Fleet UI settings

edit

The settings described here are configurable through the Fleet UI. Refer to Fleet settings in Kibana for a list of settings that you can configure in the kibana.yml configuration file.

On the Settings tab in Fleet, you can configure global settings available to all Elastic Agents enrolled in Fleet. This includes Fleet Server hosts and output settings.

Fleet Server host settings

edit

Click Edit hosts and specify the host URLs your Elastic Agents will use to connect to a Fleet Server. This setting is required. On self-managed clusters, you must specify one or more URLs.

Not sure if Fleet Server is running? Refer to Add a Fleet Server.

On Elastic Cloud, this field is populated automatically. If you are using Azure Private Link, GCP Private Service Connect, or AWS PrivateLink and enrolling the Elastic Agent with a private link URL, ensure that this setting is configured. Otherwise, Elastic Agent will reset to use a default address instead of the private link URL.

If a URL is specified without a port, Kibana sets the port to 80 (http) or 443 (https).

By default, Fleet Server is typically exposed on the following ports:

8220
Default Fleet Server port for self-managed clusters
443 or 9243
Default Fleet Server port for Elastic Cloud. View the Fleet Settings tab to find the actual port that’s used.

The exposed ports must be open for ingress and egress in the firewall and networking rules on the host to allow Elastic Agents to communicate with Fleet Server.

Specify multiple URLs (click Add row) to scale out your deployment and provide automatic failover. If multiple URLs exist, Fleet shows the first provided URL for enrollment purposes. Enrolled Elastic Agents will connect to the URLs in round robin order until they connect successfully.

When a Fleet Server is added or removed from the list, all agent policies are updated automatically.

Examples:

  • https://192.0.2.1:8220
  • https://abae718c1276457893b1096929e0f557.fleet.eu-west-1.aws.qa.cld.elstc.co:443
  • https://[2001:db8::1]:8220

Output settings

edit

Add or edit output settings to specify where Elastic Agents send data. Elastic Agents use the default output if you don’t select an output in the agent policy.

The Elastic Cloud internal output is locked and cannot be edited. This output is used for internal routing to reduce external network charges when using the Elastic Cloud agent policy. It also provides visibility for troubleshooting on Elastic Cloud Enterprise.

To add or edit an output:

  1. Click Add output or Edit.
  2. Set the output name and type.
  3. Specify settings for the output type you selected:

Elasticsearch output settings
edit

Specify these settings to send data over a secure connection to Elasticsearch.

Hosts

The Elasticsearch URLs where Elastic Agents will send data. By default, Elasticsearch is exposed on the following ports:

9200
Default Elasticsearch port for self-managed clusters
443
Default Elasticsearch port for Elastic Cloud

Examples:

  • https://192.0.2.0:9200
  • https://1d7a52f5eb344de18ea04411fe09e564.fleet.eu-west-1.aws.qa.cld.elstc.co:443
  • https://[2001:db8::1]:9200

Elasticsearch CA trusted fingerprint

HEX encoded SHA-256 of a CA certificate. If this certificate is present in the chain during the handshake, it will be added to the certificate_authorities list and the handshake will continue normally. To learn more about trusted fingerprints, refer to the Elasticsearch security documentation.

Advanced YAML configuration

YAML settings that will be added to the Elasticsearch output section of each policy that uses this output. Make sure you specify valid YAML. The UI does not currently provide validation.

Make this output the default for agent integrations

When this setting is on, Elastic Agents use this output to send data if no other output is set in the agent policy.

Make this output the default for agent monitoring

When this setting is on, Elastic Agents use this output to send agent monitoring data if no other output is set in the agent policy.

Sending monitoring data to a remote Elasticsearch cluster is currently not supported.

Logstash output settings
edit

This functionality is in beta and is subject to change. The design and code is less mature than official GA features and is being provided as-is with no warranties. Beta features are not subject to the support SLA of official GA features.

Specify these settings to send data over a secure connection to Logstash. You must also configure a Logstash pipeline that reads encrypted data from Elastic Agents and sends the data to Elasticsearch. Follow the in-product steps to configure the Logstash pipeline.

To learn how to generate certificates, refer to Configure SSL/TLS for the Logstash output.

Logstash hosts

The addresses your Elastic Agents will use to connect to Logstash. Use the format host:port. Click add row to specify additional Logstash addresses.

Examples:

  • 192.0.2.0:5044
  • mylogstashhost:5044

Server SSL certificate authorities

The CA certificate to use to connect to Logstash. This is the CA used to generate the certificate and key for Logstash. Copy and paste in the full contents for the CA certificate.

This setting is optional.

Client SSL certificate

The certificate generated for the client. Copy and paste in the full contents of the certificate.

Client SSL certificate key

The private key generated for the client. This must be in PKCS 8 key. Copy and paste in the full contents of the certificate key.

Advanced YAML configuration

YAML settings that will be added to the Logstash output section of each policy that uses this output. Make sure you specify valid YAML. The UI does not currently provide validation.

Make this output the default for agent integrations

When this setting is on, Elastic Agents use this output to send data if no other output is set in the agent policy.

Make this output the default for agent monitoring

When this setting is on, Elastic Agents use this output to send agent monitoring data if no other output is set in the agent policy.