From 0d267bf113a7fda0372c0b4787c3a353f0929a21 Mon Sep 17 00:00:00 2001 From: Nicolas Ruflin Date: Thu, 2 Apr 2020 20:46:52 +0200 Subject: [PATCH] Add more definitions about Ingest Management (#62049) This should help to explain the different terms. The docs directory was also renamed from epm to ingest_manager. --- docs/{epm => ingest_manager}/index.asciidoc | 61 ++++++++++++++++++++- 1 file changed, 58 insertions(+), 3 deletions(-) rename docs/{epm => ingest_manager}/index.asciidoc (71%) diff --git a/docs/epm/index.asciidoc b/docs/ingest_manager/index.asciidoc similarity index 71% rename from docs/epm/index.asciidoc rename to docs/ingest_manager/index.asciidoc index d2ebe003afd6b..1254f412e14c5 100644 --- a/docs/epm/index.asciidoc +++ b/docs/ingest_manager/index.asciidoc @@ -1,8 +1,8 @@ [role="xpack"] [[epm]] -== Elastic Package Manager +== Ingest Manager -These are the docs for the Elastic Package Manager (EPM). +These are the docs for the Ingest Manager. === Configuration @@ -39,16 +39,71 @@ curl -X DELETE localhost:5601/api/ingest_manager/epm/packages/iptables-1.0.4 This section is to define terms used across ingest management. +==== Data Source + +A data source is a definition on how to collect data from a service, for example `nginx`. A data source contains +definitions for one or multiple inputs and each input can contain one or multiple streams. + +With the example of the nginx Data Source, it contains to inputs: `logs` and `nginx/metrics`. Logs and metrics are collected +differently. The `logs` input contains two streams, `access` and `error`, the `nginx/metrics` input contains the stubstatus stream. + + +==== Data Stream + +Data Streams are a [new concept](https://github.com/elastic/elasticsearch/issues/53100) in Elasticsearch which simplify +ingesting data and the setup of Elasticsearch. + ==== Elastic Agent + A single, unified agent that users can deploy to hosts or containers. It controls which data is collected from the host or containers and where the data is sent. It will run Beats, Endpoint or other monitoring programs as needed. It can operate standalone or pull a configuration policy from Fleet. + +==== Elastic Package Registry + +The Elastic Package Registry (EPR) is a service which runs under [https://epr.elastic.co]. It serves the packages through its API. +More details about the registry can be found [here](https://github.com/elastic/package-registry). + +==== Fleet + +Fleet is the part of the Ingest Manager UI in Kibana that handles the part of enrolling Elastic Agents, +managing agents and sending configurations to the Elastic Agent. + +==== Indexing Strategy + +Ingest Management + Elastic Agent follow a strict new indexing strategy: `{type}-{dataset}-{namespace}`. An example +for this is `logs-nginx.access-default`. More details about it can be found in the Index Strategy below. All data of +the index strategy is sent to Data Streams. + +==== Input + +An input is the configuration unit in an Agent Config that defines the options on how to collect data from +an endpoint. This could be username / password which are need to authenticate with a service or a host url +as an example. + +An input is part of a Data Source and contains streams. + +==== Integration + +An integration is a package with the type integration. An integration package has at least 1 data source +and usually collects data from / about a service. + + ==== Namespace + A user-specified string that will be used to part of the index name in Elasticsearch. It helps users identify logs coming from a specific environment (like prod or test), an application, or other identifiers. + ==== Package -A package contains all the assets for the Elastic Stack. A more detailed definition of a package can be found under https://github.com/elastic/package-registry. +A package contains all the assets for the Elastic Stack. A more detailed definition of a +package can be found under https://github.com/elastic/package-registry. + +Besides the assets, a package contains the data source definitions with its inputs and streams. + +==== Stream +A stream is a configuration unit in the Elastic Agent config. A stream is part of an input and defines how the data +fetched by this input should be processed and which Data Stream to send it to. == Indexing Strategy