Ingest application traces with Elastic Agent

edit

This guide describes how to:

  • Collect Application Performance Monitoring (APM) data
  • Send APM data to the Elastic Stack
  • Explore and visualize the data in real-time

For feedback and questions, please contact us in the discuss forum.

Prerequisites
edit
  • You need Elasticsearch for storing and searching your data, and Kibana for visualizing and managing it. You can use our hosted Elasticsearch Service on Elastic Cloud (recommended), or self-manage the Elastic Stack on your own hardware.

    Here’s what you need for each deployment type:

  • An internet connection is required for Kibana to download integration packages from the Elastic Package Registry. Make sure the Kibana server can connect to https://epr.elastic.co on port 443.
  • Fleet is currently only available to users with the superuser role.
Step 1: Set up Fleet
edit

Use Fleet in Kibana to get APM data into the Elastic Stack.

The first time you use Fleet, you might need to set it up and add a Fleet Server:

Elastic Cloud runs a hosted version of Fleet Server. No extra setup is required unless you want to scale your deployment.

To confirm that Fleet Server is available in your deployment:

  1. Log in to Kibana and go to Management > Fleet.
  2. Click the Agents tab.
  3. Under Agent policy, look for Elastic Cloud agent policy — Fleet Server is the agent enrolled in the Elastic Cloud agent policy. This policy is managed by Elastic Cloud. You cannot modify it. Confirm that the agent status is Healthy.

Don’t see the Fleet Server agent? Make sure your deployment includes an APM & Fleet node. This node is required to use Fleet Server.

Fleet Server hosted agent

When using our hosted Elasticsearch Service, it’s recommended that you use our hosted version of Fleet Server. However, you can choose to deploy and self-manage Fleet Servers.

For more information, refer to Fleet Server.

Step 2: Add an Elastic Agent to Fleet
edit

Elastic Agent is a single, unified agent that you can deploy to hosts or containers to collect data and send it to the Elastic Stack. Behind the scenes, Elastic Agent runs the Beats shippers or Elastic Endpoint required for your configuration.

Don’t confuse Elastic Agent with APM agents–they are different components. In a later step, you’ll instrument your code with APM agents and send the data to an APM Server instance that Elastic Agent spins up.

If you plan on enabling Real User Monitoring (RUM), you must run Elastic Agent centrally. If RUM is disabled, you should run Elastic Agent on edge machines.

To send APM data to the Elastic Stack:

  1. On the machine where you’ll run Elastic Agent, download and extract the installation package.

    curl -L -O https://artifacts.elastic.co/downloads/beats/elastic-agent/elastic-agent-7.17.25-darwin-x86_64.tar.gz
    tar xzvf elastic-agent-7.17.25-darwin-x86_64.tar.gz

    See the download page for other installation options.

  2. On the Agents tab in Fleet, click Add agent.
  3. Under Enroll in Fleet, follow the in-product installation steps (skip the download step if you’ve already done it).

    add agent

    See the download page for other installation options.

Notes:

  • Use the default agent policy to get started quickly. This policy includes a system integration for collecting logs and metrics from the host system. You can change the policy later.
  • On macOS, Linux (tar package), and Windows, run the install command to install Elastic Agent as a managed service, enroll it in Fleet, and start the service. The DEB and RPM packages include a service unit for Linux systems with systemd, so use the enroll command instead of install.

    You must run this command as the root user because some integrations require root privileges to collect sensitive data.

    cd elastic-agent-7.17.25-darwin-x86_64
    sudo ./elastic-agent install -f --url=<fleet_server_url> --enrollment-token=<enrollment_token>  

    fleet_server_url is the host and IP where Fleet Server is running, and enrollment_token is the enrollment token acquired from Fleet.

    Omit -f to run an interactive installation.

    If you see an "x509: certificate signed by unknown authority" error, you might be trying to enroll in a Fleet Server that uses self-signed certs. To fix this problem in a non-production environment, pass the --insecure flag. For more information, refer to the troubleshooting guide.

    Refer to Installation layout for the location of installed Elastic Agent files.

Because Elastic Agent is installed as an auto-starting service, it will restart automatically if the system is rebooted.

To confirm that Elastic Agent is installed and running, go to the Agents tab in Fleet. Notice that the Default policy is assigned to the agent.

Fleet showing enrolled agents

If the status hangs at Enrolling, make sure the elastic-agent process is running.

If you run into problems:

For information about managing Elastic Agent in Fleet, refer to Centrally manage Elastic Agents in Fleet.

Step 3: Add the APM integration
edit

Next, add the APM integration to the default policy used by your Elastic Agent. Policies manage settings across a group of Elastic Agents and may contain any number of integrations for collecting observability data from the various services running on your host.

  1. In Kibana, select Add integrations > Elastic APM.

    Fleet showing APM integration
  2. Click APM integration.

    Add APM integration
  3. Click Switch to Elastic Agent.

    Switch to Elastic APM
  4. Confirm that you wish to switch to Elastic Agent. Some apm-server.yml are incompatible with Elastic Agent and will be removed when Elastic Agent is enabled. Click Switch to Elastic Agent.

    Switch to Elastic Agent
  5. When the APM integration finishes setting up, click View the APM integration in Fleet.
  6. As you can see, the APM integration has been added to the Elastic Cloud Agent policy. This is the default policy for Elastic Agents hosted on Elastic Cloud. Select Actions > Edit integration to configure the APM integration.

    Edit the APM integration
  7. Make a note of the predefined Host and URL that the APM Server is listening on—​you’ll need these in the next step. If you made any changes to your configuration, click save and continue.
Step 4: Install APM agents
edit

APM agents are written in the same language as your service. To monitor a new service, you must install the agent and configure it with a service name, APM Server host, and Secret token.

  • Service name: The APM integration maps an instrumented service’s name–defined in each APM agent’s configuration– to the index that its data is stored in Elasticsearch. Service names are case-insensitive and must be unique. For example, you cannot have a service named Foo and another named foo. Special characters will be removed from service names and replaced with underscores (_).
  • APM Server URL: The host and port that APM Server listens for events on. This should match the host and port defined when setting up the APM integration.
  • Secret token: Authentication method for APM agent and APM Server communication. This should match the secret token defined when setting up the APM integration.

You can edit your APM integration settings if you need to change the APM Server URL or secret token to match your APM agents.

Download the APM agent

Download the agent jar from Maven Central. Do not add the agent as a dependency to your application.

Start your application with the javaagent flag

Add the -javaagent flag and configure the agent with system properties.

  • Set required service name
  • Set custom APM Server URL (default: http://localhost:8200)
  • Set the base package of your application
java -javaagent:/path/to/elastic-apm-agent-<version>.jar \
     -Delastic.apm.service_name=my-application \
     -Delastic.apm.server_urls=http://localhost:8200 \
     -Delastic.apm.secret_token= \
     -Delastic.apm.application_packages=org.example \
     -jar my-application.jar

Learn more in the agent reference

Step 5: View your data
edit

Back in Kibana, under Observability, select APM. You should see application performance monitoring data flowing into the Elastic Stack!

The built-in apm_user role is not compatible with the APM integration as it only provides read access to apm-* indices. For a list of indices users need access to, refer to APM data streams

APM app with data
What’s next?
edit
  • Now that data is streaming into the Elastic Stack, take your investigation to a deeper level! Use Elastic Observability to unify your logs, metrics, uptime, and application performance data.
  • Want to protect your endpoints from security threats? Try Elastic Security. Adding endpoint protection is just another integration that you add to the agent policy!
  • Are your eyes bleary from staring at a wall of screens? Create alerts and find out about problems while sipping your favorite beverage poolside.
  • Want Elastic to do the heavy lifting? Use machine learning to detect anomalies.
  • Got everything working like you want it? Roll out your agent policies to other hosts by deploying Elastic Agents across your infrastructure!