What is Elastic agent?

Kosala_Randika_Paran · October 20, 2022, 9:07am

Hi everyone,

I know this is going to very basic question but I am new to ELK stack, and I have so many things to learn.
I have installed ELK stack (Logstash, Elasticsearch, and Kibana), and also I have configured the fleet server and enrolled a couple of windows endpoints and more to go (Windows and Linux). I integrated windows, Elastic Agent, Endpoint and Cloud Security to the one policy and assign it to enrolled endpoints, but I can not see any logs shiping from agent to server.
Do I need to use Winlogbeat, filebeat etc. with Elastic agent or else Elastic agent is capable to handle all tasks?
How do I bring logs to create Dashboards via elastic agent?

carly.richmond · October 20, 2022, 9:39am

Hi Kosala,

Great to hear you've started using ELK recently! This overview gives a good introduction, but in a nutshell the Elastic agent provides a way to provide monitoring on a host to extract logs, metrics and other data and send the data to Elasticsearch. Using beats such as Filebeat etc. is another way of extracting logs or data, so you would generally use either a beat or the agent for a particular extraction. Kibana dashboards can then be created over your data once it's in Elasticsearch.

It sounds like you've having some issues getting your data into Elasticsearch. Is it right that you're using a local installation rather than Elastic Cloud?

Do you see any error messages on the agent side? Can you also let us know which integrations you are using and share your configuration?

Kosala_Randika_Paran · October 20, 2022, 10:11am

Hi Carly,
Thank you for your quick response.
We are using local installation (with a platinum license), I can not see any errors from the agent, as a fleet server all agents seem like green (healthy), but one agent has been yellow (Unhealthy).

According to the installed integration tab:
Elastic Agent
Fleet Server
Endpoint and Cloud Security
Prebuilt Security Detection Rules
Elastic Synthetics
System
Windows
I have integrated above list already.

carly.richmond · October 20, 2022, 2:29pm

Ok, have you followed the steps on applying the integration from the quick start, specifically the step to confirm the data is flowing through?

Kosala_Randika_Paran · October 21, 2022, 7:23am

Hello,
I have followed these steps and seem like the some data not appearing in the [Metrics System] Host overview,
Note: I am not using a certificate since when I am installing the agent I use --insecure parameter.

carly.richmond · October 24, 2022, 8:45am

Ok, are any errors shown in the confirmation step?

Kosala_Randika_Paran · October 27, 2022, 4:31am

There are no any errors showing in the enrollment.

system · November 24, 2022, 4:31am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.