host

(string) Defines the host and port the server is listening on. Use unix:/path/to.sock to listen on a unix domain socket.

Default: localhost:8200

secret_token

(string) Authorization token for sending APM data. The same token must also be set in each APM agent. This token is not used for RUM endpoints.

Default: No secret token set

max_event_bytes

(int) Maximum permitted size of an event accepted by the server to be processed (in Bytes).

Default: 307200 Bytes

default_service_environment

(string) The default service environment for events without a defined service environment.

capture_personal_data

(bool) Capture personal data such as IP or User Agent. If true, APM Server captures the IP of the instrumented service and its User Agent if any.

Default: true

anonymous_enabled

(bool) Enable or disable anonymous authentication.

Default: true (enabled)

anonymous_allow_agent

(array) A list of permitted APM agent names for anonymous authentication. Names in this list must match the agent’s agent.name.

Default: [rum-js, js-base, iOS/swift] (only RUM and iOS/Swift agent events are accepted)

anonymous_allow_service

(array) A list of permitted service names for anonymous authentication. Names in this list must match the agent’s service.name. This can be used to limit the number of service-specific indices or data streams created.

Default: Not set (any service name is accepted)

anonymous_rate_limit_event_limit

(int) The maximum amount of events allowed to be sent to the APM Server anonymous auth endpoint per IP per second.

Default: 10

anonymous_rate_limit_ip_limit

(int) The number of unique IP addresses to track in an LRU cache. IP addresses in the cache will be rate limited according to the anonymous_rate_limit_event_limit setting. Consider increasing this default if your application has many concurrent clients.

Default: 10000

enable_rum

(bool) Enables and disables Real User Monitoring (RUM).

Default: false (disabled)

rum_allow_origins

(string) A list of permitted origins for RUM support. User-agents send an Origin header that will be validated against this list. This is done automatically by modern browsers as part of the CORS specification. An origin is made of a protocol scheme, host and port, without the URL path.

Default: ["*"] (allows everything)

rum_allow_headers

(string) By default, HTTP requests made from the RUM agent to the APM integration are limited in the HTTP headers they are allowed to have. If any other headers are added, the request will be rejected by the browser due to Cross-Origin Resource Sharing (CORS) restrictions. If you need to add extra headers to these requests, use this configuration to allow additional headers.

The default list of values includes "Content-Type", "Content-Encoding", and "Accept". Configured values are appended to the default list and used as the value for the Access-Control-Allow-Headers header.

rum_response_headers

(yaml) Custom HTTP headers to add to RUM responses. For example, for security policy compliance.

api_key_enabled

(bool) Enable or disable API key authorization between APM Server and APM agents.

Default: false (disabled)

api_key_limit

(int) Each unique API key triggers one request to Elasticsearch. This setting restricts the number of unique API keys are allowed per minute. The minimum value for this setting should be the number of API keys configured in your monitored services.

Default: 100

sourcemap_api_key

(string) RUM API key for sourcemaps. Formatted as <Id>:<API Key>.

kibana_api_key

(string) API Key for APM central configuration feature. Formatted as <Id>:<API Key>.