Structure of a config file

edit

The elastic-agent.yml policy file contains all of the settings that determine how Elastic Agent runs. The most important and commonly used settings are described here, including input and output options, providers used for variables and conditional output, security settings, logging options, enabling of special features, and specifications for Elastic Agent upgrades.

An elastic-agent.yml file is modular: You can combine input, output, and all other settings to enable the Integrations to use with Elastic Agent. Refer to Create a standalone Elastic Agent policy for the steps to download the settings to use as a starting point, and then refer to the following examples to learn about the available settings:

Config file components

edit

The following categories include the most common settings used to configure standalone Elastic Agent. Follow each link for more detail and examples.

Inputs
Specify how Elastic Agent locates and processes input data.
Providers
Specify the key-value pairs used for variable substitution and conditionals in Elastic Agent output.
Outputs
Specify where Elastic Agent sends data.
SSL/TLS
Configure SSL including SSL protocols and settings for certificates and keys.
Logging
Configure the Elastic Agent logging output.
Feature flags
Configure any experiemental features in Elastic Agent. These are disabled by default.
Agent download
Specify the location of required artifacts and other settings used for Elastic Agent upgrades.