm.<service.name>-<namespace>
Metrics

Metrics include application-based metrics and basic system metrics. Metrics are stored in the following data streams:

  • Application defined metrics: metrics-apm.<service.name>-<namespace>
  • APM internal metrics: metrics-apm.internal.<service.name>-<namespace>
  • APM profiling metrics: metrics-apm.profiling.<service.name>-<namespace>
Logs

Logs include application error events and application logs. Logs are stored in the following data streams:

  • Application logs: logs-<service.name>-<namespace>
  • APM error/exception logging: logs-apm.error.<service.name>-<namespace>

Service names

edit

The APM integration maps an instrumented service’s name–defined in each APM agent’s configuration–to the index that its data is stored in Elasticsearch. This process provides more granular security and retentions policies, and simplifies the overall APM experience. Service names therefore must follow index naming rules:

  • Service names are case-insensitive and must be unique. For example, you cannot have a service named Foo and another named foo.
  • Special characters will be removed from service names and replaced with underscores (_). Special characters include:

    '\\', '/', '*', '?', '"', '<', '>', '|', ' ', ',', '#', ':', '-'

Namespace

edit

There is no recommendation for what to use as your namespace; it’s intentionally flexible which allows greater control over how your data is indexed. For example, you might create namespaces for each of your environments, like dev, prod, production, etc. Or, you might create namespaces that correspond to strategic business units within your organization.