What is x-Pack?
X-pack referred as extended elastic search is a plugin that can installed with elastic search server.

What is it all about ?
Until Elasticsearch 5.0.0 some of features present with elastic search are shifted as individual plugins
like Watch, Marvel,shield etc. However with X-pack in place , all features are bought under one
stack which is referred as X-pack.

Installation reference:

https://www.elastic.co/guide/en/x-pack/current/installing-xpack.html

What are different stack of components that i get with X-pack ?

Following are the stack of components that we get with X-pack, These components sits in ElasticSearch, Kibana or Logstash as per the feature requirement.

Security: ( Formerly referred as Shield)
Provides Authentication ( integrating with Active directory, LDAP), Authorization(Role based access for cluster and index operations ), Auditing features along with other features like IP filtering, Encryption etc.
Few of them can be achieved using Rest API like.

Eg:
PUT /_xpack/security/user/username ( creating users )
PUT /_xpack/security/user/roles/security ( Creating roles)

Reporting
For sharing information about the data ( OmDemand, Scheduled , Event based reports can be generated)
Mixed with altering features , reports can be share on weekly, daily basis etc.

Alerting: (Watcher )
Used for setting up alerts when some thing changes in the system .This is completely API Driven. Can be assumed as kind of trigger that gets triggered based on a particular action.

EG:
PUT _Watcher/watch/ , This API takes four parameters like

trigger : what frequency you want to watch.
Input : can be a DSL Query or any HTTP request.
action : action to be done.
condition : condition on which an action to be done.

Graphing:
Helps in Visualizing the relationship of data present with data (Eg index) present in elastic search.
Provides rest API for capturing the data.

SQL: (Read only queries )
Helps the users with expertise with SQL to interact with elastic search in SQL way. Provides an Interface to use SQL with elastic search ,returns data in tabular structure.For example we can get data from a document as simple SQL query as

select last_name,first_name from emp order by emp_no ( where emp is a document )

Monitoring: (*Formerly referred as *Marvel)
Helps in monitoring the cluster with the help of kibana dashbaords. Marvel sits as agents on the nodes and keeps shipping the health information.

Following configuration in elastic search helps in shipping the metric information.

marvel.agent.exporters:
id1:
type: http
host: [“http://:9200”%5D

Machine Learning:
Used for Anomaly Detection of the data present in elastic search , machine learning results can be viewed in kibana. This plugin can take the data in real time or can be submitted in jobs

More about X-Pack Monitoring :

What is Elasticsearch X-pack monitoring ?

X-pack monitoring which is referred as marvel earlier is used for monitoring elasticsearch and kibana. X-Pack monitoring is enabled by default when you install X-Pack ( For older versions of elasticsearch it can be installed with plugin manually). Advanced monitoring settings helps us to control how frequently data is collected, configure timeouts, and set the retention period for locally-stored monitoring indices.We can also adjust how monitoring data is displayed.

How performance stats are collected ?

X-pack monitoring makes use of two components called as collectors and Exporters for this whole job.

Collector: its a kind of agent , that runs once for each collection interval (default 10 seconds )to obtain data
from elasticsearch nodes. Once data collection is finished, data is handed in bulk to the
“exporters” to be sent to the monitoring clusters.

Types of Collectors : ( Cluster stats, Index Stats, Shards etc ) Each of these collectors collect
the respective stats information.

Exporter : Used for sending the data collected to the required elasticsearch cluster nodes.
Types of Exporters: ( Local ,Remote ) Used for exporting the data to elastic search cluster.

In addition , different beats (Auditbeat , Filebeat,Heartbeat, Metricbeat, Packetbeat, Winlogbeat ) can also be configured to collect more stats .

Where can we see performance metrics ?

Monitoring metrics that are captured from each node using the above steps, can be viewed from kibana by going to performance option.