- Fleet and Elastic Agent Guide: other versions:
- Fleet and Elastic Agent overview
- Beats and Elastic Agent capabilities
- Quick starts
- Migrate from Beats to Elastic Agent
- Deployment models
- Install Elastic Agents
- Install Fleet-managed Elastic Agents
- Install standalone Elastic Agents
- Install Elastic Agents in a containerized environment
- Run Elastic Agent in a container
- Run Elastic Agent on Kubernetes managed by Fleet
- Install Elastic Agent on Kubernetes using Helm
- Example: Install standalone Elastic Agent on Kubernetes using Helm
- Example: Install Fleet-managed Elastic Agent on Kubernetes using Helm
- Advanced Elastic Agent configuration managed by Fleet
- Configuring Kubernetes metadata enrichment on Elastic Agent
- Run Elastic Agent on GKE managed by Fleet
- Run Elastic Agent on Amazon EKS managed by Fleet
- Run Elastic Agent on Azure AKS managed by Fleet
- Run Elastic Agent Standalone on Kubernetes
- Scaling Elastic Agent on Kubernetes
- Using a custom ingest pipeline with the Kubernetes Integration
- Environment variables
- Run Elastic Agent as an OTel Collector
- Run Elastic Agent without administrative privileges
- Install Elastic Agent from an MSI package
- Installation layout
- Air-gapped environments
- Using a proxy server with Elastic Agent and Fleet
- Uninstall Elastic Agents from edge hosts
- Start and stop Elastic Agents on edge hosts
- Elastic Agent configuration encryption
- Secure connections
- Manage Elastic Agents in Fleet
- Configure standalone Elastic Agents
- Create a standalone Elastic Agent policy
- Structure of a config file
- Inputs
- Providers
- Outputs
- SSL/TLS
- Logging
- Feature flags
- Agent download
- Config file examples
- Grant standalone Elastic Agents access to Elasticsearch
- Example: Use standalone Elastic Agent with Elastic Cloud Serverless to monitor nginx
- Example: Use standalone Elastic Agent with Elasticsearch Service to monitor nginx
- Debug standalone Elastic Agents
- Kubernetes autodiscovery with Elastic Agent
- Monitoring
- Reference YAML
- Manage integrations
- Package signatures
- Add an integration to an Elastic Agent policy
- View integration policies
- Edit or delete an integration policy
- Install and uninstall integration assets
- View integration assets
- Set integration-level outputs
- Upgrade an integration
- Managed integrations content
- Best practices for integration assets
- Data streams
- Define processors
- Processor syntax
- add_cloud_metadata
- add_cloudfoundry_metadata
- add_docker_metadata
- add_fields
- add_host_metadata
- add_id
- add_kubernetes_metadata
- add_labels
- add_locale
- add_network_direction
- add_nomad_metadata
- add_observer_metadata
- add_process_metadata
- add_tags
- community_id
- convert
- copy_fields
- decode_base64_field
- decode_cef
- decode_csv_fields
- decode_duration
- decode_json_fields
- decode_xml
- decode_xml_wineventlog
- decompress_gzip_field
- detect_mime_type
- dissect
- dns
- drop_event
- drop_fields
- extract_array
- fingerprint
- include_fields
- move_fields
- parse_aws_vpc_flow_log
- rate_limit
- registered_domain
- rename
- replace
- script
- syslog
- timestamp
- translate_sid
- truncate_fields
- urldecode
- Command reference
- Troubleshoot
- Release notes
Configure inputs for standalone Elastic Agents
editConfigure inputs for standalone Elastic Agents
editThe inputs
section of the elastic-agent.yml
file specifies how Elastic Agent locates and processes input data.
Sample metrics input configuration
editBy default Elastic Agent collects system metrics, such as CPU, memory, network, and file system metrics, and sends them to the default output. For example, to define datastreams for cpu
, memory
, network
and filesystem
metrics, this is the configuration:
- type: system/metrics id: unique-system-metrics-id data_stream.namespace: default use_output: default streams: - metricsets: - cpu data_stream.dataset: system.cpu - metricsets: - memory data_stream.dataset: system.memory - metricsets: - network data_stream.dataset: system.network - metricsets: - filesystem data_stream.dataset: system.filesystem
The name of the input. Refer to Elastic Agent inputs for the list of what’s available. |
|
A unique ID for the input. |
|
A user-defined namespace. |
|
The name of the |
|
The set of enabled module metricsets. Refer to the Metricbeat System module for a list of available options. The metricset fields can be configured. |
|
A user-defined dataset. It can contain anything that makes sense to signify the source of the data. |
Sample log files input configuration
editTo enable Elastic Agent to collect log files, you can use a configuration like the following.
- type: filestream id: your-input-id streams: - id: your-filestream-stream-id data_stream: dataset: generic paths: - /var/log/*.log
The name of the input. Refer to Elastic Agent inputs for the list of what’s available. |
|
A unique ID for the input. |
|
A unique ID for the data stream to track the state of the ingested files. |
|
The streams block is required only if multiple streams are used on the same input. Refer to the Filebeat filestream documentation for a list of available options. Also, specifically for the |
The input in this example harvests all files in the path /var/log/*.log
, that is, all logs in the directory /var/log/
that end with .log
. All patterns supported by Go Glob are also supported here.
To fetch all files from a predefined level of subdirectories, use this pattern:
/var/log/*/*.log
. This fetches all .log
files from the subfolders of /var/log
. It does not fetch log files from the /var/log
folder itself.
Currently it is not possible to recursively fetch all files in all subdirectories of a directory.