[DOCS] Linux deadlock troubleshooting & reference #2446
Conversation
- Create new reference topic for advanced settings - Create new troubleshooting section - Xrefs and plumbing
joepeeples
added
Team: Docs
Team: Endpoint
|
Documentation previews: |
joepeeples
requested review from
benironside,
ferullo,
jmikell821,
joeypoon,
kevinlog and
nastasha-solomon
nastasha-solomon
left a comment
nastasha-solomon
left a comment
There was a problem hiding this comment.
Left two minor comments. Looks great overall!
|
|
||
| This section provides a few ways to determine the file system names needed for `linux.advanced.fanotify.monitored_filesystems` and `linux.advanced.fanotify.ignored_filesystems`. | ||
|
|
||
| Assuming a typical setup, {filebeat} will be installed alongside {elastic-endpoint} and will automatically ship {elastic-endpoint} logs to {es}. {elastic-endpoint} will generate a log message about the file that was scanned when an event occurred. |
There was a problem hiding this comment.
For my own edification, are you referring to the typical Elastic agent setup here? I'm reading this sentence as:
Assuming a typical setup, when you install Elastic Agent, Filebeat will be installed alongside Elastic Endpoint and will automatically ship Elastic Endpoint logs to Elasticsearch.
There was a problem hiding this comment.
@nastasha-solomon That's correct. Do you think this should specify installing Elastic Agent for clarity? I don't want to juggle too many proper nouns here but can definitely revise if there's a better way to explain this.
There was a problem hiding this comment.
Yeah, I think so. What you're describing sounds complex. It might be good to explicitly state that all of this activity is happening without additional user input/efforts (i.e., the Agent does it all). It could also reduce the likelihood that the sentence is misinterpreted. Someone who's unfamiliar with the Agent might interpret the sentence as "assuming you setup Filebeat in the typical way, the Beat will be installed alongside Elastic Endpoint...".
jmikell821
left a comment
jmikell821
left a comment
There was a problem hiding this comment.
Looks great! One general comment, I think we need to be extra careful we're using "Endpoint and Cloud Security" references correctly vs. Elastic Endpoint . AFAIK Elastic Endpoint is doing the monitoring and protecting, but with Endpoint and Cloud sec's new name Elastic Defend, maybe it is synonymous with what the Elastic Endpoint does? We may need to follow up w/ OLM and Dan Ferullo's team to ensure we have accurate definitions of both.
I'm on Dan's team, I'll get the clarification. |
As I understand it, Endpoint and Cloud Security and/or Elastic Defend is the integration name, Elastic Endpoint is the name of the thing that is running on the host. I think which name to use depends on the circumstance. A rule of thumb is to say the integration name in cases where you're talking about the Elasticsearch or Kibana experience and Elastic Endpoint when you're talking about what's going on on the host. |
|
Thanks for the clarification @ferullo, this is very helpful! Could you take a quick look at the content here and flag anything that needs adjusting? I tried to use "Elastic Endpoint" only when describing specific components that are installed when you install Elastic Agent. |
|
The places in this PR that Endpoint and/or the integration name are used seem correct to me. |
* First draft - Create new reference topic for advanced settings - Create new troubleshooting section - Xrefs and plumbing * Fix typos * Add lead-in before steps * Revise explanation about Agent, Filebeat, Endpoint * Add feedback from Janeen's review (cherry picked from commit 4feeace)
* First draft - Create new reference topic for advanced settings - Create new troubleshooting section - Xrefs and plumbing * Fix typos * Add lead-in before steps * Revise explanation about Agent, Filebeat, Endpoint * Add feedback from Janeen's review (cherry picked from commit 4feeace) Co-authored-by: Joe Peeples <joe.peeples@elastic.co>
Resolves #2197.
Previews: