We are using Splunk in our environment and are considering migrating to Elasticsearch. I am totally new to the Elastic topic.
The capabilities of the Splunk Universal Forwarder and Splunk Heavy Forwarder on Windows allow us to distribute deployment apps with PowerShell scripts via the Deployment Server, run them at a desired frequency, and ingest the stdout into Splunk.
Is there a similar capability available in the Elastic Agent together with Fleet? Or what is the "Elastic way" to perform such tasks elegantly? It is mandatory that we can administrate our agents from a central instance because we are talking about more than 20,000 clients.
There isn't, the closest you can get is the Response Console in the Elastic Defend integration where you can run commends using the Kibana UI and see the response, this requires an Enterprise License.
As this needs to be done with external tools, it will depend entirely on your use case and tools availables.
What you can do with the Elastic Agent is have a Custom Log integrations reading some custom file or listening on some custom port, then you could execute commands on the host and output the results to the custom file or custom port, then the agent will be able to collect it.
Also, it is not clear what kind information you get from those scripts, but if it is something related to the hosts, like logged users, process running etc, you can use the OSQuery integration to remotely query the hosts.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.