APM Server command referenceedit

APM Server provides a command-line interface for starting APM Server and performing common tasks, like testing configuration files.

The command-line also supports global flags for controlling global behaviors.

Use sudo to run the following commands if:

  • the config file is owned by root, or
  • APM Server is configured to capture data that requires root access

Some of the features described here require an Elastic license. For more information, see https://www.elastic.co/subscriptions and License Management.

Commands

apikey

Manage API Keys for communication between APM agents and server..

export

Exports the configuration, index template, or ILM policy to stdout.

help

Shows help for any command.

keystore

Manages the secrets keystore.

run

Runs APM Server. This command is used by default if you start APM Server without specifying a command.

setup

Sets up the initial environment, including the ES index template, and ILM policy and write alias.

test

Tests the configuration.

version

Shows information about the current version.

Also see Global flags.

apikey commandedit

This functionality is experimental and may be changed or removed completely in a future release. Elastic will take a best effort approach to fix any issues, but experimental features are not subject to the support SLA of official GA features.

Communication between APM agents and APM Server now supports sending an API Key in the Authorization header. APM Server provides an apikey command that can create, verify, invalidate, and show information about API Keys for agent/server communication. Most operations require the manage_api_key cluster privilege, and you must ensure that apm-server.api_key or output.elasticsearch are configured appropriately.

SYNOPSIS

apm-server apikey SUBCOMMAND [FLAGS]

SUBCOMMANDS

create

Create an API Key with the specified privilege(s). No required flags.

The user requesting to create an API Key needs to have APM privileges used by the APM Server. A superuser, by default, has these privileges. For other users, you can create them. Create a role that is then assigned to the user:

PUT /_security/role/apm-privileges {
	"applications": [{
	  "application": "apm",
	  "privileges": ["sourcemap:write", "event:write", "config_agent:read"],
	  "resources": ["*"]
	}]
}
info
Query API Key(s). --id or --name required.
invalidate
Invalidate API Key(s). --id or --name required.
verify
Check if a credentials string has the given privilege(s). --credentials required.

FLAGS

--agent-config
Required for agents to read configuration remotely. Valid with the create and verify subcommands. When used with create, gives the config_agent:read privilege to the created key. When used with verify, asks for the config_agent:read privilege.
--credentials CREDS
Required for the verify subcommand. Specifies the credentials for which to to check privileges. Credentials are the base64 encoded representation of the API key’s id:name.
--expiration TIME
When used with create, specifies the expiration for the key, e.g., "1d" (default never).
--id ID
ID of the API key. Valid with the info and invalidate subcommands. When used with info, queries the specified ID. When used with invalidate, deletes the specified ID.
--ingest
Required for ingesting events. Valid with the create and verify subcommands. When used with create, gives the event:write privilege to the created key. When used with verify, asks for the event:write privilege.
--json
Prints the output of the command as JSON. Valid with all apikey subcommands.
--name NAME
Name of the API key(s). Valid with the create, info, and invalidate subcommands. When used with create, specifies the name of the API key to be created (default: "apm-key"). When used with info, specifies the API key to query (multiple matches are possible). When used with invalidate, specifies the API key to delete (multiple matches are possible).
--sourcemap
Required for uploading sourcemaps. Valid with the create and verify subcommands. When used with create, gives the sourcemap:write privilege to the created key. When used with verify, asks for the sourcemap:write privilege.
--valid-only
When used with info, only returns valid API Keys (not expired or invalidated).

Also see Global flags.

EXAMPLES

apm-server apikey create --ingest --agent-config --name example-001
apm-server apikey info --name example-001 --valid-only
apm-server apikey invalidate --name example-001

For more information, see API keys.

export commandedit

Exports the configuration, index template, or ILM policy to stdout. You can use this command to quickly view your configuration or see the contents of the index template or the ILM policy.

SYNOPSIS

apm-server export SUBCOMMAND [FLAGS]

SUBCOMMANDS

config
Exports the current configuration to stdout. If you use the -c flag, this command exports the configuration that’s defined in the specified file.
template
Exports the index template to stdout. You can specify the --es.version and --index flags to further define what gets exported. Furthermore you can export the template to a file instead of stdout by defining a directory via --dir.
ilm-policy
Exports the index lifecycle management policy to stdout. You can specify the --es.version and a --dir to which the policy should be exported as a file rather than exporting to stdout.

FLAGS

--es.version VERSION
When used with template, exports an index template that is compatible with the specified version. When used with ilm-policy, exports the ILM policy if the specified ES version is enabled for ILM.
-h, --help
Shows help for the export command.
--index BASE_NAME
When used with template, sets the base name to use for the index template. If this flag is not specified, the default base name is apm-server.
--dir DIRNAME
Define a directory to which the template and ILM policy should be exported to as files instead of printing them to stdout.

Also see Global flags.

EXAMPLES

apm-server export config
apm-server export template --es.version 7.8.1 --index myindexname

help commandedit

Shows help for any command. If no command is specified, shows help for the run command.

SYNOPSIS

apm-server help COMMAND_NAME [FLAGS]
COMMAND_NAME
Specifies the name of the command to show help for.

FLAGS

-h, --help
Shows help for the help command.

Also see Global flags.

EXAMPLE

apm-server help export

keystore commandedit

Manages the secrets keystore.

SYNOPSIS

apm-server keystore SUBCOMMAND [FLAGS]

SUBCOMMANDS

add KEY
Adds the specified key to the keystore. Use the --force flag to overwrite an existing key. Use the --stdin flag to pass the value through stdin.
create
Creates a keystore to hold secrets. Use the --force flag to overwrite the existing keystore.
list
Lists the keys in the keystore.
remove KEY
Removes the specified key from the keystore.

FLAGS

--force
Valid with the add and create subcommands. When used with add, overwrites the specified key. When used with create, overwrites the keystore.
--stdin
When used with add, uses the stdin as the source of the key’s value.
-h, --help
Shows help for the keystore command.

Also see Global flags.

EXAMPLES

apm-server keystore create
apm-server keystore add ES_PWD
apm-server keystore remove ES_PWD
apm-server keystore list

See Secrets keystore for more examples.

run commandedit

Runs APM Server. This command is used by default if you start APM Server without specifying a command.

SYNOPSIS

apm-server run [FLAGS]

Or:

apm-server [FLAGS]

FLAGS

-N, --N
Disables publishing for testing purposes. This option disables all outputs except the File output.
--cpuprofile FILE
Writes CPU profile data to the specified file. This option is useful for troubleshooting APM Server.
-h, --help
Shows help for the run command.
--httpprof [HOST]:PORT
Starts an http server for profiling. This option is useful for troubleshooting and profiling APM Server.
--memprofile FILE
Writes memory profile data to the specified output file. This option is useful for troubleshooting APM Server.

Also see Global flags.

EXAMPLE

apm-server run -e

Or:

apm-server -e

setup commandedit

Sets up the initial environment, including the ES index template, and ILM policy and write alias

  • The index template ensures that fields are mapped correctly in Elasticsearch. If index lifecycle management is enabled it also ensures that the defined ILM policy and write alias are connected to the indices matching the index template. The ILM policy takes care of the lifecycle of an index, when to do a rollover, when to move an index from the hot phase to the next phase, etc.

This command sets up the environment without actually running APM Server and ingesting data.

SYNOPSIS

apm-server setup [FLAGS]

FLAGS

-h, --help
Shows help for the setup command.
--index-management
Sets up components related to Elasticsearch index management including template, ILM policy, and write alias (if supported and configured).
--pipelines
Registers the pipeline definitions set in ingest/pipeline/definition.json.
--template
[7.2] Deprecated in 7.2. Sets up the index template only. It is recommended to use --index-management instead.
--ilm-policy
[7.2] Deprecated in 7.2. Sets up the index lifecycle management policy. It is recommended to use --index-management instead.

Also see Global flags.

EXAMPLES

apm-server setup --index-management
apm-server setup --pipelines

test commandedit

Tests the configuration.

SYNOPSIS

apm-server test SUBCOMMAND [FLAGS]

SUBCOMMANDS

config
Tests the configuration settings.
output
Tests that APM Server can connect to the output by using the current settings.

FLAGS

-h, --help
Shows help for the test command.

Also see Global flags.

EXAMPLE

apm-server test config

version commandedit

Shows information about the current version.

SYNOPSIS

apm-server version [FLAGS]

FLAGS

-h, --help
Shows help for the version command.

Also see Global flags.

EXAMPLE

apm-server version

Global flagsedit

These global flags are available whenever you run APM Server.

-E, --E "SETTING_NAME=VALUE"

Overrides a specific configuration setting. You can specify multiple overrides. For example:

apm-server -E "name=mybeat" -E "output.elasticsearch.hosts=['http://myhost:9200']"

This setting is applied to the currently running APM Server process. The APM Server configuration file is not changed.

-c, --c FILE
Specifies the configuration file to use for APM Server. The file you specify here is relative to path.config. If the -c flag is not specified, the default config file, apm-server.yml, is used.
-d, --d SELECTORS
Enables debugging for the specified selectors. For the selectors, you can specify a comma-separated list of components, or you can use -d "*" to enable debugging for all components. For example, -d "publish" displays all the "publish" related messages.
-e, --e
Logs to stderr and disables syslog/file output.
-environment
For logging purposes, specifies the environment that APM Server is running in. This setting is used to select a default log output when no log output is configured. Supported values are: systemd, container, macos_service, and windows_service. If systemd or container is specified, APM Server will log to stdout and stderr by default.
--path.config
Sets the path for configuration files. See the Directory layout section for details.
--path.data
Sets the path for data files. See the Directory layout section for details.
--path.home
Sets the path for miscellaneous files. See the Directory layout section for details.
--path.logs
Sets the path for log files. See the Directory layout section for details.
--strict.perms
Sets strict permission checking on configuration files. The default is -strict.perms=true. See Configuration file ownership for more information.
-v, --v
Logs INFO-level messages.