I'm investigating the possibility of connecting directly to the Elastic Agent (without going through Elasticsearch/Fleet) to monitor the behavior of each active source/configuration in real time and with greater granularity.
My goal is to obtain detailed information such as:
-
Status of each source or input (e.g., logs, system metrics, Windows events, etc.).
-
Status and metrics of each output (latency, packets sent, errors).
-
Network statistics (bandwidth used, packets per source, etc.).
-
Internal agent metrics such as CPU usage, memory usage, errors, connection failures.
-
Fluctuations or degradation per source: to know if any integration is not sending or is failing.
-
Possibly a breakdown of active integrations and their performance.
I'm running the Elastic Agent in standalone mode on Linux and Windows systems, and I'm interested in knowing if any of these options exist:
-
Is there an HTTP or gRPC API exposed locally by the Elastic Agent that allows access to these metrics?
-
Is there a socket or named pipe that can be used to obtain information like elastic-agent-client does in Go?
-
Is it possible to monitor this data by directly reading files like state.yml or execution logs?
-
Does the agent internally expose an endpoint like /debug/vars (like expvar) or something similar that can be accessed locally?