Policy settings
editPolicy settings
editThis functionality is in beta and is subject to change. The design and code is less mature than official GA features and is being provided as-is with no warranties. Beta features are not subject to the support SLA of official GA features.
The policy settings for Fleet-managed agents are specified through the UI. You do not set them explicitly in a configuration file.
For standalone agents, you need to configure settings in the elastic-agent.yml
file. Prior to installation, edit the file located in the extracted Elastic Agent
package. After installation, edit the file located in the directory
described in Installation layout.
To get started quickly, you can use Fleet to generate a standalone configuration. For more information, see Run Elastic Agent standalone (advanced users).
Output settings
editSpecify one or more outputs. Specifying multiple outputs allows you to pair each data source with a different output.
Elastic Agent currently works with the Elasticsearch output only.
Example output configuration:
outputs: default: type: elasticsearch hosts: [127.0.0.1:9200] username: elastic password: changeme monitoring: type: elasticsearch api_key: VuaCfGcBCdbkQm-e5aOx:ui2lp2axTNmsyakw9tvNnw hosts: ["localhost:9200"] ca_sha256: "7lHLiyp4J8m9kw38SJ7SURJP4bXRZv/BNxyyXkCcE/M="
This example configures two outputs: default
and monitoring
.
Notice that they use different authentication methods. The first one uses a
username and password pair, and the second one contains an API key.
A default output configuration is required.
Beats monitoring settings
editElastic Agent monitors Beats by default. To disable or change monitoring
settings, set options under agent.monitoring
:
agent.monitoring: # enabled turns on monitoring of running processes enabled: true # enables log monitoring logs: true # enables metrics monitoring metrics: true # specifies output to be used use_output: monitoring
To disable monitoring, set agent.monitoring.enabled
to false
. When set to
false
, Beats monitoring is turned off, and all other options in this section
are ignored.
To enable monitoring, set agent.monitoring.enabled
to true
. Also set the
logs
and metrics
settings to control whether logs, metrics, or both are
collected. If neither setting is specified, monitoring is disabled. Set
use_output
to specify the output to which monitoring events are sent.
Input settings
editBy default Elastic Agent collects system metrics, such as cpu, memory, network, and filesystem metrics, and sends them to the default output. For example:
inputs: - type: system/metrics data_stream.namespace: default use_output: default streams: - metricset: cpu data_stream.dataset: system.cpu - metricset: memory data_stream.dataset: system.memory - metricset: network data_stream.dataset: system.network - metricset: filesystem data_stream.dataset: system.filesystem
If use_output
is not specified, the default
output is used.
Reference yaml
editThe Elastic Agent installation includes an elastic-agent.reference.yml
file that
describes all the settings available in a standalone configuration.
The contents of the file are included here for your convenience.
###################################### # Fleet configuration ###################################### outputs: default: type: elasticsearch hosts: [127.0.0.1:9200] username: elastic password: changeme inputs: - type: system/metrics # The only two requirement are that it has only characters allowed in an Elasticsearch index name # Index names must meet the following criteria: # Lowercase only # Cannot include \, /, *, ?, ", <, >, |, ` ` (space character), ,, # # Cannot start with -, _, + # Cannot be . or .. data_stream.namespace: default use_output: default streams: - metricset: cpu # The only two requirement are that it has only characters allowed in an Elasticsearch index name # Index names must meet the following criteria: # Lowercase only # Cannot include \, /, *, ?, ", <, >, |, ` ` (space character), ,, # # Cannot start with -, _, + # Cannot be . or .. data_stream.dataset: system.cpu - metricset: memory data_stream.dataset: system.memory - metricset: network data_stream.dataset: system.network - metricset: filesystem data_stream.dataset: system.filesystem # management: # # Mode of management, the Elastic Agent support two modes of operation: # # # # local: The Elastic Agent will expect to find the inputs configuration in the local file. # # # # Default is local. # mode: "local" # fleet: # access_api_key: "" # kibana: # # kibana minimal configuration # hosts: ["localhost:5601"] # ssl.certificate_authorities: ["/etc/pki/root/ca.pem"] # # optional values # #protocol: "https" # #username: "elastic" # #password: "changeme" # #path: "" # #ssl.verification_mode: full # #ssl.supported_protocols: [TLSv1.0, TLSv1.1, TLSv1.2] # #ssl.cipher_suites: [] # #ssl.curve_types: [] # reporting: # # Reporting threshold indicates how many events should be kept in-memory before reporting them to fleet. # #reporting_threshold: 10000 # # Frequency used to check the queue of events to be sent out to fleet. # #reporting_check_frequency_sec: 30 # agent.download: # # source of the artifacts, requires elastic like structure and naming of the binaries # # e.g /windows-x86.zip # sourceURI: "https://artifacts.elastic.co/downloads/beats/" # # path to the directory containing downloaded packages # target_directory: "${path.data}/downloads" # # timeout for downloading package # timeout: 30s # # file path to a public key used for verifying downloaded artifacts # # if not file is present agent will try to load public key from elastic.co website. # pgpfile: "${path.data}/elastic.pgp" # # install_path describes the location of installed packages/programs. It is also used # # for reading program specifications. # install_path: "${path.data}/install" # agent.process: # # timeout for creating new processes. when process is not successfully created by this timeout # # start operation is considered a failure # spawn_timeout: 30s # # timeout for stopping processes. when process is not stopped by this timeout then the process. # # is force killed # stop_timeout: 30s # agent.grpc: # # listen address for the GRPC server that spawned processes connect back to. # address: localhost # # port for the GRPC server that spawned processes connect back to. # port: 6789 # agent.retry: # # Enabled determines whether retry is possible. Default is false. # enabled: true # # RetriesCount specifies number of retries. Default is 3. # # Retry count of 1 means it will be retried one time after one failure. # retriesCount: 3 # # Delay specifies delay in ms between retries. Default is 30s # delay: 30s # # MaxDelay specifies maximum delay in ms between retries. Default is 300s # maxDelay: 5m # # Exponential determines whether delay is treated as exponential. # # With 30s delay and 3 retries: 30, 60, 120s # # Default is false # exponential: false # agent.monitoring: # # enabled turns on monitoring of running processes # enabled: false # # enables log monitoring # logs: false # # enables metrics monitoring # metrics: false # # Allow fleet to reload his configuration locally on disk. # # Notes: Only specific process configuration will be reloaded. # agent.reload: # # enabled configure the Elastic Agent to reload or not the local configuration. # # # # Default is true # enabled: true # # period define how frequent we should look for changes in the configuration. # period: 10s # Logging # There are four options for the log output: file, stderr, syslog, eventlog # The file output is the default. # Sets log level. The default log level is info. # Available log levels are: error, warning, info, debug #agent.logging.level: info # Enable debug output for selected components. To enable all selectors use ["*"] # Other available selectors are "beat", "publish", "service" # Multiple selectors can be chained. #agent.logging.selectors: [ ] # Send all logging output to stderr. The default is false. agent.logging.to_stderr: true # Send all logging output to syslog. The default is false. #agent.logging.to_syslog: false # Send all logging output to Windows Event Logs. The default is false. #agent.logging.to_eventlog: false # If enabled, Elastic-Agent periodically logs its internal metrics that have changed # in the last period. For each metric that changed, the delta from the value at # the beginning of the period is logged. Also, the total values for # all non-zero internal metrics are logged on shutdown. The default is true. #agent.logging.metrics.enabled: true # The period after which to log the internal metrics. The default is 30s. #agent.logging.metrics.period: 30s # Logging to rotating files. Set logging.to_files to false to disable logging to # files. #agent.logging.to_files: true #agent.logging.files: # Configure the path where the logs are written. The default is the logs directory # under the home path (the binary location). #path: /var/log/elastic-agent # The name of the files where the logs are written to. #name: elastic-agent # Configure log file size limit. If limit is reached, log file will be # automatically rotated #rotateeverybytes: 10485760 # = 10MB # Number of rotated log files to keep. Oldest files will be deleted first. #keepfiles: 7 # The permissions mask to apply when rotating log files. The default value is 0600. # Must be a valid Unix-style file permissions mask expressed in octal notation. #permissions: 0600 # Enable log file rotation on time intervals in addition to size-based rotation. # Intervals must be at least 1s. Values of 1m, 1h, 24h, 7*24h, 30*24h, and 365*24h # are boundary-aligned with minutes, hours, days, weeks, months, and years as # reported by the local system clock. All other intervals are calculated from the # Unix epoch. Defaults to disabled. #interval: 0 # Rotate existing logs on startup rather than appending to the existing # file. Defaults to true. # rotateonstartup: true # Set to true to log messages in JSON format. #agent.logging.json: false # Set to true, to log messages with minimal required Elastic Common Schema (ECS) # information. Recommended to use in combination with `logging.json=true` # Defaults to false. #agent.logging.ecs: false