Hi
I would like to understand something about Elastic integration architecture
I want to pull Cloudtrail logs into an Elastic Cloud cluster
And it's asking me to install an agent on my VM
I am curious why can't Elastic have a runtime that can pull the logs off cloudtrail for me and ingest it? Or it could install the agent itself in one of the VMs the cluster is running on...
I am curious about the choice on why this is done?
Hi @sami-obvio
Good /common question.
Elastic agent comes from a heritage of edge shippers installed close to the source of the telemetry. So today for most integrations you need to install the agent somewhere to collect your telemetry.
In the future there will be more agentless shippers where you will not need to install The agent.
There are already a couple agentless integrations.
Today you can use the firehose integration which requires no agent installation. However, you need to be running on Elastic Cloud
You would have to route your cloudtrail logs through firehose.
Hope this helps.
Thanks Stephen - I am using Elastic again after a few years - the last time I set everything up on prem and used it for a geosearch product, API tracking and obversability, it was loads of fun - this time things are a bit different....
Please come back and ask more!!
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.