Architecture: Concepts
A sensor that is installed next to a data source (at the edge) so that it can summarize, analyze, and collect information.
A code module in the Agent which taps into data streams, such as Packet Capture or DNSTAP. These are sources of raw data that get processed.
A code module in the Agent which processes or analyzes a data stream, such as Network or DNS. These process the raw data from Taps.
Instructions for how an Agent should collect information. Agents may use several policies concurrently. A collection policy specifies which Tap and Analyzers, along with their configuration information.
A list of key/value pairs identifying properties of an Agent, such as “region: US, pop: ams03”. Used so that Groups can match against them, and to help organize them - used in searching and filtering in UI.
A collection of Agents which may be widely distributed and number in the tens, hundreds or thousands and are all able to connect to and contribute to the same observability system
The central orchestration system for a Fleet of Agents, enabling the ability to manage and collect information from the Agents for visualization and analysis.
The system that collects the metric output of an Agent as it runs Collection Policies, and sends them to the configured Sink according to the Dataset configuration
A database or location made available to send Agent output to, such as a time series database like Prometheus or cloud storage like S3
A list of simple key/value pairs that match against Agent Tags to dynamically define a group of Agents. For example, “region: US” will group all Agents in the Fleet that have this key/value set in their Tags
Instructions for how specific Agents in the Fleet (matched according to a given Agent Group), should apply Collection Policies and where they should Sink their data. Orb will manage many Datasets concurrently.
Information reported from the agent such as Version, Taps, Analyzers and their available configurations and metric output
