APM Server command reference
editAPM Server command reference
editThese commands only apply to the APM Server binary installation method.
APM Server provides a command-line interface for starting APM Server and performing common tasks, like testing configuration files.
The command-line also supports global flags for controlling global behaviors.
Use sudo
to run the following commands if:
-
the config file is owned by
root
, or -
APM Server is configured to capture data that requires
root
access
Some of the features described here require an Elastic license. For more information, see https://www.elastic.co/subscriptions and License Management.
Commands | |
---|---|
Manage API Keys for communication between APM agents and server. Deprecated in 8.6.0.Users should create API Keys through Kibana or the Elasticsearch REST API. See API keys. |
|
Exports the configuration, index template, or ILM policy to stdout. |
|
Shows help for any command. |
|
Manages the secrets keystore. |
|
Runs APM Server. This command is used by default if you start APM Server without specifying a command. |
|
Tests the configuration. |
|
Shows information about the current version. |
Also see Global flags.
apikey
command
editThis functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
Deprecated in 8.6.0.
Users should create API Keys through Kibana or the Elasticsearch REST API. See API keys.
Communication between APM agents and APM Server now supports sending an
API Key in the Authorization header.
APM Server provides an apikey
command that can create, verify, invalidate,
and show information about API Keys for agent/server communication.
Most operations require the manage_own_api_key
cluster privilege,
and you must ensure that apm-server.api_key
or output.elasticsearch
are configured appropriately.
SYNOPSIS
apm-server apikey SUBCOMMAND [FLAGS]
SUBCOMMAND
-
create
-
Create an API Key with the specified privilege(s). No required flags.
The user requesting to create an API Key needs to have APM privileges used by the APM Server. A superuser, by default, has these privileges.
Expand for more information on assigning these privileges to other users
To create an APM Server user with the required privileges for creating and managing API keys:
-
Create an API key role, called something like
apm_api_key
, that has the followingcluster
level privileges:Privilege Purpose manage_own_api_key
Allow APM Server to create, retrieve, and invalidate API keys
-
Depending on what the API key role will be used for, also assign the appropriate
apm
application-level privileges:-
To receive Agent configuration, assign
config_agent:read
. -
To ingest agent data, assign
event:write
. -
To upload source maps, assign
sourcemap:write
.
-
To receive Agent configuration, assign
-
-
info
-
Query API Key(s).
--id
or--name
required. -
invalidate
-
Invalidate API Key(s).
--id
or--name
required. -
verify
-
Check if a credentials string has the given privilege(s).
--credentials
required.
FLAGS
-
--agent-config
-
Required for agents to read configuration remotely. Valid with the
create
andverify
subcommands. When used withcreate
, gives theconfig_agent:read
privilege to the created key. When used withverify
, asks for theconfig_agent:read
privilege. -
--credentials CREDS
-
Required for the
verify
subcommand. Specifies the credentials for which to check privileges. Credentials are the base64 encoded representation of the API key’sid:api_key
. -
--expiration TIME
-
When used with
create
, specifies the expiration for the key, e.g., "1d" (default never). -
--id ID
-
ID of the API key. Valid with the
info
andinvalidate
subcommands. When used withinfo
, queries the specified ID. When used withinvalidate
, deletes the specified ID. -
--ingest
-
Required for ingesting events. Valid with the
create
andverify
subcommands. When used withcreate
, gives theevent:write
privilege to the created key. When used withverify
, asks for theevent:write
privilege. -
--json
-
Prints the output of the command as JSON.
Valid with all
apikey
subcommands. -
--name NAME
-
Name of the API key(s). Valid with the
create
,info
, andinvalidate
subcommands. When used withcreate
, specifies the name of the API key to be created (default: "apm-key"). When used withinfo
, specifies the API key to query (multiple matches are possible). When used withinvalidate
, specifies the API key to delete (multiple matches are possible). -
--sourcemap
-
Required for uploading source maps. Valid with the
create
andverify
subcommands. When used withcreate
, gives thesourcemap:write
privilege to the created key. When used withverify
, asks for thesourcemap:write
privilege. -
--valid-only
-
When used with
info
, only returns valid API Keys (not expired or invalidated).
Also see Global flags.
EXAMPLES
apm-server apikey create --ingest --agent-config --name example-001 apm-server apikey info --name example-001 --valid-only apm-server apikey invalidate --name example-001
For more information, see API keys.
export
command
editExports the configuration, index template, or ILM policy to stdout. You can use this command to quickly view your configuration or see the contents of the index template or the ILM policy.
SYNOPSIS
apm-server export SUBCOMMAND [FLAGS]
SUBCOMMAND
-
config
-
Exports the current configuration to stdout. If you use the
-c
flag, this command exports the configuration that’s defined in the specified file. -
template
-
Exports the index template to stdout. You can specify the
--es.version
and--index
flags to further define what gets exported. Furthermore you can export the template to a file instead ofstdout
by defining a directory via--dir
.
-
ilm-policy
-
Exports the index lifecycle management policy to stdout. You can specify the
--es.version
and a--dir
to which the policy should be exported as a file rather than exporting tostdout
.
FLAGS
-
--es.version VERSION
-
When used with
template
, exports an index template that is compatible with the specified version. When used withilm-policy
, exports the ILM policy if the specified ES version is enabled for ILM. -
-h, --help
-
Shows help for the
export
command. -
--index BASE_NAME
-
When used with
template
, sets the base name to use for the index template. If this flag is not specified, the default base name isapm-server
. -
--dir DIRNAME
-
Define a directory to which the template and ILM policy should be exported to
as files instead of printing them to
stdout
.
Also see Global flags.
EXAMPLES
apm-server export config apm-server export template --es.version 8.14.3 --index myindexname
help
command
editShows help for any command.
If no command is specified, shows help for the run
command.
SYNOPSIS
apm-server help COMMAND_NAME [FLAGS]
-
COMMAND_NAME
- Specifies the name of the command to show help for.
FLAGS
-
-h, --help
-
Shows help for the
help
command.
Also see Global flags.
EXAMPLE
apm-server help export
keystore
command
editManages the secrets keystore.
SYNOPSIS
apm-server keystore SUBCOMMAND [FLAGS]
SUBCOMMAND
-
add KEY
-
Adds the specified key to the keystore. Use the
--force
flag to overwrite an existing key. Use the--stdin
flag to pass the value throughstdin
. -
create
-
Creates a keystore to hold secrets. Use the
--force
flag to overwrite the existing keystore. -
list
- Lists the keys in the keystore.
-
remove KEY
- Removes the specified key from the keystore.
FLAGS
-
--force
-
Valid with the
add
andcreate
subcommands. When used withadd
, overwrites the specified key. When used withcreate
, overwrites the keystore. -
--stdin
-
When used with
add
, uses the stdin as the source of the key’s value. -
-h, --help
-
Shows help for the
keystore
command.
Also see Global flags.
EXAMPLES
apm-server keystore create apm-server keystore add ES_PWD apm-server keystore remove ES_PWD apm-server keystore list
See Secrets keystore for more examples.
run
command
editRuns APM Server. This command is used by default if you start APM Server without specifying a command.
SYNOPSIS
apm-server run [FLAGS]
Or:
apm-server [FLAGS]
FLAGS
-
-N, --N
- Disables publishing for testing purposes.
-
--cpuprofile FILE
- Writes CPU profile data to the specified file. This option is useful for troubleshooting APM Server.
-
-h, --help
-
Shows help for the
run
command. -
--httpprof [HOST]:PORT
- Starts an HTTP server for profiling. This option is useful for troubleshooting and profiling APM Server.
-
--memprofile FILE
- Writes memory profile data to the specified output file. This option is useful for troubleshooting APM Server.
-
--system.hostfs MOUNT_POINT
- Specifies the mount point of the host’s file system for use in monitoring a host.
Also see Global flags.
EXAMPLE
apm-server run -e
Or:
apm-server -e
test
command
editTests the configuration.
SYNOPSIS
apm-server test SUBCOMMAND [FLAGS]
SUBCOMMAND
-
config
- Tests the configuration settings.
-
output
- Tests that APM Server can connect to the output by using the current settings.
FLAGS
-
-h, --help
-
Shows help for the
test
command.
Also see Global flags.
EXAMPLE
apm-server test config
version
command
editShows information about the current version.
SYNOPSIS
apm-server version [FLAGS]
FLAGS
-
-h, --help
-
Shows help for the
version
command.
Also see Global flags.
EXAMPLE
apm-server version
Global flags
editThese global flags are available whenever you run APM Server.
-
-E, --E "SETTING_NAME=VALUE"
-
Overrides a specific configuration setting. You can specify multiple overrides. For example:
apm-server -E "name=mybeat" -E "output.elasticsearch.hosts=['http://myhost:9200']"
This setting is applied to the currently running APM Server process. The APM Server configuration file is not changed.
-
-c, --c FILE
-
Specifies the configuration file to use for APM Server. The file you specify
here is relative to
path.config
. If the-c
flag is not specified, the default config file,apm-server.yml
, is used. -
-d, --d SELECTORS
-
Enables debugging for the specified selectors. For the selectors, you can
specify a comma-separated
list of components, or you can use
-d "*"
to enable debugging for all components. For example,-d "publisher"
displays all the publisher-related messages. -
-e, --e
- Logs to stderr and disables syslog/file output.
-
-environment
-
For logging purposes, specifies the environment that APM Server is running in.
This setting is used to select a default log output when no log output is configured.
Supported values are:
systemd
,container
,macos_service
, andwindows_service
. Ifsystemd
orcontainer
is specified, APM Server will log to stdout and stderr by default. -
--path.config
- Sets the path for configuration files. See the Installation layout section for details.
-
--path.data
- Sets the path for data files. See the Installation layout section for details.
-
--path.home
- Sets the path for miscellaneous files. See the Installation layout section for details.
-
--path.logs
- Sets the path for log files. See the Installation layout section for details.
-
--strict.perms
-
Sets strict permission checking on configuration files. The default is
-strict.perms=true
. See Configuration file ownership for more information. -
-v, --v
- Logs INFO-level messages.