x-pack/platform/plugins/shared/fleet/dev_docs/definitions.md
As you can probably tell pretty quickly, the overall Fleet & Agent effort has a lot of parts. The glossary below attempts to identify the main components of this project along with additional terminology you might encounter. Please help with filling out and updating this glossary as part of your onboarding journey.
Fleet is an application that manages Elastic Agent. Fleet allows users to manage their many Elastic Agents, deploy configuration updates, and access the data generated by their Agents within Kibana.
Fleet Server is a specialized instance of Elastic Agent that handles the communication and coordination between Elastic Agents and Fleet. It’s responsible for pushing configuration changes out to Agents and receiving check-in and status data from running Agents.
Elastic Agent is a unified process that runs on a given host and ships data from the host to Elasticsearch. It’s intended to meet the same needs that Beats does, but with the added benefits of remote configuration management, support for out-of-the-box integrations, and more.
Beats are lightweight, single-purpose data shipping utilities that run on a given host. They can handle shipping data like logs, metrics, network data, and more based on a user’s needs.
The Elastic Package Registry hosts the various integrations supported by Fleet and Agent. These packages contain configuration files, Kibana assets, and anything necessary for Agent to ship data related to the integration to Elasticsearch.
EPM refers to the “Integrations” Kibana application where users can browse, manage, and install Integrations for their Elastic Agent policies.
EPM related code is typically nested within an epm directory in the Fleet codebase, and this also
refers to the "Integrations UI" application.
https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-elastic-agent-fleet.html
An Integration is a distributable set of Kibana assets and configuration files that allows Elastic Agent to ship data related to some platform or service. For example, the Nginx integration contains Kibana visualizations, dashboard, and config files that provide an “out of the box” experience for getting data related to Nginx into a user’s Elasticsearch and Kibana infrastructure.
See https://github.com/elastic/integrations for more info
A Package refers to a “top-level” set of installable integrations. For example the AWS package contains many configurable Integrations for various AWS services.
An Agent Policy refers to a set of configuration options that is deployable to many agents. For example, a user may configure a policy for all of their Nginx web servers and deploy an identical Agent to each of them.
An integration policy is a definition on how to collect data from a service, for example nginx. An integration
policy contains definitions for one or multiple inputs and each input can contain one or multiple streams.
With the example of the nginx integration policy, it contains two inputs: logs and nginx/metrics. Logs and metrics are collected
differently. The logs input contains two streams, access and error, the nginx/metrics input contains the stubstatus stream.
Previously, the term used for these policy objects was "package policy", and they're still referenced as such within the Fleet codebase. When presenting user-facing data or UI elements, though, the term "integration policy" should be used.
Fleet + Elastic Agent follow a strict new indexing strategy: {type}-{dataset}-{namespace}. An example
for this is logs-nginx.access-default. More details about it can be found in the Index Strategy below. All data of
the index strategy is sent to data streams.
Data streams are a concept in Elasticsearch which simplify ingesting data and the setup of Elasticsearch.
A stream is a configuration unit in the Elastic Agent policy. A stream is part of an input and defines how the data fetched by this input should be processed and which Data Stream to send it to.
A user-specified string that will be used to part of the index name in Elasticsearch. It helps users identify logs coming from a specific environment (like prod or test), an application, or other identifiers.
An input is the configuration unit in an Agent policy that defines the options on how to collect data from an endpoint. This could be username / password which are need to authenticate with a service or a host url as an example.
An input is part of a Package policy and contains data streams, which are simply referred to as "streams" within the package manifest and package policy objects.
TBD
TBD
TBD
TBD
Monitor software services by collecting performance information (e.g errors, HTTP requests, database queries). Elastic offers APM agents in a variety of languages to collect performance data and send them to the APM server for storage in elastic.
See the APM docs for more information.
Endpoint is part of the Security Solution, and also relates to a given Integration package the Elastic Agent can deploy. When deployed a separate Endpoint relating process is started on the host.
Check more acronyms: https://wiki.elastic.co/pages/viewpage.action?spaceKey=CC&title=Amazing+Acronyms