This documentation refers to configuring the standalone (legacy) APM Server. This method of running APM Server will be deprecated and removed in a future release. Please consider upgrading to Fleet and the APM integration.
The Elasticsearch output sends events directly to Elasticsearch using the Elasticsearch HTTP API.
When sending data to a secured cluster through the
output, APM Server can use any of the following authentication methods:
- Basic authentication credentials (username and password).
- Token-based (API key) authentication.
- Public Key Infrastructure (PKI) certificates.
output.elasticsearch: hosts: ["https://myEShost:9200"] username: "apm_writer" password: "YOUR_PASSWORD"
API key authentication:
output.elasticsearch: hosts: ["https://myEShost:9200"] api_key: "KnR6yE41RrSowb0kQ0HWoA"
PKI certificate authentication:
output.elasticsearch: hosts: ["https://myEShost:9200"] ssl.certificate: "/etc/pki/client/cert.pem" ssl.key: "/etc/pki/client/cert.key"
See Secure communication with Elasticsearch for details on each authentication method.
This output works with all compatible versions of Elasticsearch. See the Elastic Support Matrix.
You can specify the following options in the
elasticsearch section of the
apm-server.yml config file:
The enabled config is a boolean setting to enable or disable the output. If set
false, the output is disabled.
The default value is
The list of Elasticsearch nodes to connect to. The events are distributed to
these nodes in round robin order. If one node becomes unreachable, the event is
automatically sent to another node. Each Elasticsearch node can be defined as a
If no port is specified,
9200 is used.
output.elasticsearch: hosts: ["10.45.3.2:9220", "10.45.3.1:9230"] protocol: https path: /elasticsearch
In the previous example, the Elasticsearch nodes are available at
The gzip compression level. Setting this value to
0 disables compression.
The compression level must be in the range of
1 (best speed) to
9 (best compression).
Increasing the compression level will reduce the network usage but will increase the CPU usage.
The default value is
Configure escaping of HTML in strings. Set to
true to enable escaping.
The default value is
Instead of using a username and password, you can use API keys to secure communication
with Elasticsearch. The value must be the ID of the API key and the API key joined by a colon:
See Grant access using API keys for more information.
The basic authentication username for connecting to Elasticsearch.
This user needs the privileges required to publish events to Elasticsearch. To create a user like this, see Create a writer user.
The basic authentication password for connecting to Elasticsearch.
Dictionary of HTTP parameters to pass within the URL with index operations.
The name of the protocol Elasticsearch is reachable on. The options are:
https. The default is
http. However, if you specify a URL for
hosts, the value of
protocol is overridden by whatever scheme you
specify in the URL.
An HTTP path prefix that is prepended to the HTTP API calls. This is useful for the cases where Elasticsearch listens behind an HTTP reverse proxy that exports the API under a custom prefix.
Custom HTTP headers to add to each request created by the Elasticsearch output. Example:
output.elasticsearch.headers: X-My-Header: Header contents
It is possible to specify multiple header values for the same header name by separating them with a comma.
The URL of the proxy to use when connecting to the Elasticsearch servers. The value may be either a complete URL or a "host[:port]", in which case the "http" scheme is assumed. If a value is not specified through the configuration file then proxy environment variables are used. See the Go documentation for more information about the environment variables.
The number of times to retry publishing an event after a publishing failure. After the specified number of retries, the events are typically dropped.
max_retries to a value less than 0 to retry until all events are published.
The default is 3.
The bulk request size threshold, in bytes, before flushing to Elasticsearch.
The value must have a suffix, e.g.
"1MB". The default is
The maximum duration to accumulate events for a bulk request before being flushed to Elasticsearch.
The value must have a duration suffix, e.g.
"5s". The default is
The number of seconds to wait before trying to reconnect to Elasticsearch after
a network error. After waiting
backoff.init seconds, APM Server tries to
reconnect. If the attempt fails, the backoff timer is increased exponentially up
backoff.max. After a successful connection, the backoff timer is reset. The
The maximum number of seconds to wait before attempting to connect to
Elasticsearch after a network error. The default is
The HTTP request timeout in seconds for the Elasticsearch request. The default is 90.
Configuration options for SSL parameters like the certificate authority to use
for HTTPS-based connections. If the
ssl section is missing, the host CAs are used for HTTPS connections to
See the secure communication with Elasticsearch guide or SSL configuration reference for more information.
Intro to Kibana
ELK for Logs & Metrics