Open
Description
Since Elastic Agent is now GA and seems to be the future of Beats, we need to make sure, we can support it.
This is quite a big step, because we could change the way we collect data completely.
An idea how to deal with the different ways beats and agent work is the following. Keep in mind that Elastic Agent as of now only starts beats and gives them appropriate configuration. But nothing stops you from running the same beat multiple times on the same host. Starting a beat with a specific configuration is quite easy. Just have a look via ps on a system where one runs.
- Use Elastic Agent everywhere where it works well. Connect it directly to Elasticsearch/Kibana and use Fleet for management. This should be configurable via Ansible. In Fleet you'll only need to activate the integrations you want to have. Right now I don't see a point in automatically configuring integrations.
- Use classic beats wherever the Agent doesn't work really well. Integration of custom logs or logs that aren't known to integrations. Maybe even logs where there are more sophisticated Logstash rules available than there are in the integration for the tool.
- In the long run we could offer a multistep setup. Like first use Ansible to scan for running applications. When one is found, we can automatically collect the logs, roll out the Logstash configuration and / or activate the integration in Fleet via API. But that's very far from the first step.
Please ignore the first PR that's referenced. It was a very early test in the deprecated role repository.