I'm trying to understand the two setup variations of APM.
I understand their to be two ways to control things via fleet. Being "enrolled" in fleet via an enrollment token enables more full control of an agent on a host. But then an APM agent can be joined to fleet via a secretToken value. Individual hosts will not be registered in fleet, but applying APM policies via the fleet policy will take effect within APM.
I don't necessarily want to control things with fleet. We are using docker containers. This results in thousands of terminate agents that have to be cleaned up in the fleet interface.
I would rather use APM alone without the full fleet registration.
To continue without fleet, I could go to APM >> Add Data >> Add APM and copy the example agent token and url that is provided, but only the default token is available. It seems the secretToken value for the apm agent is the default one I've used for other integrations. If I select a different policy, the secretToken field is blank.
I'm looking at APM >> Settings >> Agent Keys. It seems to be requiring than an APM Agent Key be created under my user context. And I'm also getting this error:
Error creating APM agent key "sdsrsdf". Error: "MY_USERNAME is missing the following requested privilege(s):
config_agent:read, event:write.
You might try with the superuser, or add the missing APM application privileges to the role of the authenticated user, eg.
: PUT /_security/role/my_role {
... "applications": [
{ "application": "apm",
"privileges": ["config_agent:read","event:write"],
"resources": [*]
}], ... }"
The add agent interface says "View and delete APM agent keys. An APM agent key sends requests on behalf of a user." And when I attempt to create the key, the only user option in the interface is your current user. You can't choose another user to create the key under.
If this means that the agent is then tied to my user, what happens when my user is terminated? Also, my user is an SSO user, mapped to a role. It isn't really a native elk user.
......Anyway......
Just feeling like I'm going deeper into a hole and need to know I'm generally on the right track with this and clarification on how it might work. And is an agent key really tied to my user?