The Elastic Stack
The Elastic Stack (also called ELK) is a set of open source products for ingesting, storing, searching, and visualizing data at scale. Every deployment shares the same two core components — Elasticsearch and Kibana — with optional ingest tools added depending on the use case.
[ Data Sources ]
↓
[ Ingest Layer ] ← Elastic Agent / Logstash / Beats / APM / OTel
↓
[ Elasticsearch ] ← store, search, analyze
↓
[ Kibana ] ← visualize, explore, manage
Core Components
| Component | Role |
|---|---|
| elasticsearch | Distributed data store, search engine, vector database |
| kibana | UI for visualization, dashboards, and management |
| fleet | Central management layer for Elastic Agent — lives inside Kibana |
Ingest Components (optional)
| Component | Best For |
|---|---|
| elastic-agent | Simple unified data collection (logs, metrics) |
| logstash | Complex ETL pipelines, data transformation |
| Beats | Legacy lightweight shippers (largely replaced by Elastic Agent) |
| APM | Application performance monitoring |
| OpenTelemetry / EDOT | Vendor-neutral telemetry |
| Ingest Pipelines | In-Elasticsearch transformations before indexing |
Installation Order (self-managed)
- Elasticsearch
- Kibana
- Logstash
- Elastic Agent or Beats
- APM
- Elasticsearch Hadoop
All components must use the same version — e.g. if using Elasticsearch 9.3.2, all other products must also be 9.3.2.
See Also
- elasticsearch — the core engine
- kibana — the UI and management layer
- elastic-agent — unified data collection
- logstash — complex ETL pipelines