Elastic Agent
Elastic Agent is a single, unified way to add monitoring for logs, metrics, and other types of data to a host.
Software pattern summary
The following table gives an overview of the pattern characteristics:
Product component | OS type | Versioning | Pattern depth |
|---|---|---|---|
| ElasticAgent | UNIX | Active, Path | Instance-based |
| ElasticAgent | Windows | Active, Package, Path | Instance-based |
| FleetServer | UNIX | Path | Instance-based |
Platforms supported by the pattern
The pattern discovers Elastic Agent deployments on the UNIX and Windows systems.
Identification
To run a discovery of the product, the pattern must be triggered. This section describes conditions under which the pattern can be triggered.
Software instance triggers
The following table gives details about the pattern trigger:
Pattern | Trigger node | Attribute | Condition | Argument |
|---|---|---|---|---|
| ElasticAgent | DiscoveredProcess | cmd | matches | regex '\belastic\-agent$' |
| or | ||||
| cmd | matches | regex '(?i)\belastic\-agent\.exe$' | ||
| FleetServer | DiscoveredProcess | cmd | matches | regex '\bfleet\-server$' |
Software Instance type attributes
The pattern in this module sets the following attributes:
Pattern name | SI type |
|---|---|
| ElasticAgent | Elastic Agent |
| FleetServer | Elastic Fleet Server |
Simple identification mappings
The following component/process is identified by using the simple identity mappings that map the product's known processes:
Name | Command |
|---|---|
| Elastic Agent | regex '\belastic\-agent$' |
| Elastic Agent | regex '(?i)\belastic\-agent\.exe$' |
| Elastic Fleet Server | regex '\bfleet\-server$' |
Versioning
Version information for the product is collected by using the active, package, and path versioning methods.
Active versioning
The ElasticAgent pattern attempts to extract versioning from the output of the following command:
- <trigger_cmd> version
Package versioning
The ElasticAgent pattern gets the list of packages installed on the host and compares each of them against the following regular expression:
- (?i)^Elastic Agent$
If a matching package is found, its versioning information is extracted.
Path versioning
The ElasticAgent pattern extracts versioning information from the command line of the trigger process using the following regular expression:
- [/\\]elastic\-agent\-?(\d+(?:\.\d+)*)
If this fails, the ElasticAgent pattern tries to get the version from the path of any child processes using the following regular expression:
- [/\\]elastic\-agent\-(\d+(?:\.\d+)*)\-
The FleetServer pattern extracts versioning information from the command line of the trigger process using the following regular expression:
- fleet\-server\-(\d+(?:\.\d+)*)
Application model produced by the software pattern
If the pattern discovers a SoftwareInstance of Elastic Agent, it defines the software instance's architecture in the form of the application model.
Pattern trigger
The ElasticAgent pattern triggers on a elastic-agent or elastic-agent.exe process.
The FleetServer pattern triggers on a fleet-server process.
SI depth
The ElasticAgent pattern creates an instance-based Software Instance whose key is based on type (i.e. Elastic Agent) and host key.
The FleetServer pattern creates an instance-based Software Instance whose key is based on type (i.e. Elastic Fleet Server) and host key.
Subject matter expertise
Inputs from subject matter experts are welcome on any other potential approaches not discussed in this topic.
Testing
The pattern has been tested against the available customer data.
Open issues
There are no known open issues with this pattern.