Fleet settings in Kibana
editFleet settings in Kibana
editIn Elastic Cloud, Fleet flags are already configured.
You can configure xpack.fleet
settings in your kibana.yml
.
By default, Fleet is enabled. To use Fleet, you also need to configure Kibana and Elasticsearch hosts.
Many Fleet settings can also be configured directly through the Fleet UI. See Fleet UI settings for details.
See the Fleet docs for more information about Fleet.
General Fleet settings
edit-
xpack.fleet.agents.enabled
-
Set to
true
(default) to enable Fleet. -
xpack.fleet.isAirGapped
-
Set to
true
to indicate Fleet is running in an air-gapped environment. Refer to Air-gapped environments for details. Enabling this flag helps Fleet skip needless requests and improve the user experience for air-gapped environments.
Elastic Package Manager settings
edit-
xpack.fleet.registryUrl
- The address to use to reach the Elastic Package Manager registry.
-
xpack.fleet.registryProxyUrl
- The proxy address to use to reach the Elastic Package Manager registry if an internet connection is not directly available. Refer to Air-gapped environments for details.
-
xpack.fleet.packageVerification.gpgKeyPath
- The path on disk to the GPG key used to verify Elastic Package Manager packages. If the Elastic public key is ever reissued as a security precaution, you can use this setting to specify the new key.
Fleet settings
edit-
xpack.fleet.agents.fleet_server.hosts
-
Hostnames used by Elastic Agent for accessing Fleet Server.
If configured in your
kibana.yml
, this setting is grayed out and unavailable in the Fleet UI. To make this setting editable in the UI, do not configure it in the configuration file. -
xpack.fleet.agents.elasticsearch.hosts
- Hostnames used by Elastic Agent for accessing Elasticsearch.
-
xpack.fleet.agents.elasticsearch.ca_sha256
- Hash pin used for certificate verification. The pin is a base64-encoded string of the SHA-256 fingerprint.
Preconfiguration settings (for advanced use cases)
editUse these settings to pre-define integrations, agent policies, and Fleet Server hosts or proxies that you want Fleet to load up by default.
These settings are not supported to pre-configure the Endpoint and Cloud Security integration.
-
xpack.fleet.packages
-
List of integrations that are installed when the Fleet app starts up for the first time.
Required properties of
xpack.fleet.packages
-
name
- Name of the integration from the package registry.
-
version
-
Either an exact semantic version, or the keyword
latest
to fetch the latest integration version.
-
-
xpack.fleet.agentPolicies
-
List of agent policies that are configured when the Fleet app starts.
Required properties of
xpack.fleet.agentPolicies
-
id
- Unique ID for this policy. The ID may be a number or string.
-
name
- Policy name.
Optional properties of
xpack.fleet.agentPolicies
-
description
- Text description of this policy.
-
namespace
- String identifying this policy’s namespace.
-
monitoring_enabled
-
List of keywords that specify the monitoring data to collect. Valid values include
['logs']
,['metrics']
, and['logs', 'metrics']
. -
keep_monitoring_alive
-
If
true
, monitoring will be enabled, but logs/metrics collection will be disabled. Use this if you want to keep agent’s monitoring server alive even when logs/metrics aren’t being collected. -
is_managed
-
If
true
, this policy is not editable by the user and can only be changed by updating the Kibana config. -
is_default
-
If
true
, this policy is the default agent policy. -
is_default_fleet_server
-
If
true
, this policy is the default Fleet Server agent policy. -
data_output_id
-
ID of the output to send data. (Need to be identical to
monitoring_output_id
) -
monitoring_output_id
-
ID of the output to send monitoring data. (Need to be identical to
data_output_id
) -
package_policies
-
List of integration policies to add to this policy.
Properties of
package_policies
-
id
- Unique ID of the integration policy. The ID may be a number or string.
-
name
- (required) Name of the integration policy.
-
package
-
(required) Integration that this policy configures.
Properties of
package
-
name
- Name of the integration associated with this policy.
-
-
description
- Text string describing this integration policy.
-
namespace
- String identifying this policy’s namespace.
-
inputs
-
Map of input for the integration. Follows the same schema as the package policy API inputs, with the exception that any object in
vars
can be passedfrozen: true
in order to prevent that specificvar
from being edited by the user.
-
Example configuration:
xpack.fleet.packages: - name: apache version: 0.5.0 xpack.fleet.agentPolicies: - name: Preconfigured Policy id: preconfigured-policy namespace: test package_policies: - package: name: system name: System Integration namespace: test id: preconfigured-system inputs: system-system/metrics: enabled: true vars: '[system.hostfs]': home/test streams: '[system.core]': enabled: true vars: period: 20s system-winlog: enabled: false
-
-
xpack.fleet.outputs
-
List of outputs that are configured when the Fleet app starts.
Certain types of outputs have additional required and optional settings. Refer to Output settings in the Fleet and Elastic Agent Guide for the full list of settings for each output type.
If configured in your
kibana.yml
, output settings are grayed out and unavailable in the Fleet UI. To make these settings editable in the UI, do not configure them in the configuration file.The
xpack.fleet.outputs
settings are intended for advanced configurations such as having multiple outputs. We recommend not enabling thexpack.fleet.agents.elasticsearch.host
settings when usingxpack.fleet.outputs
.Required properties of
xpack.fleet.outputs
-
id
- Unique ID for this output. The ID should be a string.
-
name
- Output name.
-
type
- Type of Output. Currently we support "elasticsearch", "logstash", "kafka", and "remote_elasticsearch".
-
hosts
- Array that contains the list of host for that output.
Optional properties of
xpack.fleet.outputs
-
is_default
-
If
true
, the output specified inxpack.fleet.outputs
will be the one used to send agent data unless there is another one configured specifically for the agent policy. -
is_default_monitoring
-
If
true
, the output specified inxpack.fleet.outputs
will be the one used to send agent monitoring data unless there is another one configured specifically for the agent policy. -
is_internal
-
If
true
, the output specified inxpack.fleet.outputs
will not appear in the UI, and can only be managed viakibana.yml
or the Fleet API. -
config
- Extra config for that output.
-
proxy_id
- Unique ID of a proxy to access the output.
-
ssl
-
Set to enable authentication using the Secure Sockets Layer (SSL) protocol.
Properties of
ssl
-
certificate
- The SSL certificate that Elastic Agents use to authenticate with the output. Include the full contents of the certificate here.
-
-
secrets
-
Include here any values for preconfigured outputs that should be stored as secrets. A secret value is replaced in the
kibana.yml
settings file with a reference, with the original value stored externally as a secure hash. Note that this type of secret storage requires all configured Fleet Servers to be on version 8.12.0 or later.Properties of
secrets
-
key
: - The private certificate key that Elastic Agents use to authenticate with the output.
-
Example
xpack.fleet.outputs
configuration:xpack.fleet.outputs: - id: my-logstash-output-with-a-secret name: preconfigured logstash output with a secret type: logstash hosts: ["localhost:9999"] ssl: certificate: xxxxxxxxxx secrets: ssl: key: securekey
-
-
xpack.fleet.fleetServerHosts
-
List of Fleet Server hosts that are configured when the Fleet app starts.
Required properties of
xpack.fleet.fleetServerHosts
-
id
- Unique ID for the host server.
-
name
- Name of the host server.
-
host_urls
- Array of one or more host URLs that Elastic Agents will use to connect to Fleet Server.
Optional properties of
xpack.fleet.fleetServerHosts
-
is_default
- Whether or not this host should be the default to use for Fleet Server.
-
is_internal
-
If
true
the host will not appear in the UI, and can only be managed throughkibana.yml
or the Fleet API. -
proxy_id
- Unique ID of the proxy to access the Fleet Server host.
-
-
xpack.fleet.proxy
-
List of proxies to access Fleet Server that are configured when the Fleet app starts.
Required properties of
xpack.fleet.proxy
-
id
- Unique ID of the proxy to access the Fleet Server host.
-
name
- Name of the proxy to access the Fleet Server host.
-
url
- URL that Elastic Agents use to connect to the proxy to access Fleet Server.
Optional properties of
xpack.fleet.proxy
-
proxy_headers
-
Map of headers to use with the proxy.
.Properties of
proxy_headers
Details
-
key
- Key to use for the proxy header.
-
value
- Value to use for the proxy header.
-
certificate_authorities
- Certificate authority (CA) used to issue the certificate.
-
certificate
- The name of the certificate used to authenticate the proxy.
-
certificate_key
- The certificate key used to authenticate the proxy.
-
-
xpack.fleet.enableExperimental
- List of experimental feature flag to enable in Fleet.
Experimental features should not be enabled in production environments. The features in this section are experimental and may be changed or removed completely in future releases. Elastic will make a best effort to fix any issues, but experimental features are not supported to the same level as generally available (GA) features.