This documentation contains work-in-progress information for future Elastic Stack and Cloud releases. Use the version selector to view supported release docs. It also contains some Elastic Cloud serverless information. Check out our serverless docs for more details.
« Infrastructure app fields Appendix A: Deleted pages »
Elastic Docs Elastic Observability [master] Reference

Elastic Entity Model

edit

Elastic Entity Model

edit

This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.

The Elastic Entity Model consists of:

  • a data model and related entity indices
  • an Entity Discovery Framework, which consists of transforms and Ingest pipelines that read from signal indices and write data to entity indices
  • a set of management APIs that empower entity-centric Elastic solution features and workflows

In the context of Elastic Observability, an entity is an object of interest that can be associated with produced telemetry and identified as unique. Note that this definition is intentionally closely aligned to the work of the OpenTelemetry Entities SIG. Examples of entities include (but are not limited to) services, hosts, and containers.

The concept of an entity is important as a means to unify observability signals based on the underlying entity that the signals describe.

  • The Elastic Entity Model currently supports the new service inventory experience limited to service-based entities (as identified by service.name) located in data identified by logs-* and filebeat* index patterns
  • During Technical Preview, Entity Discovery Framework components are not enabled by default

Enable the Elastic Entity Model

edit

During Technical Preview, the Elastic Entity Model is enabled when you turn on the entity-centric service inventory described in New services experience.

The following Elasticsearch privileges are required:

Index privileges

names: [.entities*], privileges: [create_index, index, create_doc, auto_configure, read]

names: [logs-*, filebeat*, metrics-*, metricbeat*, traces-*, .entities*], privileges: [read, view_index_metadata]

Cluster privileges

manage_transform, manage_ingest_pipelines, manage_index_templates

Application privileges

application: kibana-.kibana, privileges: [saved_object:entity-definition/*, saved_object:entity-discovery-api-key/*], resources: [*]

For more information, refer to Security privileges in the Elasticsearch documentation.

Disable the Elastic Entity Model

edit

From the Dev Console, run the command: DELETE kbn:/internal/entities/managed/enablement

The following Elasticsearch privileges are required to delete Elasticsearch resources:

Index privileges

names: [.entities*], privileges: [delete_index]

Cluster privileges

manage_transform, manage_ingest_pipelines, manage_index_templates

Application privileges

application: kibana-.kibana, privileges: [saved_object:entity-definition/delete, saved_object:entity-discovery-api-key/delete], resources: [*]
« Infrastructure app fields Appendix A: Deleted pages »