Structure of a config file

The elastic-agent.yml policy file contains all of the settings that determine how Elastic Agent runs. The most important and commonly used settings are described here, including input and output options, providers used for variables and conditional output, security settings, logging options, enabling of special features, and specifications for Elastic Agent upgrades.

An elastic-agent.yml file is modular: You can combine input, output, and all other settings to enable the Integrations to use with Elastic Agent. Refer to Create a standalone Elastic Agent policy for the steps to download the settings to use as a starting point, and then refer to the following examples to learn about the available settings:

Config file components

edit

The following categories include the most common settings used to configure standalone Elastic Agent. Follow each link for more detail and examples.

Inputs: Specify how Elastic Agent locates and processes input data.
Providers: Specify the key-value pairs used for variable substitution and conditionals in Elastic Agent output.
Outputs: Specify where Elastic Agent sends data.
SSL/TLS: Configure SSL including SSL protocols and settings for certificates and keys.
Logging: Configure the Elastic Agent logging output.
Feature flags: Configure any experiemental features in Elastic Agent. These are disabled by default.
Agent download: Specify the location of required artifacts and other settings used for Elastic Agent upgrades.

« Create a standalone Elastic Agent policy Configure inputs for standalone Elastic Agents »