Anonymous auth configuration options

Elastic APM agents can send unauthenticated (anonymous) events to the APM Server. This is useful for agents that run on clients, like the Real User Monitoring (RUM) agent running in a browser, or the iOS/Swift agent running in a user application.

Example configuration:

apm-server.auth.anonymous.enabled: true
apm-server.auth.anonymous.allow_agent: [rum-js]
apm-server.auth.anonymous.allow_service: [my_service_name]
apm-server.auth.anonymous.rate_limit.event_limit: 300
apm-server.auth.anonymous.rate_limit.ip_limit: 1000

Anonymous authentication must be enabled to collect RUM data. For this reason, anonymous auth will be enabled automatically if apm-server.rum.enabled is set to true, and apm-server.auth.anonymous.enabled is not explicitly defined.

See Real User Monitoring (RUM) for additional RUM configuration options.

Specify the following options in the apm-server.auth.anonymous section of the apm-server.yml config file:

Enable or disable anonymous authentication.

Default: false (disabled)

A list of permitted APM agent names for anonymous authentication. Names in this list must match the agent’s agent.name.

Default: [rum-js, js-base] (only RUM agent events are accepted)

A list of permitted service names for anonymous authentication. Names in this list must match the agent’s service.name. This can be used to limit the number of service-specific indices or data streams created.

Default: Not set (any service name is accepted)

The number of unique IP addresses to track in an LRU cache. IP addresses in the cache will be rate limited according to the rate_limit.event_limit setting. Consider increasing this default if your application has many concurrent clients.

Default: 1000

The maximum number of events allowed per second, per agent IP address.

Default: 300