Add basic structure

elastic · Feb 22, 2024 · 7cec523 · 7cec523
1 parent f81c0c8
commit 7cec523
Showing 1 changed file with 21 additions and 47 deletions.
diff --git a/docs/static/ea-integration-tutorial.asciidoc b/docs/static/ea-integration-tutorial.asciidoc
@@ -1,28 +1,19 @@
 [[ea-integrations-tutorial]]
-== Tutorial: {ls} `elastic_integration filter` to extend Elastic {integrations} (Beta)
+=== Tutorial: {ls} `elastic_integration filter` to extend Elastic {integrations} (Beta)
 ++++
 <titleabbrev>Tutorial: {ls} `elastic_integration filter`</titleabbrev>
 ++++
 
 
-Process overview
-
-* Configure Fleet to send data from Elastic Agent to Logstash
-* Create an Elastic Agent policy with the necessary integrations
-* Configure Logstash to use the elastic_integration filter plugin
-
-
-Logstash elastic-integration Filter Plugin Guide
-
-Overview
 The purpose of this guide is to walk through the steps necessary to configure {ls} to transform events
 collected by the Elastic Agent using our pre-built Elastic Integrations that normalize data to the Elastic Common Schema (ECS).
 This is possible with a new beta feature in Logstash known as the elastic-integration
 filter plugin.
 Using this new plugin, Logstash reads certain field values generated by the Elastic Agent, and uses them to apply the transformations from Elastic Integrations so that it can further process events before
 sending them to their configured destinations.
 
-Prerequisites/Requirements
+[[ea-integrations-prereqs]]
+*Prerequisites/Requirements* 
 
 There are a few requirements needed to make this possible:
 
@@ -35,54 +26,38 @@ There are a few requirements needed to make this possible:
 This feature can also be used with a self-managed agent, but the appropriate setup and configuration details
 of using a self-managed agent will not be provided in this guide.
 
-Configure Fleet to send data from Elastic Agent to Logstash
+[[ea-integrations-process-overview]]
+*Process overview*
 
-. For Fleet Managed Agent, go to Kibana and navigate to Fleet → Settings.
+* Configure Fleet to send data from Elastic Agent to Logstash
+* Create an Elastic Agent policy with the necessary integrations
+* Configure Logstash to use the elastic_integration filter plugin
 
-Figure 1: fleet-output
+[discrete]
+[[ea-integrations-fleet]]
+=== Configure Fleet to send data from Elastic Agent to Logstash
 
+. For Fleet Managed Agent, go to Kibana and navigate to Fleet → Settings.
 . Create a new output and specify Logstash as the output type.
-
-Figure 2: logstash-output
-
 . Add the Logstash hosts (domain or IP address/s) that the Elastic Agent will send data to.
 . Add the client SSL certificate and the Client SSL certificate key to the configuration.
-You can specify at the bottom of the settings if you would like to make this out the default for agent
-integrations. By selecting this option, all Elastic Agent policies will default to using this Logstash output
-configuration.
+    You can specify at the bottom of the settings if you would like to make this out the default for agent integrations. 
+    By selecting this option, all Elastic Agent policies will default to using this Logstash output configuration.
 . Click “Save and apply settings” in the bottom right-hand corner of the page.
 
-Create an Elastic Agent policy with the necessary integrations
+[discrete]
+[[ea-integrations-create-policy]]
+=== Create an Elastic Agent policy with the necessary integrations
 
 . In Kibana navigate to Fleet → Agent policies and click on “Create agent policy”.
-
-
-
-Figure 3: create-agent-policy
 . Give this policy a name, and then click on “Advanced options”.
 . Change the “Output for integrations” setting to the Logstash output you created in the last step.
-
-
-
-Figure 4: policy-output
-
-
 . Click “Create agent policy” at the bottom of the flyout.
 . The new policy should be listed on the Agent policies page now.
 . Click on the policy name so that we can start configuring an integration.
 . On the policy page, click “Add integration”. 
   This will take you to the integrations browser, where you can select an integration that will have everything necessary to _integrate_ that data source with your other data in the Elastic stack.
-
-Figure 5: add-integration-to-policy
-In this example we will search for and select the Crowdstrike integration.
-
-Figure 6: crowdstrike-integration
-
 . On the Crowdstrike integration overview page, click “Add Crowdstrike” to configure the integration.
-
-
-
-Figure 7: add-crowdstrike
 . Configure the integration to collect the needed data.
 On step 2 at the bottom of the page (Where to add this integration?), make sure the “Existing hosts” option
 is selected and the Agent policy selected is our Logstash policy we created for our Logstash output. This
@@ -92,18 +67,17 @@ A modal will appear on the screen asking if you want to add the Elastic Agent to
 already done so, please install the Elastic Agent on a host somewhere. Documentation for this process can be
 found here: https://www.elastic.co/guide/en/fleet/current/elastic-agent-installation.html
 
-Figure 8: add-elastic-agent-to-host
-
-Configure Logstash to use the elastic_integration filter plugin
 
+[discrete]
+[[ea-integrations-pipeline]]
+=== Configure Logstash to use the elastic_integration filter plugin
 
 Create a new pipeline configuration in Logstash.
 
 Make sure elastic_integration plugin is installed or install with /bin/logstash-plugin install logstash-filter-
 elastic_integration before running the pipeline.
 
-A full list of configuration options can be found here: https://www.elastic.co/guide/en/logstash/current/plugins-
-filters-elastic_integration.html
+A full list of configuration options can be found here: https://www.elastic.co/guide/en/logstash/current/plugins-filters-elastic_integration.html
 
 [source,txt]
 -----