Elastic Agent
Elastic Agent is a single, unified way to add monitoring for logs, metrics, and other types of data to a host.
Software pattern summary
The following table gives an overview of the pattern characteristics:
Product component | OS type | Versioning | Pattern depth |
|---|---|---|---|
| ElasticAgent | UNIX | Active, Path | Instance-based |
| ElasticAgent | Windows | Active, Package, Path | Instance-based |
| FleetServer | UNIX | Path | Instance-based |
Platforms supported by the pattern
The pattern discovers Elastic Agent deployments on the UNIX and Windows systems.
Identification
To run a discovery of the product, the pattern must be triggered. This section describes conditions under which the pattern can be triggered.
Software instance triggers
The following table gives details about the pattern triggers:
Pattern | Trigger node | Attribute | Condition | Argument |
|---|---|---|---|---|
| ElasticAgent | DiscoveredProcess | cmd | matches | regex '\belastic\-agent$' |
| or | ||||
| cmd | matches | regex '(?i)\belastic\-agent\.exe$' | ||
| FleetServer | DiscoveredProcess | cmd | matches | regex '\bfleet\-server$' |
Software Instance type attributes
The pattern in this module sets the following attributes:
Pattern name | SI type |
|---|---|
| ElasticAgent | Elastic Agent |
| FleetServer | Elastic Fleet Server |
Simple identification mappings
The following components or processes are identified by using the simple identity mappings that map the product's known processes:
Name | Command |
|---|---|
| Elastic Agent | regex '\belastic\-agent$' |
| Elastic Agent | regex '(?i)\belastic\-agent\.exe$' |
| Elastic Fleet Server | regex '\bfleet\-server$' |
Versioning
Version information for the product is collected by using the active, package, and path versioning methods.
Active versioning
The ElasticAgent pattern attempts to extract versioning from the output of the following command: <trigger_cmd> version
Package versioning
The ElasticAgent pattern gets the list of packages installed on the host and compares each of them against the following regular expression:
If a matching package is found, its versioning information is extracted.
Path versioning
The ElasticAgent pattern extracts versioning information from the command line of the trigger process by using the following regular expression:
If it fails, the ElasticAgent pattern tries to get the version from the path of any child processes by using the following regular expression:
The FleetServer pattern extracts versioning information from the command line of the trigger process by using the following regular expression:
Application model produced by the software pattern
If the pattern discovers a SoftwareInstance of Elastic Agent, it defines the software instance's architecture in the form of the application model.
Pattern trigger
The ElasticAgent pattern is triggered by an elastic-agent or elastic-agent.exe process.
The FleetServer pattern is triggered by a fleet-server process.
SI depth
The ElasticAgent pattern creates an instance-based software instance whose key is based on the type (for example, Elastic Agent) and the host key.
The FleetServer pattern creates an instance-based software instance whose key is based on the type (for example, Elastic Fleet Server) and the host key.
Subject matter expertise
Inputs from subject matter experts are welcome on any other potential approaches not discussed in this topic.
Testing
The pattern has been tested against the available customer data.
Open issues
There are no known open issues with this pattern.