Elasticsearch output settings
editElasticsearch output settings
editSpecify these settings to send data over a secure connection to Elasticsearch. In the Fleet Output settings, make sure that Elasticsearch output type is selected.
Elasticsearch output must match only the cluster with which Fleet Server is associated. It’s not possible to reference URLs belonging to other Elasticsearch clusters.
|
The Elasticsearch URLs where Elastic Agents will send data. By default, Elasticsearch is exposed on the following ports:
Examples:
Refer to the Fleet Server documentation for default ports and other configuration details. |
|
|
HEX encoded SHA-256 of a CA certificate. If this certificate is
present in the chain during the handshake, it will be added to the
|
|
|
Select a proxy URL for Elastic Agent to connect to Elasticsearch. To learn about proxy configuration, refer to Using a proxy server with Elastic Agent and Fleet. |
|
|
YAML settings that will be added to the Elasticsearch output section of each policy that uses this output. Make sure you specify valid YAML. The UI does not currently provide validation. See Advanced YAML configuration for descriptions of the available settings. |
|
|
When this setting is on, Elastic Agents use this output to send data if no other output is set in the agent policy. |
|
|
When this setting is on, Elastic Agents use this output to send agent monitoring data if no other output is set in the agent policy. Sending monitoring data to a remote Elasticsearch cluster is currently not supported. |
Advanced YAML configuration
edit| Setting | Description |
|---|---|
|
(string) The number of seconds to wait before trying to reconnect to Elasticsearch
after a network error. After waiting Default: |
|
|
(string) The maximum number of seconds to wait before attempting to connect to Elasticsearch after a network error. Default: |
|
|
(int) The maximum number of events to bulk in a single Elasticsearch bulk API index request. Events can be collected into batches. Elastic Agent will split batches larger than
Specifying a larger batch size can improve performance by lowering the overhead of sending events. However big batch sizes can also increase processing times, which might result in API errors, killed connections, timed-out publishing requests, and, ultimately, lower throughput. Setting Default: |
|
|
(int) The gzip compression level. Set this value to Increasing the compression level reduces network usage but increases CPU usage. |
|
|
(int) The number of times to retry publishing an event after a publishing failure. After the specified number of retries, the events are typically dropped. Set Default: |
|
|
(string) The HTTP request timeout in seconds for the Elasticsearch request. Default: |
|
|
(int) The number of workers per configured host publishing events. This is best used with load balancing mode enabled. Example: If you have two hosts and three workers, in total six workers are started (three for each host). Default: |