Elastic Agent & Fleet Server Intro

Objective: Learn what a Fleet Server is and the Elastic Agent

Elastic Agent

This agent provides us with a unified way to add monitoring for logs, metrics and many other different types of data. These agents work based off of policies that you can update and add additional integrations, protections and will be used to tell the endpoint on what logs it should forward to your elasticsearch or logstash instance.

There are two different installation methods for an Elastic Agent. You can install the Agent as a:

Standalone Or
Fleet-Managed

We will be using the Fleet-Managed method for our setup in this project.

What is the difference between a Beat and an Agent? Which one should I choose?

Ans: There are 6 different types of Beats. Depending on what type of data you want to collect, you might need to install multiple beats on a single host. Whereas, in the case of Elastic Agent, it is one single agent that will collect various different types of logs. Both of them will send the data to either elasticsearch or logstash.

When it comes to the question of which one to choose, it really depends on the use-case. But more often than not, the Elastic Agent should suffice. More about this on this documentation

Fleet Server

A fleet server is a component that connects your Elastic Agents to a fleet which will allow you to manage multiple agents within a centralized location. This makes it really easy to update the agent’s policy if you want to add new integrations for data ingestions or if you want your agent to forward their data into a logstash instance rather than elasticsearch and vice versa.

We can easily update these agents if a new version comes out or perhaps we want to unenroll a particular agent, we can do that easily as well. Without a fleet server we would need to look at other options anytime we want to update an agent’s policy which can be quite painful especially when we’ll need to do it manually.