Elastic Beats
Beats is an open source platform for single-purpose data shippers. They send data from hundreds or thousands of machines and systems to Logstash or Elasticsearch.
Architecture
The example of the product components and patterns interaction is displayed in the following table.
Software pattern summary
The following table gives an overview of the pattern characteristics:
Product component | OS type | Versioning | Pattern depth |
|---|---|---|---|
| ElasticHeartbeat | UNIX, Windows | Active | Instance-based |
Platforms supported by the pattern
The pattern discovers Beats deployments on the UNIX and Windows systems.
Identification
To run a discovery of the product, the pattern must be triggered. This section describes conditions under which the pattern can be triggered.
Software instance triggers
The following table gives details about the pattern trigger:
Pattern | Trigger node | Attribute | Condition | Argument |
|---|---|---|---|---|
| ElasticHeartbeat | DiscoveredProcess | cmd | matches | regex '\bhearbeat$' |
| or | ||||
| cmd | matches | regex '(?i)\bhearbeat\.exe$' |
Software Instance type attributes
The pattern in this module sets the following attribute:
Pattern name | SI type |
|---|---|
| ElasticHeartbeat | Elastic Heartbeat |
Simple identification mappings
The following component/process is identified by using the simple identity mappings that map the product's known processes:
Name | Command |
|---|---|
| Elastic Heartbeat | regex '\bheartbeat$' |
| Elastic Heartbeat | regex '(?i)\bheartbeat\.exe$' |
Versioning
Version information for the product is collected by using the active versioning method.
Instance
The ElasticHeartbeat pattern gets the instance name from the configuration file.
Installation root
The ElasticHeartbeat pattern gets the installation root from the trigger process by parsing against one of the following regular expressions:
- (?i)^(.+)[\\/]heartbeat(?:\.exe)?$
- \-\-path\.home\s['\"]?([\w\:\s\\/]+)['\"]?
Active versioning
The pattern attempts to extract the version from the output of the following command:
- <process_cmd> version
by parsing against the following regular expression:
- (\d+(?:\.\d+)*)
Application model
If the pattern discovers a SoftwareInstance of Elastic Beats, it defines the software instance's architecture in the form of the application model.
Pattern trigger
The ElasticHeartbeat pattern is triggered by a heartbeat or heartbeat.exe process.
SI depth
The pattern creates an instance-based Software Instance with the key based on the instance name (if available), config file (if available), type, and host key.
Relationship creation
The ElasticHeartbeat pattern attempts to create a dependency relationship between Elastic Heartbeat and Elastic Kibana.
The ElasticHeartbeat pattern attempts to create a dependency relationship between Elastic Heartbeat and Elasticsearch.
Subject matter expertise
Inputs from subject matter experts are welcome on any other potential approaches not discussed in this topic.
Testing
The pattern has been tested against the available customer data.
Open issues
There are no known open issues with this pattern.