- Fleet and Elastic Agent Guide: other versions:
- Fleet and Elastic Agent overview
- Beats and Elastic Agent capabilities
- Quick starts
- Migrate from Beats to Elastic Agent
- Deployment models
- Install Elastic Agents
- Install Fleet-managed Elastic Agents
- Install standalone Elastic Agents
- Install Elastic Agents in a containerized environment
- Run Elastic Agent in a container
- Run Elastic Agent on Kubernetes managed by Fleet
- Install Elastic Agent on Kubernetes using Helm
- Example: Install standalone Elastic Agent on Kubernetes using Helm
- Example: Install Fleet-managed Elastic Agent on Kubernetes using Helm
- Advanced Elastic Agent configuration managed by Fleet
- Configuring Kubernetes metadata enrichment on Elastic Agent
- Run Elastic Agent on GKE managed by Fleet
- Run Elastic Agent on Amazon EKS managed by Fleet
- Run Elastic Agent on Azure AKS managed by Fleet
- Run Elastic Agent Standalone on Kubernetes
- Scaling Elastic Agent on Kubernetes
- Using a custom ingest pipeline with the Kubernetes Integration
- Environment variables
- Run Elastic Agent as an OTel Collector
- Run Elastic Agent without administrative privileges
- Install Elastic Agent from an MSI package
- Installation layout
- Air-gapped environments
- Using a proxy server with Elastic Agent and Fleet
- Uninstall Elastic Agents from edge hosts
- Start and stop Elastic Agents on edge hosts
- Elastic Agent configuration encryption
- Secure connections
- Manage Elastic Agents in Fleet
- Configure standalone Elastic Agents
- Create a standalone Elastic Agent policy
- Structure of a config file
- Inputs
- Providers
- Outputs
- SSL/TLS
- Logging
- Feature flags
- Agent download
- Config file examples
- Grant standalone Elastic Agents access to Elasticsearch
- Example: Use standalone Elastic Agent with Elastic Cloud Serverless to monitor nginx
- Example: Use standalone Elastic Agent with Elasticsearch Service to monitor nginx
- Debug standalone Elastic Agents
- Kubernetes autodiscovery with Elastic Agent
- Monitoring
- Reference YAML
- Manage integrations
- Package signatures
- Add an integration to an Elastic Agent policy
- View integration policies
- Edit or delete an integration policy
- Install and uninstall integration assets
- View integration assets
- Set integration-level outputs
- Upgrade an integration
- Managed integrations content
- Best practices for integration assets
- Data streams
- Define processors
- Processor syntax
- add_cloud_metadata
- add_cloudfoundry_metadata
- add_docker_metadata
- add_fields
- add_host_metadata
- add_id
- add_kubernetes_metadata
- add_labels
- add_locale
- add_network_direction
- add_nomad_metadata
- add_observer_metadata
- add_process_metadata
- add_tags
- community_id
- convert
- copy_fields
- decode_base64_field
- decode_cef
- decode_csv_fields
- decode_duration
- decode_json_fields
- decode_xml
- decode_xml_wineventlog
- decompress_gzip_field
- detect_mime_type
- dissect
- dns
- drop_event
- drop_fields
- extract_array
- fingerprint
- include_fields
- move_fields
- parse_aws_vpc_flow_log
- rate_limit
- registered_domain
- rename
- replace
- script
- syslog
- timestamp
- translate_sid
- truncate_fields
- urldecode
- Command reference
- Troubleshoot
- Release notes
Required roles and privileges
editRequired roles and privileges
editBeginning with Elastic Stack version 8.1, you no longer require the built-in elastic
superuser credentials to use Fleet and Integrations.
Assigning the Kibana feature privileges Fleet
and Integrations
grants access to these features:
-
all
- Grants full read-write access.
-
read
- Grants read-only access.
The built-in editor
role grants the following privileges, supporting full read-write access to Fleet and Integrations:
-
Fleet:
All
-
Integrations:
All
The built-in viewer
role grants the following privileges, supporting read-only access to Fleet and Integrations:
-
Fleet::
None
-
Integrations::
Read
You can also create a new role that can be assigned to a user to grant access to Fleet and Integrations.
Create a role for Fleet
editTo create a new role with full access to use and manage Fleet and Integrations:
- In Kibana, go to Management → Stack Management.
- In the Security section, select Roles.
- Select Create role.
- Specify a name for the role.
- Leave the Elasticsearch settings at their defaults, or refer to Security privileges for descriptions of the available settings.
- In the Kibana section, select Add Kibana privilege.
- In the Spaces menu, select * All Spaces. Since many Integrations assets are shared across spaces, the users needs the Kibana privileges in all spaces.
- Expand the Management section.
- Set Fleet privileges to All.
- Set Integrations privileges to All.
To create a read-only user for Integrations, follow the same steps as above but set the Fleet privileges to None and the Integrations privileges to Read.
Read-only access to Fleet is not currently supported but is planned for development in a later release.
On this page