Getting started: Monitor applications and systems with Elastic Observabilityedit

This guide walks you through a simple monitoring scenario so you can learn the basics of creating an Elasticsearch cluster, adding data, and analyzing the results in Kibana. To get started, you can create a deployment in Elastic Cloud, where most of the configuration happens automatically. In just a few steps, you’ll learn how to retrieve metrics from your host and feed them directly into the Elastic Stack for viewing and monitoring.

In this tutorial, you’ll deploy the Elastic Stack, install an Elastic Agent on your host to collect logs and metrics, and visualize information from those collected logs and metrics.

If you prefer video tutorials, check out the Logging Quick Start
or the Metrics Quick Start.

Prerequisitesedit

To get started, all you need is an internet connection, an email address, and a local or virtual machine from which you’d like to gather some performance data.

Step 1: Create an Elastic Cloud deploymentedit

An Elastic Cloud deployment offers you all of the features of the Elastic Stack as a hosted service. To test drive your first deployment, sign up for a free Elastic Cloud trial:

  1. Go to our Elastic Cloud Trial page.
  2. Enter your email address and a password.

    Start your free Elastic Cloud trial
  3. After you’ve logged in, you can directly create a deployment. Give your deployment a name and select Create deployment.

    Create your first deployment
  4. While the deployment sets up, make a note of your elastic superuser password and keep it in a safe place.
  5. Once the deployment is ready, select Continue. At this point, you access Kibana and are prompted to Add integrations or to Explore on your own. Feel free to check the various options and integrations available. You can return to the home page of Kibana at any time by selecting the Elastic logo.

Your deployment includes a pre-configured instance of Fleet Server, which manages the Elastic Agents that you can use to monitor a host system.

Step 2: Add the Elastic Agent System integrationedit

Elastic Agent is a single, unified way to add monitoring for logs, metrics, and other types of data to a host. It can also protect hosts from security threats, query data from operating systems, and more. A single agent makes it easy and fast to deploy monitoring across your infrastructure. Each agent has a single policy (a collection of input settings) that you can update to add integrations for new data sources, security protections, and more.

  1. Go to the Kibana home page and select Add integrations.

    Kibana home page
  2. In the query bar, search for System and select the integration.
  3. Select Add System.
  4. Configure the integration name and optionally add a description. Make sure that Collect logs from System instances and Collect metrics from System instances are turned on.
  5. Expand each configuration section to verify that the settings are correct for your host. For example, if you’re deploying Elastic Agent on macOS hosts, you need to add a new path to the System syslog logs section by clicking Add row and specifying /var/log/system.log.

    Configuration page for adding log paths to the Elastic Agent System integration
  6. Select Save and continue. This step takes a minute or two to complete. When it’s done, you’ll have an agent policy that contains a system integration policy for the configuration you just specified.

    Configuration page for adding the Elastic Agent System integration
  7. In the popup, select Add Elastic Agent to your hosts to open the Add agent flyout.

    If you accidentally close the popup, go to Fleet > Agents, then click Add agent to access the flyout.

Step 3: Install and run an Elastic Agent on your machineedit

The Add agent flyout has two tabs: Enroll in Fleet and Run standalone. The default is to enroll the agents in Fleet, as this reduces the amount of work on the person managing the hosts by providing a centralized management tool in Kibana.

  1. Skip the Select enrollment token step. The enrollment token you need is already selected.

    The enrollment token is specific to the Elastic Agent policy that you just created. When you run the command to enroll the agent in Fleet, you will pass in the enrollment token.

  2. Download, install, and enroll the Elastic Agent on your host by selecting your host operating system and following the Install Elastic Agent on your host step.

    Add agent flyout in Kibana

    It takes about a minute for Elastic Agent to enroll in Fleet, download the configuration specified in the policy you just created, and start collecting data.

Step 4: Monitor host logs and metricsedit

  1. Verify that data is flowing. Wait until agent enrollment is confirmed and incoming data is received, then click View assets to access dashboards related to the System integration.

    Agent confirm data
  2. Choose a dashboard that is related to the operating system of your monitored system. Dashboards are available for Microsoft Windows systems and Unix like systems (for example, Linux and macOS).

    Agent list of visualizations
  3. Open the [Metrics System] Host overview dashboard to view performance metrics from your host system.

    The Host Overview dashboard in Kibana with various metrics from your monitored system

You can hover over any visualization to adjust its settings, or select the Edit button to make changes to the dashboard. To learn more, refer to Dashboard and visualizations.

Step 5: Tidying upedit

  1. You’ve now learned how to set up an Elastic Cloud deployment and bring in data from a host system. If you’d like to remove Elastic Agent from your system, run the uninstall command from the directory where it’s running and then follow the prompts.

    You must run this command as the root user.

    sudo /Library/Elastic/Agent/elastic-agent uninstall

    If you run into any problems, check Uninstall Elastic Agents from edge hosts for the detailed uninstall steps.

What’s next?edit

Learn more about Elastic Observability

  • For a more detailed version of this guide, including instructions for Elastic Cloud and self-managed environments, and additional steps to monitor Nginx logs and metrics, check Ingest logs, metrics, and uptime data with Elastic Agent.
  • Take your investigation to a deeper level! Use Elastic Observability to unify your logs, metrics, uptime, and application performance data.
  • Are your eyes tired from staring at a wall of screens? Create alerts and find out about problems while sipping your favorite beverage poolside.
  • Got everything working as you want it? Roll out your agent policies to other hosts by deploying Elastic Agents across your infrastructure!

Learn about other Elastic solutions and features

  • Want to add search to your website, applications, or organization data? Try out Enterprise Search.
  • Want Elastic to do the heavy lifting? Use machine learning to detect anomalies.
  • Want to protect your endpoints from security threats? Try Elastic Security. Adding endpoint protection is just another integration that you add to the agent policy!