Fleet UI settingsedit
The settings described here are configurable through the Fleet UI. Refer to
Fleet settings in Kibana for a list of
settings that you can configure in the kibana.yml configuration file.
On the Settings tab in Fleet, you can configure global settings available to all Elastic Agents enrolled in Fleet. This includes Fleet Server hosts and output settings.
Fleet Server host settingsedit
Click Edit hosts and specify the host URLs your Elastic Agents will use to connect to a Fleet Server. This setting is required. On self-managed clusters, you must specify one or more URLs.
Not sure if Fleet Server is running? Refer to Add a Fleet Server.
On Elastic Cloud, this field is populated automatically. If you are using Azure Private Link, GCP Private Service Connect, or AWS PrivateLink and enrolling the Elastic Agent with a private link URL, ensure that this setting is configured. Otherwise, Elastic Agent will reset to use a default address instead of the private link URL.
If a URL is specified without a port, Kibana sets the port to 80 (http)
or 443 (https).
By default, Fleet Server is typically exposed on the following ports:
-
8220 - Default Fleet Server port for self-managed clusters
-
443or9243 - Default Fleet Server port for Elastic Cloud. View the Fleet Settings tab to find the actual port that’s used.
The exposed ports must be open for ingress and egress in the firewall and networking rules on the host to allow Elastic Agents to communicate with Fleet Server.
Specify multiple URLs (click Add row) to scale out your deployment and provide automatic failover. If multiple URLs exist, Fleet shows the first provided URL for enrollment purposes. Enrolled Elastic Agents will connect to the URLs in round robin order until they connect successfully.
When a Fleet Server is added or removed from the list, all agent policies are updated automatically.
Examples:
-
https://192.0.2.1:8220 -
https://abae718c1276457893b1096929e0f557.fleet.eu-west-1.aws.qa.cld.elstc.co:443 -
https://[2001:db8::1]:8220
Output settingsedit
Add or edit output settings to specify where Elastic Agents send data. Elastic Agents use the default output if you don’t select an output in the agent policy.
The Elastic Cloud internal output is locked and cannot be edited. This output is used for internal routing to reduce external network charges when using the Elastic Cloud agent policy. It also provides visibility for troubleshooting on Elastic Cloud Enterprise.
To add or edit an output:
- Click Add output or Edit.
- Set the output name and type.
-
Specify settings for the output type you selected:
Elasticsearch output settingsedit
Specify these settings to send data over a secure connection to Elasticsearch.
|
The Elasticsearch URLs where Elastic Agents will send data. By default, Elasticsearch is exposed on the following ports:
Examples:
|
|
|
HEX encoded SHA-256 of a CA certificate. If this certificate is
present in the chain during the handshake, it will be added to the
|
|
|
YAML settings that will be added to the Elasticsearch output section of each policy that uses this output. Make sure you specify valid YAML. The UI does not currently provide validation. |
|
|
When this setting is on, Elastic Agents use this output to send data if no other output is set in the agent policy. |
|
|
When this setting is on, Elastic Agents use this output to send agent monitoring data if no other output is set in the agent policy. Sending monitoring data to a remote Elasticsearch cluster is currently not supported. |
Logstash output settingsedit
This functionality is in beta and is subject to change. The design and code is less mature than official GA features and is being provided as-is with no warranties. Beta features are not subject to the support SLA of official GA features.
Specify these settings to send data over a secure connection to Logstash. You must also configure a Logstash pipeline that reads encrypted data from Elastic Agents and sends the data to Elasticsearch. Follow the in-product steps to configure the Logstash pipeline.
To learn how to generate certificates, refer to Configure SSL/TLS for the Logstash output.
|
The addresses your Elastic Agents will use to connect to Logstash. Use the format
Examples:
|
|
|
The CA certificate to use to connect to Logstash. This is the CA used to generate the certificate and key for Logstash. Copy and paste in the full contents for the CA certificate. This setting is optional. |
|
|
The certificate generated for the client. Copy and paste in the full contents of the certificate. |
|
|
The private key generated for the client. This must be in PKCS 8 key. Copy and paste in the full contents of the certificate key. |
|
|
YAML settings that will be added to the Logstash output section of each policy that uses this output. Make sure you specify valid YAML. The UI does not currently provide validation. |
|
|
When this setting is on, Elastic Agents use this output to send data if no other output is set in the agent policy. |
|
|
When this setting is on, Elastic Agents use this output to send agent monitoring data if no other output is set in the agent policy. |