diff --git a/docset.yml b/docset.yml index bc3520a11f..a1c8368ffd 100644 --- a/docset.yml +++ b/docset.yml @@ -144,6 +144,9 @@ subs: fleet-server: "Fleet Server" integrations-server: "Integrations Server" integrations: "Integrations" + managed-integration: "agentless integration" + managed-integrations: "agentless integrations" + managed-integrations-cap: "Agentless integrations" package-registry: "Elastic Package Registry" artifact-registry: "Elastic Artifact Registry" aws: "AWS" diff --git a/manage-data/images/agentless-architecture.png b/manage-data/images/agentless-architecture.png new file mode 100644 index 0000000000..e1ac048659 Binary files /dev/null and b/manage-data/images/agentless-architecture.png differ diff --git a/manage-data/ingest/_snippets/agentless-integrations-faq.md b/manage-data/ingest/_snippets/agentless-integrations-faq.md index 2a655c364d..0a4c548936 100644 --- a/manage-data/ingest/_snippets/agentless-integrations-faq.md +++ b/manage-data/ingest/_snippets/agentless-integrations-faq.md @@ -1,91 +1,119 @@ -Frequently asked questions and troubleshooting steps for {{elastic-sec}}'s agentless integrations. +Frequently asked questions about {{managed-integrations}}. For step-by-step help with specific issues, see [Troubleshoot {{managed-integrations}}](/troubleshoot/ingest/agentless-integrations.md). -## When I make a new integration, when will I see the agent appear on the Integration Policies page? [_when_i_make_a_new_integration_when_will_i_see_the_agent_appear_on_the_integration_policies_page] +## About {{managed-integrations}} [agentless-faq-about] -After you create a new agentless integration, the new integration policy may show a button that says **Add agent** instead of the associated agent for several minutes during agent enrollment. No action is needed other than refreshing the page once enrollment is complete. +### What types of integrations are supported? [agentless-faq-supported] -## Why isn't my agentless agent appearing in Fleet? -```{applies_to} - stack: ga 9.1 - serverless: ga -``` +{{managed-integrations-cap}} are best suited for integrations that pull data from a cloud source through an API at moderate volumes. For a complete list, see [{{managed-integrations-cap}} quick reference](integration-docs://reference/agentless_integrations.md). Elastic continually adds more integrations to this list. -Agentless agents (which run on Elastic's infrastructure to enable agentless integrations) do not appear on the **Fleet** page by default. To view them on this page: +### Why aren't some integrations available as {{managed-integrations}}? [agentless-faq-missing] +Not every integration in Elastic's catalog fits the agentless deployment model. Only integrations that pull data from a cloud source through an API can be made available as {{managed-integrations}}. To request that an integration be made available, open an enhancement request in the [`elastic/integrations`](https://github.com/elastic/integrations) repository. -::::{applies-switch} +### How many {{managed-integrations}} can I deploy? [agentless-faq-limit] -:::{applies-item} { stack: ga 9.2, serverless: } -Go to the **Settings** tab of the **Fleet** page. Navigate to the **Advanced Settings** section, and enable **Show agentless resources**. -::: +You can deploy up to 50 {{managed-integrations}} per project. Adding multiple {{managed-integrations}} for the same source doesn't increase ingest throughput. For higher throughput, consider the [{{edot}} Cloud Forwarder](opentelemetry://reference/edot-cloud-forwarder/index.md). -:::{applies-item} stack: ga =9.1 -Add the following query to the end of the **Fleet** page's URL: `?showAgentless=true`. -::: +### Can I create alerts on data ingested by {{managed-integrations}}? [agentless-faq-alerting] -:::: +Yes. Data ingested through {{managed-integrations}} lands in your cluster like any other integration data, so all {{es}} and {{kib}} features apply — including [alerting](/explore-analyze/alerting.md). +## Pricing and SLAs [agentless-faq-pricing-slas] -## How do I troubleshoot an `Offline` agent? [_how_do_i_troubleshoot_an_offline_agent] +### How am I charged for {{managed-integrations}}? [agentless-faq-pricing] -For agentless integrations to successfully connect to {{elastic-sec}}, the {{fleet}} server host value must be the default. Otherwise, the agent status on the {{fleet}} page will be `Offline`, and logs will include the error `[elastic_agent][error] Cannot checkin in with fleet-server, retrying`. +On {{serverless-short}} projects, the cost of {{managed-integrations}} is included in your subscription. During technical preview, there are no additional costs on {{ech}} either. For current pricing details, see the [Elastic pricing page](https://www.elastic.co/pricing). -To troubleshoot this issue: +### What SLAs apply to {{managed-integrations}}? [agentless-faq-slas] -1. Find **{{fleet}}** in the navigation menu or use the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md). Go to the **Settings** tab. -2. Under **{{fleet}} server hosts**, click the **Actions** button for the policy named `Default`. This opens the Edit {{fleet}} Server flyout. The policy named `Default` should have the **Make this {{fleet}} server the default one** setting enabled. If not, enable it, then delete your integration and create it again. +On {{serverless-full}}, {{managed-integrations}} follow the [{{serverless-full}} SLA](https://www.elastic.co/agreements/sla-elastic-cloud-serverless). On {{ech}}, {{managed-integrations}} are in technical preview and aren't covered by the {{ech}} SLA. -If the **Make this {{fleet}} server the default one** setting was already enabled but problems persist, it’s possible someone changed the default {{fleet}} server’s **URL** value. In this case, contact Elastic Support to find out what the original **URL** value was, update the settings to match this value, then delete your integration and create it again. +## Data and security [agentless-faq-data-security] -::::{note} -:applies_to: ess: ga -In {{ech}} deployments on {{stack}} versions prior to 9.1.6, the connection between agentless integrations and {{fleet-server}} can break if the default {{fleet-server}} host URL value in {{fleet}} is modified or if a different host URL is set as the default. +### Where is my data stored? [agentless-faq-data-storage] -This issue is resolved in {{stack}} 9.1.6. In this and later versions, agentless integration policies are assigned to a default managed {{fleet-server}} host which cannot be modified. -:::: +Documents ingested through {{managed-integrations}} are stored in your project or {{ech}} deployment, the same as data ingested by agent-based integrations. + +### Who at Elastic has access to my data? [agentless-faq-data-access] -## Why can't I upgrade my agentless integration to a newer version? +Elastic employees don't have access to data in your project or deployment. Data ingested through {{managed-integrations}} is stored in your cluster, with the same access controls as data ingested by any other method. -On versions of {{stack}} before v9.2, agentless integrations can't be upgraded to newer versions of the integration. To get a newer version in your {{stack}} environment, upgrade to {{stack}} v9.2+ or delete and re-install the desired integration. +### Can {{managed-integrations}} use a specific range of static IP addresses? [agentless-faq-static-ip] +No. {{managed-integrations}} run on shared infrastructure and don't use a fixed range of IP addresses for ingress or egress. -## How do I troubleshoot an `Unhealthy` agent? [_how_do_i_troubleshoot_an_unhealthy_agent] +### Do {{managed-integrations}} work with traffic filtering? [agentless-faq-traffic-filtering] -On the **{{fleet}}** page, agents associated with agentless integrations have names that begin with `agentless`. To troubleshoot an `Unhealthy` agent: +```{applies_to} +stack: preview 9.1 +serverless: preview +``` -1. Go to the **Settings** tab of the **Fleet** page. Go to the **Advanced Settings** section, and turn on the **Show agentless resources** toggle. -2. In {{fleet}}, select the unhealthy agent. -3. From the **Actions** menu, select **Request diagnostics .zip**. -4. Download and unzip the [diagnostics bundle](/troubleshoot/ingest/fleet/diagnostics.md). Refer to [Common problems with {{fleet}} and {{agent}}](/troubleshoot/ingest/fleet/common-problems.md) for more information. +Yes. {{managed-integrations-cap}} support traffic filtering, and no additional configuration is necessary. -## How do I delete an agentless integration? [_how_do_i_delete_an_agentless_integration] +## Limits and behavior [agentless-faq-limits] -::::{note} -Deleting your integration will remove all associated resources and stop data ingestion. -:::: +### Is there a maximum throughput? [agentless-faq-throughput] +Yes. To preserve quality of service across all {{managed-integrations}}, throughput is rate-limited on {{serverless-short}} for integrations whose underlying input type is `httpjson` or `cel` (two common pull-based input mechanisms in {{agent}}). Rate limiting uses back-pressure rather than dropping events, so collection slows down until the source catches up. -When you create a new agentless integration, a new agent policy appears within the **Agent policies** tab on the **{{fleet}}** page, but you can’t use the **Delete integration** button on this page. Instead, you must delete the integration from the Integration’s **Integration policies** tab. +### Does the service scale horizontally? [agentless-faq-horizontal-scaling] -1. Find **Integrations** in the navigation menu or use the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md), then search for your integration. -2. Go to the integration’s **Integration policies** tab. -3. Find the integration policy for the integration you want to delete. Click **Actions**, then **Delete integration**. -4. Confirm by clicking **Delete integration** again. +No. Deploying multiple {{managed-integrations}} for the same source doesn't increase ingest throughput. For higher throughput, consider the [{{edot}} Cloud Forwarder](opentelemetry://reference/edot-cloud-forwarder/index.md). -## Can agentless integrations use a specific range of static IP addresses for configuring allow and deny rules for traffic? +### What happens to my data if there's a service issue? [agentless-faq-disaster] -No, agentless integrations can not use a specific range of static IP addresses for configuring ingress and egress allow and deny rules. +For an isolated issue with a single agent, Elastic restarts the agent and ingestion resumes. Any events in the agent's in-memory queue might be lost. For a service-wide outage, no data is collected until the infrastructure recovers, and some in-flight events might be lost. -## Do agentless integrations work if I'm using traffic filtering? +## Setup and operation [agentless-faq-operations] + +### Why does my integration policy show "Add agent" instead of an agent? [agentless-faq-add-agent-button] + +After you create a new {{managed-integration}}, the integration policy might show an **Add agent** button for several minutes while Elastic provisions the {{agent}}. The button disappears automatically once provisioning is complete. Refresh the page if you want to see the updated status sooner — no other action is needed. + +### Why aren't {{managed-integration}} agents listed in {{fleet}}? [agentless-faq-fleet-visibility] + +```{applies_to} +stack: preview 9.1-9.4 +serverless: unavailable +``` + +{{managed-integrations-cap}} are a fully managed service, so the underlying {{agents}} aren't shown in **{{fleet}}** by default. You usually don't need to monitor their health — Elastic operates the infrastructure on your behalf. + +To make them visible in **{{fleet}}** anyway: ::::{applies-switch} -:::{applies-item} serverless: ga -Agentless integrations do not support traffic filtering. +:::{applies-item} { stack: ga 9.2-9.4 } +Go to the **Settings** tab of the **{{fleet}}** page. In the **Advanced Settings** section, enable **Show agentless resources**. ::: -:::{applies-item} stack: ga 9.1+ -Agentless integrations support traffic filtering. No additional configuration is necessary. +:::{applies-item} stack: ga =9.1 +Add the query parameter `?showAgentless=true` to the end of the **{{fleet}}** page's URL. ::: -:::: \ No newline at end of file +:::: + +### How do I troubleshoot an Offline or Unhealthy agent? [agentless-faq-troubleshoot] + +{{managed-integrations-cap}} are a fully managed service, so you usually don't need to collect diagnostics yourself. For step-by-step guidance — including how to get support and (if needed) collect a diagnostics bundle — see [Troubleshoot {{managed-integrations}}](/troubleshoot/ingest/agentless-integrations.md). + +### Why can't I upgrade my {{managed-integration}} to a later version? [agentless-faq-upgrade] + +```{applies_to} +stack: preview 9.0-9.1 +``` + +On {{stack}} versions before 9.2, {{managed-integrations}} can't be upgraded to later versions of the integration. To get a later version, upgrade to {{stack}} 9.2 or later, or delete and re-install the integration. + +### How do I delete an {{managed-integration}}? [agentless-faq-delete] + +::::{note} +Deleting an {{managed-integration}} removes all associated resources and stops data ingestion. +:::: + + +1. In {{kib}}, find **{{integrations}}** in the navigation menu or use the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md), then search for your integration. +2. Go to the integration's **Integration policies** tab. +3. Find the integration policy to delete. Click the actions icon {icon}`ellipsis`, then select **Delete integration**. +4. Confirm by clicking **Delete integration** again. diff --git a/manage-data/ingest/_snippets/agentless-integrations-troubleshooting.md b/manage-data/ingest/_snippets/agentless-integrations-troubleshooting.md new file mode 100644 index 0000000000..1aa4771d7d --- /dev/null +++ b/manage-data/ingest/_snippets/agentless-integrations-troubleshooting.md @@ -0,0 +1,57 @@ +Resolve common issues with {{managed-integrations}}. For more general questions, see the [{{managed-integrations-cap}} FAQ](/manage-data/ingest/agentless/agentless-integrations-faq.md). + +## Get diagnostics and support [agentless-troubleshoot-support] + +{{managed-integrations-cap}} are a fully managed service, so you usually don't need to collect diagnostics yourself. If you suspect a problem with the service or your deployment, contact [Elastic Support](https://support.elastic.co) — they'll collect diagnostics on your behalf and investigate. + +## Troubleshoot an Offline agent [agentless-troubleshoot-offline] + +```{applies_to} +ech: preview +``` + +For {{managed-integrations}} to connect to your cluster, the {{fleet-server}} host value must be the default. Otherwise, the agent shows as `Offline` on the **{{fleet}}** page, and logs include the error `[elastic_agent][error] Cannot checkin in with fleet-server, retrying`. + +To troubleshoot: + +1. Find **{{fleet}}** in the navigation menu or use the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md). Go to the **Settings** tab. +2. Under **Fleet server hosts**, click the **Edit** icon {icon}`pencil` for the host named `Default`. This opens the **Edit Fleet Server** flyout. The host named `Default` must have the **Make this Fleet Server the default one** setting enabled. If not, enable it, then delete and re-create your integration. + +If the setting was already enabled but problems persist, the default {{fleet-server}} URL might have been changed. Contact [Elastic Support](https://support.elastic.co) to recover the original URL. + +::::{note} +On {{ech}} deployments with {{stack}} versions before 9.1.6, the connection between {{managed-integrations}} and {{fleet-server}} can break if the default {{fleet-server}} host URL is modified or if a different host URL is set as the default. + +This issue is resolved in {{stack}} 9.1.6 and later. In those versions, {{managed-integration}} policies are assigned to a default managed {{fleet-server}} host that can't be modified. +:::: + +## Troubleshoot an Unhealthy agent [agentless-troubleshoot-unhealthy] + +On the **Fleet** → **Agents** page, agents associated with {{managed-integrations}} have names that begin with `agentless`. When an agentless agent is `Unhealthy`: + +1. **Check the integration configuration.** Most `Unhealthy` states are caused by expired or invalid credentials, or by source-side permission issues. Confirm that the credentials and configuration you provided for the integration are still valid. +2. **Contact [Elastic Support](https://support.elastic.co).** If the configuration looks correct but the agent remains unhealthy, support will collect diagnostics and investigate on your behalf. + +:::{dropdown} Collect diagnostics yourself +:applies_to: stack: preview 9.1-9.4 + +If you want to collect a diagnostics bundle before contacting support: + +1. Make agentless agents visible in **{{fleet}}**: + + ::::{applies-switch} + + :::{applies-item} stack: preview 9.2-9.4 + Go to the **Settings** tab of the **{{fleet}}** page. In the **Advanced Settings** section, enable **Show agentless resources**. + ::: + + :::{applies-item} stack: preview =9.1 + Add the query parameter `?showAgentless=true` to the end of the **{{fleet}}** page's URL. + ::: + + :::: + +2. In **{{fleet}}**, select the unhealthy agent. +3. From the actions menu {icon}`ellipsis`, select **Maintenance and diagnostics** → **Request diagnostics .zip**. +4. Download and unzip the [diagnostics bundle](/troubleshoot/ingest/fleet/diagnostics.md). For more information, see [Common problems with {{fleet}} and {{agent}}](/troubleshoot/ingest/fleet/common-problems.md). +::: diff --git a/manage-data/ingest/agentless/agentless-integrations-faq.md b/manage-data/ingest/agentless/agentless-integrations-faq.md index 1e8c7e4ead..903e8b341d 100644 --- a/manage-data/ingest/agentless/agentless-integrations-faq.md +++ b/manage-data/ingest/agentless/agentless-integrations-faq.md @@ -1,18 +1,19 @@ --- -mapped_pages: - - https://www.elastic.co/guide/en/security/current/agentless-integrations.html - - https://www.elastic.co/guide/en/serverless/current/agentless-integration-troubleshooting.html applies_to: - stack: all - serverless: - security: all + stack: preview + serverless: preview products: - - id: security + - id: elastic-agent + - id: fleet - id: cloud-serverless -navigation_title: Agentless integrations FAQs + - id: cloud-hosted + - id: observability + - id: security +description: Frequently asked questions and troubleshooting steps for agentless integrations, including limits, supportability, and common setup issues. +navigation_title: FAQ --- -# {{elastic-sec}} agentless integrations FAQs [agentless-integration-troubleshooting] +# {{managed-integrations-cap}} FAQ [agentless-integration-faq] :::{include} ../_snippets/agentless-integrations-faq.md -::: \ No newline at end of file +::: diff --git a/manage-data/ingest/agentless/agentless-integrations.md b/manage-data/ingest/agentless/agentless-integrations.md index eb766a8f66..5c62433c8e 100644 --- a/manage-data/ingest/agentless/agentless-integrations.md +++ b/manage-data/ingest/agentless/agentless-integrations.md @@ -3,51 +3,67 @@ mapped_pages: - https://www.elastic.co/guide/en/security/current/agentless-integrations.html - https://www.elastic.co/guide/en/serverless/current/security-agentless-integrations.html applies_to: - stack: all - serverless: - security: all + stack: preview + serverless: preview products: - - id: security + - id: elastic-agent + - id: fleet - id: cloud-serverless + - id: cloud-hosted + - id: observability + - id: security +description: Ingest data from cloud sources into Elastic with no agents to deploy or manage. Agentless integrations on Elastic Cloud are a fully managed service for cloud telemetry. +type: overview --- -# Agentless integrations [agentless-integrations] +# {{managed-integrations-cap}} + +{{managed-integrations-cap}} let you ingest data from cloud sources into Elastic without deploying or managing {{agents}} yourself. Elastic provisions, scales, and operates the underlying infrastructure on your behalf, so you can focus on your data instead of the infrastructure that collects it. {{managed-integrations-cap}} are available on {{ech}} deployments and on {{obs-serverless}} and {{sec-serverless}} projects. -Agentless integrations provide a means to ingest data while avoiding the orchestration, management, and maintenance needs associated with standard ingest infrastructure. Using agentless integrations makes manual agent deployment unnecessary, allowing you to focus on your data instead of the agent that collects it. For setup guides and to learn more about Elastic's integrations, refer to [Elastic integrations](integration-docs://reference/index.md). +To enable an {{managed-integration}} in {{kib}}, see [Enable an {{managed-integration}}](/manage-data/ingest/agentless/enable-agentless-integration.md). -::::{important} -During technical preview, there are no additional costs associated with deploying agentless integrations. There is a limit of 50 agentless integrations per project. -:::: +:::{important} +{{managed-integrations-cap}} are a technical preview feature. The design and code are less mature than GA features, and Elastic provides them as-is with no warranties. The support SLA for GA features doesn't apply. There are no additional costs for {{managed-integrations}} during technical preview. +::: -## Requirements +## How {{managed-integrations}} work [agentless-architecture] -* Agentless integrations are supported only on {{ech}}, {{sec-serverless}}, and {{obs-serverless}} deployments. -* On {{ech}}, agentless integrations require a working [{{fleet-server}}](/reference/fleet/fleet-server.md). -* To set up a new agentless integration, you need the `Actions and connectors: all` [{{kib}} privilege](/deploy-manage/users-roles/cluster-or-deployment-auth/kibana-privileges.md). -* For {{serverless-short}} deployments, traffic filtering must be turned off. +When you enable an {{managed-integration}}, Elastic provisions a dedicated {{agent}} for it on Elastic-managed infrastructure. The {{agent}} pulls data from the source API and writes documents to your {{es}} cluster through the standard `_bulk` API. Data flows through the integration's ingest pipelines and lands in the same data streams as it would for a self-managed {{agent}}. Each {{managed-integration}} runs in its own {{agent}}, which keeps your data isolated from other tenants while it's collected. -## Generally available (GA) agentless integrations +A small set of shared, stateless control plane components — **Agentless API**, **Agentless Controller**, and **Agentless Cleaner** — orchestrate the lifecycle of these {{agents}}. These components don't store customer data. -Elastic fully supports agentless deployment for the Cloud Security Posture Management (CSPM) integration. Using this integration’s agentless deployment option, you can enable Elastic’s CSPM capabilities just by providing the necessary credentials. Agentless CSPM deployments support AWS, Azure, and GCP accounts. +:::{image} /manage-data/images/agentless-architecture.png +:alt: Architecture diagram for {{managed-integrations}}, showing the Agentless API, Controller, and Cleaner orchestrating per-integration {{agents}} on Elastic-managed infrastructure. The agents pull data from cloud sources through a cloud proxy and write to {{es}} over the `_bulk` API, while {{fleet-server}} delivers their policies. +::: -To learn more about agentless CSPM deployments, refer to the getting started guides for CSPM on [AWS](/solutions/security/cloud/get-started-with-cspm-for-aws.md), [Azure](/solutions/security/cloud/get-started-with-cspm-for-azure.md), or [GCP](/solutions/security/cloud/get-started-with-cspm-for-gcp.md) +The dashed boundary labeled **MKI** (Managed Kibana Infrastructure) in the diagram represents the Elastic-managed infrastructure that hosts the agentless control plane and the per-integration {{agents}}. -## Beta agentless integrations +## Limits and scaling [agentless-limits] -Agentless deployment for other integrations is in beta and is subject to change. The design and code is less mature than official GA features and is being provided as-is with no warranties. Beta features are not subject to the support SLA of official GA features. +{{managed-integrations-cap}} are designed for cloud data sources that expose data through an API at moderate volumes. The following limits apply: -## Find agentless integrations +* **Maximum {{managed-integrations}} per project**: 50. +* **No horizontal scaling**: deploying multiple {{managed-integrations}} for the same source doesn't increase ingest throughput. For higher throughput, consider the [{{edot}} Cloud Forwarder](opentelemetry://reference/edot-cloud-forwarder/index.md). +* **Rate limiting** {applies_to}`serverless: preview`: integrations whose underlying input type is `httpjson` or `cel` (two common pull-based input mechanisms in {{agent}}) are rate-limited on {{serverless-short}} to preserve quality of service. Rate limiting uses back-pressure rather than dropping events, so collection slows down until the source catches up. -```{applies_to} -stack: ga 9.2 -serverless: ga -``` +## Security and data residency [agentless-data-security] -To identify which integrations support agentless deployment: +The {{agent}} for each {{managed-integration}} writes documents directly to your cluster. Data is stored in your project or deployment, and Elastic employees don't have access to it. -1. In {{kib}}, go to **Integrations**. -2. On the left, enable the **Only agentless integrations** toggle. +The agentless service is locked down so that only the integration you configured runs on a given {{agent}}. Other workloads can't be added to it. -:::{tip} -For a complete list of all integrations that support agentless deployment, refer to [Agentless integrations quick reference](integration-docs://reference/agentless_integrations.md). -::: +## Manage and monitor {{managed-integrations}} [manage-agentless-integrations] + +{{managed-integrations-cap}} are a fully managed service: the underlying {{agents}} aren't visible in **{{fleet}}** by default, and you don't need to monitor their health. Elastic operates the infrastructure and resolves service-level issues on your behalf. + +You can observe data flow into your cluster the same way you would for any other integration — by querying the destination data streams, building dashboards, or setting up [alerting rules](/explore-analyze/alerting.md) on the data. + +For service issues or to request diagnostics, contact [Elastic Support](https://support.elastic.co). + +## Related [agentless-related] + +* [Enable an {{managed-integration}}](/manage-data/ingest/agentless/enable-agentless-integration.md) +* [{{managed-integrations-cap}} FAQ](/manage-data/ingest/agentless/agentless-integrations-faq.md) +* [Troubleshoot {{managed-integrations}}](/troubleshoot/ingest/agentless-integrations.md) +* [Cloud connector authentication for {{managed-integrations}}](/manage-data/ingest/agentless/cloud-connector-deployment.md) +* [{{managed-integrations-cap}} quick reference](integration-docs://reference/agentless_integrations.md) diff --git a/manage-data/ingest/agentless/enable-agentless-integration.md b/manage-data/ingest/agentless/enable-agentless-integration.md new file mode 100644 index 0000000000..063f6511d7 --- /dev/null +++ b/manage-data/ingest/agentless/enable-agentless-integration.md @@ -0,0 +1,71 @@ +--- +applies_to: + stack: preview + serverless: preview +products: + - id: elastic-agent + - id: fleet + - id: cloud-serverless + - id: cloud-hosted + - id: observability + - id: security +description: Enable an agentless integration in Kibana to ingest data from a cloud source. Elastic provisions and manages the Elastic Agent for you. +type: how-to +--- + +# Enable an {{managed-integration}} [enable-agentless-integration] + +Enable an {{managed-integration}} in {{kib}} to start collecting data from a cloud source. Elastic provisions the {{agent}} for you on Elastic-managed infrastructure, so there's no agent to install or maintain. For background and architecture, see [{{managed-integrations-cap}}](/manage-data/ingest/agentless/agentless-integrations.md). + +## Before you begin [enable-agentless-before-you-begin] + +To enable an {{managed-integration}}, you need: + +* An {{ech}} deployment, {{obs-serverless}}, or {{sec-serverless}}. +* The `Fleet: All` and `Integrations: All` [{{kib}} privileges](/reference/fleet/fleet-roles-privileges.md) to create or edit an {{managed-integration}}. These are the same privileges required for any {{fleet}} integration. +* On {{ech}}, a working default [{{fleet-server}}](/reference/fleet/fleet-server.md). + +## Find {{managed-integrations}} [enable-agentless-find] + +```{applies_to} +stack: preview 9.2 +serverless: preview +``` + +To find which {{product.integrations}} support agentless deployment in {{kib}}: + +::::{applies-switch} + +:::{applies-item} { stack: preview 9.4, serverless: preview } +1. In {{kib}}, go to **{{integrations}}**. +2. Open the **Setup method** filter and select **Agentless**. +::: + +:::{applies-item} stack: preview 9.2-9.3 +1. In {{kib}}, go to **{{integrations}}**. +2. Enable the **Only agentless integrations** toggle. +::: + +:::: + +For a complete list of integrations that support agentless deployment, see [{{managed-integrations-cap}} quick reference](integration-docs://reference/agentless_integrations.md). + +## Enable the integration [enable-agentless-steps] + +1. In {{kib}}, go to **{{integrations}}** and select an integration that supports agentless deployment. +2. Click **Add ``**. +3. Provide the credentials and any other required configuration for the source. +4. Under **Deployment options**, select **Agentless**. For some integrations, **Agentless** is the default deployment mode, and the picker isn't shown. +5. Click **Save and continue**. + +Within a few minutes, data from the source appears in the integration's data streams in your cluster. + +:::{tip} +For integrations that authenticate to a cloud provider, you can use [cloud connector authentication](/manage-data/ingest/agentless/cloud-connector-deployment.md) to avoid managing API keys directly. +::: + +## Next steps [enable-agentless-next-steps] + +* Learn more about [how {{managed-integrations}} work](/manage-data/ingest/agentless/agentless-integrations.md#agentless-architecture). +* Review common questions in the [{{managed-integrations-cap}} FAQ](/manage-data/ingest/agentless/agentless-integrations-faq.md). +* If you run into issues, see [Troubleshoot {{managed-integrations}}](/troubleshoot/ingest/agentless-integrations.md). diff --git a/manage-data/toc.yml b/manage-data/toc.yml index 45e0a86aed..981bd58bef 100644 --- a/manage-data/toc.yml +++ b/manage-data/toc.yml @@ -110,6 +110,7 @@ toc: - file: ingest/ingest-reference-architectures/agent-ls-airgapped.md - file: ingest/agentless/agentless-integrations.md children: + - file: ingest/agentless/enable-agentless-integration.md - file: ingest/agentless/cloud-connector-deployment.md - file: ingest/agentless/agentless-integrations-faq.md - file: ingest/otlp-endpoint.md diff --git a/redirects.yml b/redirects.yml index 3283295428..b6da7e5be2 100644 --- a/redirects.yml +++ b/redirects.yml @@ -904,3 +904,48 @@ redirects: - to: 'explore-analyze/ai-features/agent-builder/agent-builder-agents.md' anchors: 'enable-elastic-capabilities': 'elastic-capabilities' + +# Related to https://github.com/elastic/docs-content/issues/6986 +# Agentless integrations docs restructure for GA: overview split into +# overview + how-to, FAQ rewritten, and troubleshooting split into its +# own page. All three source pages keep their URLs, only anchors move. + 'manage-data/ingest/agentless/agentless-integrations.md': + to: 'manage-data/ingest/agentless/agentless-integrations.md' + many: + - to: 'manage-data/ingest/agentless/enable-agentless-integration.md' + anchors: + 'requirements': 'enable-agentless-before-you-begin' + 'find-agentless-integrations': 'enable-agentless-find' + 'generally-available-ga-agentless-integrations': 'enable-agentless-find' + 'beta-agentless-integrations': 'enable-agentless-find' + + 'manage-data/ingest/agentless/agentless-integrations-faq.md': + to: 'manage-data/ingest/agentless/agentless-integrations-faq.md' + anchors: + 'agentless-integration-troubleshooting': 'agentless-integration-faq' + '_when_i_make_a_new_integration_when_will_i_see_the_agent_appear_on_the_integration_policies_page': 'agentless-faq-add-agent-button' + 'why-isnt-my-agentless-agent-appearing-in-fleet': 'agentless-faq-fleet-visibility' + 'why-cant-i-upgrade-my-agentless-integration-to-a-newer-version': 'agentless-faq-upgrade' + '_how_do_i_delete_an_agentless_integration': 'agentless-faq-delete' + 'can-agentless-integrations-use-a-specific-range-of-static-ip-addresses-for-configuring-allow-and-deny-rules-for-traffic': 'agentless-faq-static-ip' + 'do-agentless-integrations-work-if-im-using-traffic-filtering': 'agentless-faq-traffic-filtering' + many: + - to: 'troubleshoot/ingest/agentless-integrations.md' + anchors: + '_how_do_i_troubleshoot_an_offline_agent': 'agentless-troubleshoot-offline' + '_how_do_i_troubleshoot_an_unhealthy_agent': 'agentless-troubleshoot-unhealthy' + + 'troubleshoot/security/agentless-integrations.md': + to: 'troubleshoot/security/agentless-integrations.md' + anchors: + '_how_do_i_troubleshoot_an_offline_agent': 'agentless-troubleshoot-offline' + '_how_do_i_troubleshoot_an_unhealthy_agent': 'agentless-troubleshoot-unhealthy' + many: + - to: 'manage-data/ingest/agentless/agentless-integrations-faq.md' + anchors: + '_when_i_make_a_new_integration_when_will_i_see_the_agent_appear_on_the_integration_policies_page': 'agentless-faq-add-agent-button' + 'why-isnt-my-agentless-agent-appearing-in-fleet': 'agentless-faq-fleet-visibility' + 'why-cant-i-upgrade-my-agentless-integration-to-a-newer-version': 'agentless-faq-upgrade' + '_how_do_i_delete_an_agentless_integration': 'agentless-faq-delete' + 'can-agentless-integrations-use-a-specific-range-of-static-ip-addresses-for-configuring-allow-and-deny-rules-for-traffic': 'agentless-faq-static-ip' + 'do-agentless-integrations-work-if-im-using-traffic-filtering': 'agentless-faq-traffic-filtering' diff --git a/troubleshoot/ingest/agentless-integrations.md b/troubleshoot/ingest/agentless-integrations.md new file mode 100644 index 0000000000..5c9001d04f --- /dev/null +++ b/troubleshoot/ingest/agentless-integrations.md @@ -0,0 +1,20 @@ +--- +navigation_title: Agentless integrations +applies_to: + stack: preview + serverless: preview +products: + - id: elastic-agent + - id: fleet + - id: cloud-serverless + - id: cloud-hosted + - id: observability + - id: security +description: Troubleshoot common issues with agentless integrations, including Offline and Unhealthy agents. +type: troubleshooting +--- + +# Troubleshoot {{managed-integrations}} [agentless-integration-troubleshoot] + +:::{include} /manage-data/ingest/_snippets/agentless-integrations-troubleshooting.md +::: diff --git a/troubleshoot/security/agentless-integrations.md b/troubleshoot/security/agentless-integrations.md index 60a399c2bd..1efaacf63a 100644 --- a/troubleshoot/security/agentless-integrations.md +++ b/troubleshoot/security/agentless-integrations.md @@ -1,21 +1,22 @@ --- -navigation_title: Troubleshoot agentless integrations +navigation_title: Agentless integrations +mapped_pages: + - https://www.elastic.co/guide/en/serverless/current/agentless-integration-troubleshooting.html applies_to: - stack: all - serverless: - security: all + stack: preview + serverless: preview products: - - id: security - id: elastic-agent - id: fleet - id: cloud-serverless - id: cloud-hosted - - id: cloud-enterprise - - id: cloud-kubernetes - - id: elastic-stack + - id: observability + - id: security +description: Troubleshoot common issues with agentless integrations, including Offline and Unhealthy agents. +type: troubleshooting --- -# Troubleshoot agentless integrations [agentless-integration-troubleshoot] +# Troubleshoot {{managed-integrations}} [agentless-integration-troubleshoot] -:::{include} /manage-data/ingest/_snippets/agentless-integrations-faq.md -::: \ No newline at end of file +:::{include} /manage-data/ingest/_snippets/agentless-integrations-troubleshooting.md +::: diff --git a/troubleshoot/toc.yml b/troubleshoot/toc.yml index c05a00ee01..6eff9ea0d7 100644 --- a/troubleshoot/toc.yml +++ b/troubleshoot/toc.yml @@ -194,7 +194,8 @@ toc: - file: ingest/fleet/common-problems.md - file: ingest/fleet/frequently-asked-questions.md - file: ingest/beats-loggingplugin/elastic-logging-plugin-for-docker.md - - file: ingest/elastic-serverless-forwarder.md + - file: ingest/elastic-serverless-forwarder.md + - file: ingest/agentless-integrations.md - file: deployments/elastic-cloud.md children: - file: deployments/serverless.md