From the course: Learning Elastic Stack
Introducing Elastic Agent - Elastic Stack Tutorial
From the course: Learning Elastic Stack
Introducing Elastic Agent
- [Instructor] We'll be using Elastic Agent for ingesting data in this course. Let's talk a little about what it is and how it works. When Elastic Agent was released, it was described as a single, unified agent for both observability and security. Let's break that down to help understand what the agent is and what makes it different from previous tools. First, the word single, this is to contrast Elastic Agent to Beats, which require deploying different tools for handling different types of data. Next, the word unified. Beats would each connect independently to the Elastic Stack. Elastic Agent introduces a concept called data streams. A single agent handles shipping data from multiple streams into the stack so the connection is unified, but the data can still be kept separate and granular within the stack. And finally, agent, previous tools needed to be configured and managed on the server that was shipping the data. Dynamically making changes to how data was shipped, required using a third party tool like Puppet agent. That's no longer needed because Elastic Agent is an agent, we can deploy configuration changes to it from a central server. That brings us to Fleet Server, which is the server counterpart to Elastic Agent. Fleet Server allows you to centrally manage Elastic Agents from Kibana. It can deploy config changes to Elastic Agents, for example, doing things like changing which log files are monitored or adjusting some of the pre-processing of data before it's shipped to Elastic Stack. Fleet monitors the health of the agents themselves and even supports remote upgrades for the agents. With Fleet, we can deploy new integrations to the Elastic Agents, which means we can add support for new data sources without having to manually deploy tools to each server individually. Integrations are the other new concept that was introduced with Elastic Agent and Fleet Server. Integrations are a way of adding support for new data sources. They offer a more curated experience than just manually monitoring a log file, for example. Integrations already know how to handle common data formats. For example, a database server integration will know how to handle the log files and pull out meaningful fields. They also provide things like dashboards and visualizations, and support for more advanced Elastic features like machine learning based anomaly detection. All of this means that integrations are more straightforward to set up compared to using Beats or Logstash directly. Finally, there are a couple of custom integration types like using an arbitrary file or API, which replaces most of the remaining use cases for standalone Beats or using Logstash to ship data.
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
