Elastic agent - identification integration in the index

hofrichterovak · December 10, 2024, 7:13am

Hello,

I would like to ask how I can identify a specific integration in a data stream created by Elastic Agent.

I would like to have a system in the data. In which field in the data stream index is the information stored, from which integration the data comes.

In the picture I have the integrations:
system-1
elastic_agent-1

I would like to identify, by which field I can recognize that the data comes from system-1.logs, system.1.winlog, system.1.metrics, elastic_agent-1 (origin name of the integration)?

For example, I viewed the documents in the data stream and looked for the key field "Metrics", but I couldn't find it anywhere.

From the history is everywhere namespace "default". All data streams ends with -default.

Thank you.

stephenb · December 10, 2024, 4:33pm

Hi @hofrichterovak

The name of the integration per se is not stored in the document

I am not exactly clear what you are trying to accomplish but here are a few thoughts..

data_stream.dataset will tell where the data is coming from.

example system.cpu is the system integration and the cpu metricset

You can also add tags at the integration subsections for most integrations..

Or you can add fields to the policy level...

hofrichterovak · December 11, 2024, 12:35pm

Thank you for this respond. It helped me!

Topic		Replies	Views
Which index do elastic agents output too? Elastic Observability	1	259	April 30, 2023
Elastic Agent and index names Elastic Agent	6	603	February 10, 2024
Dec 15th, 2024: [EN] Anatomy of a Fleet-managed Elastic Agent integration Advent Calendar	0	84	December 15, 2024
Endpoint Security integration and index naming (.logs-endpoint.action.responses) Elastic Agent fleet	2	619	October 4, 2022
DataStream field host.id is being replaced with a guid in elastic integration. How do I prevent that? Elastic Agent	1	174	July 14, 2023

Elastic agent - identification integration in the index

Related topics