Hello,
I am trying to setup endpoint security for our elastic stack and I am a little confused and I have a few questions.
- Firstly, to use endpoint security do you need to install elastic agent on each of your hosts? I am asking this because we are currently using Winlogbeat to ship logs to the elastic stack. Would we remove Winlogbeat and change our stack from
Winlogbeat -> Logstash -> Elasticsearch
to
Elastic Agent -> Logstash -> Elasticsearch
or does Winlogbeat and Elastic Agent work together on one host. I am really confused on the difference between elastic agent and regular beats and where they stand in the stack. - Each portion of our elastic stack is on a separate container. For example, elasticsearch is on its own dedicated container, logstash is on its own dedicated container, and kibana is on its own dedicated container. Should my fleet server also be on its own dedicated container?
Thanks for the help,
Jared