SlideShare a Scribd company logo

2020 07-30 elastic agent + ingest management

D
Daliya Spasova

elastic agent + ingest management

Education
1 of 46
Download to read offline
Nicolas Ruflin (@ruflin) Engineer at Elastic 2020-07-30 Technical deep dive into Elastic Agent + Ingest Manager
Agenda • Teaser on all the parts that are new • Demo • Technical overview • Questions / Discussions
About me • Engineer at Elastic for 5 years • Tech Lead Ingest Management project • Switzerland based • @ruflin
Reimagine the way how to ingest data into the Elastic Stack
Let’s start teasing
Beats to Elastic Agent
Heartbeat Winlogbeat Metricbeat Filebeat Security APM Many Beats & agents today Elastic Agent Easier to install Easier to upgrade Easier to scale One unified Agent tomorrow
Modules to Integrations
Beats modules today Integrations tomorrow ● One click, right in Kibana ● Recommendations ● Share with the community
Config UI
Configuration files today Configuration UI tomorrow ● Minimal input ● Out of the box defaults ● Logs & metrics combined
Central Agent Management
Config management today You’re on your own... ● Powershell / Bash ● Ansible ● Puppet ● Chef ● ServiceNow Fleet central mgmt tomorrow ● Configuration updates automatically ● Binaries update automatically ● View status of Agents
Password to API Keys
User/pass today Keys tomorrow ● No need to input user/pass ● More secure
Demo
Demo • Enroll agent • Show collecting out of the box • Collect nginx data • Everything is API based
Technical overview
Our components
Indexing Strategy
Indexing Strategy
Current Indexing strategy • filebeat-*, metricbeat-* • Beats load all the assets ‒ Index Template ‒ ILM Policy
Problems with the current strategy • Too many fields • ILM only for logs or metrics • Query always on all data • Bootstrapping tricky • User modifications break things
New Indexing Strategy • {type}-{dataset}-{namespace} • type: generic type of data (logs, metrics, traces, ...) • dataset: Set of data with the same structure / mapping (nginx.access) • namespace: Use configurable namespace (prod, testing) • Example: logs-nginx.access-default • Default: logs-generic-default
Indexing Strategy: Bootstrapping and Templates • Generic templates ‒ logs-*-*, metrics-*-* ‒ ECS Based ‒ Loaded by Elasticsearch • Dataset specific templates ‒ logs-nginx.access-* ‒ Ingest pipeline attached to index ‒ Loaded by Ingest Manager
Indexing Strategy: Elasticsearch Features • Problem: Could not be built on the existing Elasticsearch features • New features ‒ constant_keywords ‒ component templates ‒ Data streams • More details on these in a separate talk
Elastic Agent One agent to rule them all
Elastic Agent
Elastic Agent • Runs and manages processes ‒ Today: Metricbeat, Filebeat, Endpoint ‒ Potential future: *beat, Apm-Server • Communication through GRPC • Two modes ‒ Managed by Fleet ‒ Standalone • Unified configuration for all inputs • Upgrade
Elastic Agent Config
Agent Config
Agent Config inputs: - type: nginx/metrics hosts: http://127.0.0.1 streams: - dataset.name: nginx.stub_status metricset: stub_status - type: logs streams: - dataset.name: nginx.access paths: /var/log/nginx/access.log* - dataset.name: nginx.error paths: /var/log/nginx/error.log*
Elastic Package Registry Central place for all packages
Package Registry
Package Registry https://epr.elastic.co/search
Packages
Packages • Contains assets and configs for the Elastic Stack • Package manager knows how to install, upgrade, remove each asset • Delivered as .tar.gz file • Logs, metrics together in one package
Package Structure: Supported Assets Today • Elasticsearch ‒ Index Template v2 ‒ ILM Policy ‒ Ingest Pipeline • Kibana ‒ Dashboard ‒ Visualization, Map ‒ Search ‒ Index Pattern • Agent ‒ Stream Template Future • Elasticsearch ‒ ML Job ‒ Data • Kibana ‒ Alert ‒ Action ‒ Canvas Template ‒ SIEM rules Note: Any asset type in the Stack can be added to this list
Config Builder
Packages
Agent Config: You can build your own config UI # Stream template dataset.name:nginx.access {{#each paths}} paths: "{{this}}" {{/each}} exclude_files: [".gz$"] processors: - add_locale: ~ # dataset manifest streams: - input: logs title: ... description: ... template_path: stream.yml.hbs vars: - name: paths required: true default: - /var/../access.log* # Stream config - dataset: nginx.access paths: - /var/log/nginx/access.log* exclude_files: - .gz$ processors: - add_locale: ~ + = Note: In case there is a shared config across streams, the package manifest has vars # package manifest datasources: - name: nginx inputs: - type: logs
Agent Config Built inputs: - type: nginx/metrics hosts: http://127.0.0.1 streams: - dataset.name: nginx.stub_status metricset: stub_status - type: logs streams: - dataset.name: nginx.access paths: /var/log/nginx/access.log* - dataset.name: nginx.error paths: /var/log/nginx/error.log*
FAQ
FAQ • How can I start using this? ‒ Start 7.8 Cloud cluster with xpack.ingestManager.enabled: true ‒ Download 7.8 Elastic Agent ‒ Soon: Run 7.9 • Do you have an API? ‒ Yes, it is all API based • Indexing strategy ‒ Can I use it also without agent? Yes
Try it out!
Questions? Search. Observe. Protect.

Recommended

Elastic Stack Introduction
Elastic Stack IntroductionElastic Stack Introduction
Elastic Stack IntroductionVikram Shinde
 
Elastic stack Presentation
Elastic stack PresentationElastic stack Presentation
Elastic stack PresentationAmr Alaa Yassen
 
Keeping Up with the ELK Stack: Elasticsearch, Kibana, Beats, and Logstash
Keeping Up with the ELK Stack: Elasticsearch, Kibana, Beats, and LogstashKeeping Up with the ELK Stack: Elasticsearch, Kibana, Beats, and Logstash
Keeping Up with the ELK Stack: Elasticsearch, Kibana, Beats, and LogstashAmazon Web Services
 
Log management with ELK
Log management with ELKLog management with ELK
Log management with ELKGeert Pante
 
Elasticsearch
ElasticsearchElasticsearch
ElasticsearchShagun Rathore
 
Elastic - ELK, Logstash & Kibana
Elastic - ELK, Logstash & KibanaElastic - ELK, Logstash & Kibana
Elastic - ELK, Logstash & KibanaSpringPeople
 
What Is ELK Stack | ELK Tutorial For Beginners | Elasticsearch Kibana | ELK S...
What Is ELK Stack | ELK Tutorial For Beginners | Elasticsearch Kibana | ELK S...What Is ELK Stack | ELK Tutorial For Beginners | Elasticsearch Kibana | ELK S...
What Is ELK Stack | ELK Tutorial For Beginners | Elasticsearch Kibana | ELK S...Edureka!
 
ELK Stack
ELK StackELK Stack
ELK StackPhuc Nguyen
 

Recommended

Elastic Stack Introduction
Elastic Stack IntroductionElastic Stack Introduction
Elastic Stack IntroductionVikram Shinde
 
Elastic stack Presentation
Elastic stack PresentationElastic stack Presentation
Elastic stack PresentationAmr Alaa Yassen
 
Keeping Up with the ELK Stack: Elasticsearch, Kibana, Beats, and Logstash
Keeping Up with the ELK Stack: Elasticsearch, Kibana, Beats, and LogstashKeeping Up with the ELK Stack: Elasticsearch, Kibana, Beats, and Logstash
Keeping Up with the ELK Stack: Elasticsearch, Kibana, Beats, and LogstashAmazon Web Services
 
Log management with ELK
Log management with ELKLog management with ELK
Log management with ELKGeert Pante
 
Elasticsearch
ElasticsearchElasticsearch
ElasticsearchShagun Rathore
 
Elastic - ELK, Logstash & Kibana
Elastic - ELK, Logstash & KibanaElastic - ELK, Logstash & Kibana
Elastic - ELK, Logstash & KibanaSpringPeople
 
What Is ELK Stack | ELK Tutorial For Beginners | Elasticsearch Kibana | ELK S...
What Is ELK Stack | ELK Tutorial For Beginners | Elasticsearch Kibana | ELK S...What Is ELK Stack | ELK Tutorial For Beginners | Elasticsearch Kibana | ELK S...
What Is ELK Stack | ELK Tutorial For Beginners | Elasticsearch Kibana | ELK S...Edureka!
 
ELK Stack
ELK StackELK Stack
ELK StackPhuc Nguyen
 
Logstash
LogstashLogstash
Logstash琛琳 饶
 
Centralized log-management-with-elastic-stack
Centralized log-management-with-elastic-stackCentralized log-management-with-elastic-stack
Centralized log-management-with-elastic-stackRich Lee
 
Elk
Elk Elk
Elk Caleb Wang
 
Introduction to elasticsearch
Introduction to elasticsearchIntroduction to elasticsearch
Introduction to elasticsearchhypto
 
Introduction To Kibana
Introduction To KibanaIntroduction To Kibana
Introduction To KibanaJen Stirrup
 
Log analysis with elastic stack
Log analysis with elastic stackLog analysis with elastic stack
Log analysis with elastic stackBangladesh Network Operators Group
 
Kibana Tutorial | Kibana Dashboard Tutorial | Kibana Elasticsearch | ELK Stac...
Kibana Tutorial | Kibana Dashboard Tutorial | Kibana Elasticsearch | ELK Stac...Kibana Tutorial | Kibana Dashboard Tutorial | Kibana Elasticsearch | ELK Stac...
Kibana Tutorial | Kibana Dashboard Tutorial | Kibana Elasticsearch | ELK Stac...Edureka!
 
Introduction to Kibana
Introduction to KibanaIntroduction to Kibana
Introduction to KibanaVineet .
 
Elastic search overview
Elastic search overviewElastic search overview
Elastic search overviewABC Talks
 
The Elastic ELK Stack
The Elastic ELK StackThe Elastic ELK Stack
The Elastic ELK Stackenterprisesearchmeetup
 
Understanding the Event Log
Understanding the Event LogUnderstanding the Event Log
Understanding the Event Logchuckbt
 
An Intro to Elasticsearch and Kibana
An Intro to Elasticsearch and KibanaAn Intro to Elasticsearch and Kibana
An Intro to Elasticsearch and KibanaObjectRocket
 
Elasticsearch for beginners
Elasticsearch for beginnersElasticsearch for beginners
Elasticsearch for beginnersNeil Baker
 
ELK Elasticsearch Logstash and Kibana Stack for Log Management
ELK Elasticsearch Logstash and Kibana Stack for Log ManagementELK Elasticsearch Logstash and Kibana Stack for Log Management
ELK Elasticsearch Logstash and Kibana Stack for Log ManagementEl Mahdi Benzekri
 
Elk - An introduction
Elk - An introductionElk - An introduction
Elk - An introductionHossein Shemshadi
 
Kibana + timelion: time series with the elastic stack
Kibana + timelion: time series with the elastic stackKibana + timelion: time series with the elastic stack
Kibana + timelion: time series with the elastic stackSylvain Wallez
 
ELK, a real case study
ELK, a real case studyELK, a real case study
ELK, a real case studyPaolo Tonin
 
ELK in Security Analytics
ELK in Security Analytics ELK in Security Analytics
ELK in Security Analytics nullowaspmumbai
 
Introduction to Elasticsearch with basics of Lucene
Introduction to Elasticsearch with basics of LuceneIntroduction to Elasticsearch with basics of Lucene
Introduction to Elasticsearch with basics of LuceneRahul Jain
 
Reshape Data Lake (as of 2020.07)
Reshape Data Lake (as of 2020.07)Reshape Data Lake (as of 2020.07)
Reshape Data Lake (as of 2020.07)Eric Sun
 
Alfresco Business Reporting - Tech Talk Live 20130501
Alfresco Business Reporting - Tech Talk Live 20130501Alfresco Business Reporting - Tech Talk Live 20130501
Alfresco Business Reporting - Tech Talk Live 20130501Tjarda Peelen
 
Deep Dive Into Elasticsearch: Establish A Powerful Log Analysis System With E...
Deep Dive Into Elasticsearch: Establish A Powerful Log Analysis System With E...Deep Dive Into Elasticsearch: Establish A Powerful Log Analysis System With E...
Deep Dive Into Elasticsearch: Establish A Powerful Log Analysis System With E...Tyler Nguyen
 

More Related Content

What's hot

Centralized log-management-with-elastic-stack
Centralized log-management-with-elastic-stackCentralized log-management-with-elastic-stack
Centralized log-management-with-elastic-stackRich Lee
 
Introduction to elasticsearch
Introduction to elasticsearchIntroduction to elasticsearch
Introduction to elasticsearchhypto
 
Introduction To Kibana
Introduction To KibanaIntroduction To Kibana
Introduction To KibanaJen Stirrup
 
Kibana Tutorial | Kibana Dashboard Tutorial | Kibana Elasticsearch | ELK Stac...
Kibana Tutorial | Kibana Dashboard Tutorial | Kibana Elasticsearch | ELK Stac...Kibana Tutorial | Kibana Dashboard Tutorial | Kibana Elasticsearch | ELK Stac...
Kibana Tutorial | Kibana Dashboard Tutorial | Kibana Elasticsearch | ELK Stac...Edureka!
 
Introduction to Kibana
Introduction to KibanaIntroduction to Kibana
Introduction to KibanaVineet .
 
Elastic search overview
Elastic search overviewElastic search overview
Elastic search overviewABC Talks
 
Understanding the Event Log
Understanding the Event LogUnderstanding the Event Log
Understanding the Event Logchuckbt
 
An Intro to Elasticsearch and Kibana
An Intro to Elasticsearch and KibanaAn Intro to Elasticsearch and Kibana
An Intro to Elasticsearch and KibanaObjectRocket
 
Elasticsearch for beginners
Elasticsearch for beginnersElasticsearch for beginners
Elasticsearch for beginnersNeil Baker
 
ELK Elasticsearch Logstash and Kibana Stack for Log Management
ELK Elasticsearch Logstash and Kibana Stack for Log ManagementELK Elasticsearch Logstash and Kibana Stack for Log Management
ELK Elasticsearch Logstash and Kibana Stack for Log ManagementEl Mahdi Benzekri
 
Kibana + timelion: time series with the elastic stack
Kibana + timelion: time series with the elastic stackKibana + timelion: time series with the elastic stack
Kibana + timelion: time series with the elastic stackSylvain Wallez
 
ELK, a real case study
ELK, a real case studyELK, a real case study
ELK, a real case studyPaolo Tonin
 
ELK in Security Analytics
ELK in Security Analytics ELK in Security Analytics
ELK in Security Analytics nullowaspmumbai
 
Introduction to Elasticsearch with basics of Lucene
Introduction to Elasticsearch with basics of LuceneIntroduction to Elasticsearch with basics of Lucene
Introduction to Elasticsearch with basics of LuceneRahul Jain
 
Reshape Data Lake (as of 2020.07)
Reshape Data Lake (as of 2020.07)Reshape Data Lake (as of 2020.07)
Reshape Data Lake (as of 2020.07)Eric Sun
 

What's hot (20)

Logstash
LogstashLogstash
Logstash
 
Centralized log-management-with-elastic-stack
Centralized log-management-with-elastic-stackCentralized log-management-with-elastic-stack
Centralized log-management-with-elastic-stack
 
Elk
Elk Elk
Elk
 
Introduction to elasticsearch
Introduction to elasticsearchIntroduction to elasticsearch
Introduction to elasticsearch
 
Introduction To Kibana
Introduction To KibanaIntroduction To Kibana
Introduction To Kibana
 
Log analysis with elastic stack
Log analysis with elastic stackLog analysis with elastic stack
Log analysis with elastic stack
 
Kibana Tutorial | Kibana Dashboard Tutorial | Kibana Elasticsearch | ELK Stac...
Kibana Tutorial | Kibana Dashboard Tutorial | Kibana Elasticsearch | ELK Stac...Kibana Tutorial | Kibana Dashboard Tutorial | Kibana Elasticsearch | ELK Stac...
Kibana Tutorial | Kibana Dashboard Tutorial | Kibana Elasticsearch | ELK Stac...
 
Introduction to Kibana
Introduction to KibanaIntroduction to Kibana
Introduction to Kibana
 
Elastic search overview
Elastic search overviewElastic search overview
Elastic search overview
 
The Elastic ELK Stack
The Elastic ELK StackThe Elastic ELK Stack
The Elastic ELK Stack
 
Understanding the Event Log
Understanding the Event LogUnderstanding the Event Log
Understanding the Event Log
 
An Intro to Elasticsearch and Kibana
An Intro to Elasticsearch and KibanaAn Intro to Elasticsearch and Kibana
An Intro to Elasticsearch and Kibana
 
Elasticsearch for beginners
Elasticsearch for beginnersElasticsearch for beginners
Elasticsearch for beginners
 
ELK Elasticsearch Logstash and Kibana Stack for Log Management
ELK Elasticsearch Logstash and Kibana Stack for Log ManagementELK Elasticsearch Logstash and Kibana Stack for Log Management
ELK Elasticsearch Logstash and Kibana Stack for Log Management
 
Elk - An introduction
Elk - An introductionElk - An introduction
Elk - An introduction
 
Kibana + timelion: time series with the elastic stack
Kibana + timelion: time series with the elastic stackKibana + timelion: time series with the elastic stack
Kibana + timelion: time series with the elastic stack
 
ELK, a real case study
ELK, a real case studyELK, a real case study
ELK, a real case study
 
ELK in Security Analytics
ELK in Security Analytics ELK in Security Analytics
ELK in Security Analytics
 
Introduction to Elasticsearch with basics of Lucene
Introduction to Elasticsearch with basics of LuceneIntroduction to Elasticsearch with basics of Lucene
Introduction to Elasticsearch with basics of Lucene
 
Reshape Data Lake (as of 2020.07)
Reshape Data Lake (as of 2020.07)Reshape Data Lake (as of 2020.07)
Reshape Data Lake (as of 2020.07)
 

Similar to 2020 07-30 elastic agent + ingest management

Alfresco Business Reporting - Tech Talk Live 20130501
Alfresco Business Reporting - Tech Talk Live 20130501Alfresco Business Reporting - Tech Talk Live 20130501
Alfresco Business Reporting - Tech Talk Live 20130501Tjarda Peelen
 
Deep Dive Into Elasticsearch: Establish A Powerful Log Analysis System With E...
Deep Dive Into Elasticsearch: Establish A Powerful Log Analysis System With E...Deep Dive Into Elasticsearch: Establish A Powerful Log Analysis System With E...
Deep Dive Into Elasticsearch: Establish A Powerful Log Analysis System With E...Tyler Nguyen
 
Architectures, Frameworks and Infrastructure
Architectures, Frameworks and InfrastructureArchitectures, Frameworks and Infrastructure
Architectures, Frameworks and Infrastructureharendra_pathak
 
(ATS6-PLAT07) Managing AEP in an enterprise environment
(ATS6-PLAT07) Managing AEP in an enterprise environment(ATS6-PLAT07) Managing AEP in an enterprise environment
(ATS6-PLAT07) Managing AEP in an enterprise environmentBIOVIA
 
ELK Ruminating on Logs (Zendcon 2016)
ELK Ruminating on Logs (Zendcon 2016)ELK Ruminating on Logs (Zendcon 2016)
ELK Ruminating on Logs (Zendcon 2016)Mathew Beane
 
Functioning incessantly of Data Science Platform with Kubeflow - Albert Lewan...
Functioning incessantly of Data Science Platform with Kubeflow - Albert Lewan...Functioning incessantly of Data Science Platform with Kubeflow - Albert Lewan...
Functioning incessantly of Data Science Platform with Kubeflow - Albert Lewan...GetInData
 
Agile Secure Cloud Application Development Management
Agile Secure Cloud Application Development ManagementAgile Secure Cloud Application Development Management
Agile Secure Cloud Application Development ManagementAdam Getchell
 
Netflix oss season 2 episode 1 - meetup Lightning talks
Netflix oss season 2 episode 1 - meetup Lightning talksNetflix oss season 2 episode 1 - meetup Lightning talks
Netflix oss season 2 episode 1 - meetup Lightning talksRuslan Meshenberg
 
DNUG46 - Build your own private Cloud environment
DNUG46 - Build your own private Cloud environmentDNUG46 - Build your own private Cloud environment
DNUG46 - Build your own private Cloud environmentpanagenda
 
Build your own private Cloud environment
Build your own private Cloud environmentBuild your own private Cloud environment
Build your own private Cloud environmentNico Meisenzahl
 
OSMC 2023 | Current State of Icinga by Bernd Erk
OSMC 2023 | Current State of Icinga by Bernd ErkOSMC 2023 | Current State of Icinga by Bernd Erk
OSMC 2023 | Current State of Icinga by Bernd ErkNETWAYS
 
Rootconf 2017 - State of the Open Source monitoring landscape
Rootconf 2017 - State of the Open Source monitoring landscape Rootconf 2017 - State of the Open Source monitoring landscape
Rootconf 2017 - State of the Open Source monitoring landscape NETWAYS
 
Service quality monitoring system architecture
Service quality monitoring system architectureService quality monitoring system architecture
Service quality monitoring system architectureMatsuo Sawahashi
 
PEARC17: Live Integrated Visualization Environment: An Experiment in General...
PEARC17: Live Integrated Visualization Environment: An Experiment in General...PEARC17: Live Integrated Visualization Environment: An Experiment in General...
PEARC17: Live Integrated Visualization Environment: An Experiment in General...moneyjh
 
API Tips & Tricks - Policy Management and Elastic Deployment
API Tips & Tricks - Policy Management and Elastic DeploymentAPI Tips & Tricks - Policy Management and Elastic Deployment
API Tips & Tricks - Policy Management and Elastic DeploymentAxway
 
Innovations in Sencha Tooling and Framework
Innovations in Sencha Tooling and FrameworkInnovations in Sencha Tooling and Framework
Innovations in Sencha Tooling and FrameworkSandeep Adwankar
 
Intro to Telegraf
Intro to TelegrafIntro to Telegraf
Intro to TelegrafInfluxData
 
PaaSTA: Autoscaling at Yelp
PaaSTA: Autoscaling at YelpPaaSTA: Autoscaling at Yelp
PaaSTA: Autoscaling at YelpNathan Handler
 
Expert guidance on migrating from magento 1 to magento 2
Expert guidance on migrating from magento 1 to magento 2Expert guidance on migrating from magento 1 to magento 2
Expert guidance on migrating from magento 1 to magento 2James Cowie
 

Similar to 2020 07-30 elastic agent + ingest management (20)

Alfresco Business Reporting - Tech Talk Live 20130501
Alfresco Business Reporting - Tech Talk Live 20130501Alfresco Business Reporting - Tech Talk Live 20130501
Alfresco Business Reporting - Tech Talk Live 20130501
 
Deep Dive Into Elasticsearch: Establish A Powerful Log Analysis System With E...
Deep Dive Into Elasticsearch: Establish A Powerful Log Analysis System With E...Deep Dive Into Elasticsearch: Establish A Powerful Log Analysis System With E...
Deep Dive Into Elasticsearch: Establish A Powerful Log Analysis System With E...
 
Architectures, Frameworks and Infrastructure
Architectures, Frameworks and InfrastructureArchitectures, Frameworks and Infrastructure
Architectures, Frameworks and Infrastructure
 
(ATS6-PLAT07) Managing AEP in an enterprise environment
(ATS6-PLAT07) Managing AEP in an enterprise environment(ATS6-PLAT07) Managing AEP in an enterprise environment
(ATS6-PLAT07) Managing AEP in an enterprise environment
 
ELK Ruminating on Logs (Zendcon 2016)
ELK Ruminating on Logs (Zendcon 2016)ELK Ruminating on Logs (Zendcon 2016)
ELK Ruminating on Logs (Zendcon 2016)
 
Functioning incessantly of Data Science Platform with Kubeflow - Albert Lewan...
Functioning incessantly of Data Science Platform with Kubeflow - Albert Lewan...Functioning incessantly of Data Science Platform with Kubeflow - Albert Lewan...
Functioning incessantly of Data Science Platform with Kubeflow - Albert Lewan...
 
Agile Secure Cloud Application Development Management
Agile Secure Cloud Application Development ManagementAgile Secure Cloud Application Development Management
Agile Secure Cloud Application Development Management
 
Netflix oss season 2 episode 1 - meetup Lightning talks
Netflix oss season 2 episode 1 - meetup Lightning talksNetflix oss season 2 episode 1 - meetup Lightning talks
Netflix oss season 2 episode 1 - meetup Lightning talks
 
DNUG46 - Build your own private Cloud environment
DNUG46 - Build your own private Cloud environmentDNUG46 - Build your own private Cloud environment
DNUG46 - Build your own private Cloud environment
 
Build your own private Cloud environment
Build your own private Cloud environmentBuild your own private Cloud environment
Build your own private Cloud environment
 
OSMC 2023 | Current State of Icinga by Bernd Erk
OSMC 2023 | Current State of Icinga by Bernd ErkOSMC 2023 | Current State of Icinga by Bernd Erk
OSMC 2023 | Current State of Icinga by Bernd Erk
 
Rootconf 2017 - State of the Open Source monitoring landscape
Rootconf 2017 - State of the Open Source monitoring landscape Rootconf 2017 - State of the Open Source monitoring landscape
Rootconf 2017 - State of the Open Source monitoring landscape
 
Serverless SQL
Serverless SQLServerless SQL
Serverless SQL
 
Service quality monitoring system architecture
Service quality monitoring system architectureService quality monitoring system architecture
Service quality monitoring system architecture
 
PEARC17: Live Integrated Visualization Environment: An Experiment in General...
PEARC17: Live Integrated Visualization Environment: An Experiment in General...PEARC17: Live Integrated Visualization Environment: An Experiment in General...
PEARC17: Live Integrated Visualization Environment: An Experiment in General...
 
API Tips & Tricks - Policy Management and Elastic Deployment
API Tips & Tricks - Policy Management and Elastic DeploymentAPI Tips & Tricks - Policy Management and Elastic Deployment
API Tips & Tricks - Policy Management and Elastic Deployment
 
Innovations in Sencha Tooling and Framework
Innovations in Sencha Tooling and FrameworkInnovations in Sencha Tooling and Framework
Innovations in Sencha Tooling and Framework
 
Intro to Telegraf
Intro to TelegrafIntro to Telegraf
Intro to Telegraf
 
PaaSTA: Autoscaling at Yelp
PaaSTA: Autoscaling at YelpPaaSTA: Autoscaling at Yelp
PaaSTA: Autoscaling at Yelp
 
Expert guidance on migrating from magento 1 to magento 2
Expert guidance on migrating from magento 1 to magento 2Expert guidance on migrating from magento 1 to magento 2
Expert guidance on migrating from magento 1 to magento 2
 

More from Daliya Spasova

S2 e elastic observability per i servizi core banking - mar 23, 2021
S2 e elastic observability per i servizi core banking - mar 23, 2021S2 e elastic observability per i servizi core banking - mar 23, 2021
S2 e elastic observability per i servizi core banking - mar 23, 2021Daliya Spasova
 
Security sizing meetup
Security sizing meetupSecurity sizing meetup
Security sizing meetupDaliya Spasova
 
Geo network 4 elasticsearch (1)
Geo network 4 elasticsearch (1)Geo network 4 elasticsearch (1)
Geo network 4 elasticsearch (1)Daliya Spasova
 
Food safety risks the elastic stack to the rescue
Food safety risks the elastic stack to the rescueFood safety risks the elastic stack to the rescue
Food safety risks the elastic stack to the rescueDaliya Spasova
 
Q&a on running the elastic stack on kubernetes
Q&a on running the elastic stack on kubernetesQ&a on running the elastic stack on kubernetes
Q&a on running the elastic stack on kubernetesDaliya Spasova
 
Meetup ilm virtual emea
Meetup ilm virtual emeaMeetup ilm virtual emea
Meetup ilm virtual emeaDaliya Spasova
 
Elastic maps application_21_10_20
Elastic maps application_21_10_20Elastic maps application_21_10_20
Elastic maps application_21_10_20Daliya Spasova
 
Covid19 map presentation
Covid19 map presentationCovid19 map presentation
Covid19 map presentationDaliya Spasova
 
Data exploration using elastic stack for beginners
Data exploration using elastic stack for beginnersData exploration using elastic stack for beginners
Data exploration using elastic stack for beginnersDaliya Spasova
 
Run the elastic stack on kubernetes with eck
Run the elastic stack on kubernetes with eck Run the elastic stack on kubernetes with eck
Run the elastic stack on kubernetes with eck Daliya Spasova
 
Dynamic presentations with_canvas
Dynamic presentations with_canvasDynamic presentations with_canvas
Dynamic presentations with_canvasDaliya Spasova
 
Spring meetup elasticsearch
Spring meetup elasticsearchSpring meetup elasticsearch
Spring meetup elasticsearchDaliya Spasova
 

More from Daliya Spasova (17)

Limitless xdr meetup
Limitless xdr meetupLimitless xdr meetup
Limitless xdr meetup
 
S2 e elastic observability per i servizi core banking - mar 23, 2021
S2 e elastic observability per i servizi core banking - mar 23, 2021S2 e elastic observability per i servizi core banking - mar 23, 2021
S2 e elastic observability per i servizi core banking - mar 23, 2021
 
Security sizing meetup
Security sizing meetupSecurity sizing meetup
Security sizing meetup
 
Verba @ elastic
Verba @ elasticVerba @ elastic
Verba @ elastic
 
Geo network 4 elasticsearch (1)
Geo network 4 elasticsearch (1)Geo network 4 elasticsearch (1)
Geo network 4 elasticsearch (1)
 
Food safety risks the elastic stack to the rescue
Food safety risks the elastic stack to the rescueFood safety risks the elastic stack to the rescue
Food safety risks the elastic stack to the rescue
 
Q&a on running the elastic stack on kubernetes
Q&a on running the elastic stack on kubernetesQ&a on running the elastic stack on kubernetes
Q&a on running the elastic stack on kubernetes
 
Meetup ilm virtual emea
Meetup ilm virtual emeaMeetup ilm virtual emea
Meetup ilm virtual emea
 
October 2020 meetup
October 2020 meetupOctober 2020 meetup
October 2020 meetup
 
Elastic maps application_21_10_20
Elastic maps application_21_10_20Elastic maps application_21_10_20
Elastic maps application_21_10_20
 
Covid19 map presentation
Covid19 map presentationCovid19 map presentation
Covid19 map presentation
 
Data exploration using elastic stack for beginners
Data exploration using elastic stack for beginnersData exploration using elastic stack for beginners
Data exploration using elastic stack for beginners
 
Run the elastic stack on kubernetes with eck
Run the elastic stack on kubernetes with eck Run the elastic stack on kubernetes with eck
Run the elastic stack on kubernetes with eck
 
Dynamic presentations with_canvas
Dynamic presentations with_canvasDynamic presentations with_canvas
Dynamic presentations with_canvas
 
Kibana webinar (1)
Kibana webinar (1)Kibana webinar (1)
Kibana webinar (1)
 
Spring meetup elasticsearch
Spring meetup elasticsearchSpring meetup elasticsearch
Spring meetup elasticsearch
 
Meetup 13 08 2020
Meetup 13 08 2020Meetup 13 08 2020
Meetup 13 08 2020
 

Recently uploaded

POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
CELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxCELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxJiesonDelaCerna
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxiammrhaywood
 
MARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupMARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupJonathanParaisoCruz
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Jisc
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaVirag Sontakke
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfMr Bounab Samir
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
AmericanHighSchoolsprezentacijaoskolama.
AmericanHighSchoolsprezentacijaoskolama.AmericanHighSchoolsprezentacijaoskolama.
AmericanHighSchoolsprezentacijaoskolama.arsicmarija21
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPCeline George
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersSabitha Banu
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceSamikshaHamane
 

Recently uploaded (20)

POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
CELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxCELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptx
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
 
MARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupMARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized Group
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
 
9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of India
 
OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
AmericanHighSchoolsprezentacijaoskolama.
AmericanHighSchoolsprezentacijaoskolama.AmericanHighSchoolsprezentacijaoskolama.
AmericanHighSchoolsprezentacijaoskolama.
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERP
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginners
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in Pharmacovigilance
 

2020 07-30 elastic agent + ingest management

  • 1. Nicolas Ruflin (@ruflin) Engineer at Elastic 2020-07-30 Technical deep dive into Elastic Agent + Ingest Manager
  • 2. Agenda • Teaser on all the parts that are new • Demo • Technical overview • Questions / Discussions
  • 3. About me • Engineer at Elastic for 5 years • Tech Lead Ingest Management project • Switzerland based • @ruflin
  • 4. Reimagine the way how to ingest data into the Elastic Stack
  • 7. Heartbeat Winlogbeat Metricbeat Filebeat Security APM Many Beats & agents today Elastic Agent Easier to install Easier to upgrade Easier to scale One unified Agent tomorrow
  • 9. Beats modules today Integrations tomorrow ● One click, right in Kibana ● Recommendations ● Share with the community
  • 11. Configuration files today Configuration UI tomorrow ● Minimal input ● Out of the box defaults ● Logs & metrics combined
  • 13. Config management today You’re on your own... ● Powershell / Bash ● Ansible ● Puppet ● Chef ● ServiceNow Fleet central mgmt tomorrow ● Configuration updates automatically ● Binaries update automatically ● View status of Agents
  • 15. User/pass today Keys tomorrow ● No need to input user/pass ● More secure
  • 16. Demo
  • 17. Demo • Enroll agent • Show collecting out of the box • Collect nginx data • Everything is API based
  • 22. Current Indexing strategy • filebeat-*, metricbeat-* • Beats load all the assets ‒ Index Template ‒ ILM Policy
  • 23. Problems with the current strategy • Too many fields • ILM only for logs or metrics • Query always on all data • Bootstrapping tricky • User modifications break things
  • 24. New Indexing Strategy • {type}-{dataset}-{namespace} • type: generic type of data (logs, metrics, traces, ...) • dataset: Set of data with the same structure / mapping (nginx.access) • namespace: Use configurable namespace (prod, testing) • Example: logs-nginx.access-default • Default: logs-generic-default
  • 25. Indexing Strategy: Bootstrapping and Templates • Generic templates ‒ logs-*-*, metrics-*-* ‒ ECS Based ‒ Loaded by Elasticsearch • Dataset specific templates ‒ logs-nginx.access-* ‒ Ingest pipeline attached to index ‒ Loaded by Ingest Manager
  • 26. Indexing Strategy: Elasticsearch Features • Problem: Could not be built on the existing Elasticsearch features • New features ‒ constant_keywords ‒ component templates ‒ Data streams • More details on these in a separate talk
  • 27. Elastic Agent One agent to rule them all
  • 29. Elastic Agent • Runs and manages processes ‒ Today: Metricbeat, Filebeat, Endpoint ‒ Potential future: *beat, Apm-Server • Communication through GRPC • Two modes ‒ Managed by Fleet ‒ Standalone • Unified configuration for all inputs • Upgrade
  • 32. Agent Config inputs: - type: nginx/metrics hosts: http://127.0.0.1 streams: - dataset.name: nginx.stub_status metricset: stub_status - type: logs streams: - dataset.name: nginx.access paths: /var/log/nginx/access.log* - dataset.name: nginx.error paths: /var/log/nginx/error.log*
  • 33. Elastic Package Registry Central place for all packages
  • 37. Packages • Contains assets and configs for the Elastic Stack • Package manager knows how to install, upgrade, remove each asset • Delivered as .tar.gz file • Logs, metrics together in one package
  • 38. Package Structure: Supported Assets Today • Elasticsearch ‒ Index Template v2 ‒ ILM Policy ‒ Ingest Pipeline • Kibana ‒ Dashboard ‒ Visualization, Map ‒ Search ‒ Index Pattern • Agent ‒ Stream Template Future • Elasticsearch ‒ ML Job ‒ Data • Kibana ‒ Alert ‒ Action ‒ Canvas Template ‒ SIEM rules Note: Any asset type in the Stack can be added to this list
  • 41. Agent Config: You can build your own config UI # Stream template dataset.name:nginx.access {{#each paths}} paths: "{{this}}" {{/each}} exclude_files: [".gz$"] processors: - add_locale: ~ # dataset manifest streams: - input: logs title: ... description: ... template_path: stream.yml.hbs vars: - name: paths required: true default: - /var/../access.log* # Stream config - dataset: nginx.access paths: - /var/log/nginx/access.log* exclude_files: - .gz$ processors: - add_locale: ~ + = Note: In case there is a shared config across streams, the package manifest has vars # package manifest datasources: - name: nginx inputs: - type: logs
  • 42. Agent Config Built inputs: - type: nginx/metrics hosts: http://127.0.0.1 streams: - dataset.name: nginx.stub_status metricset: stub_status - type: logs streams: - dataset.name: nginx.access paths: /var/log/nginx/access.log* - dataset.name: nginx.error paths: /var/log/nginx/error.log*
  • 43. FAQ
  • 44. FAQ • How can I start using this? ‒ Start 7.8 Cloud cluster with xpack.ingestManager.enabled: true ‒ Download 7.8 Elastic Agent ‒ Soon: Run 7.9 • Do you have an API? ‒ Yes, it is all API based • Indexing strategy ‒ Can I use it also without agent? Yes