This functionality is in beta and is subject to change. The design and code is less mature than official GA features and is being provided as-is with no warranties. Beta features are not subject to the support SLA of official GA features.
By default Elastic Agent runs in standalone mode to ingest system data and send it to
a local Elasticsearch instance running on port 9200. It uses the demo credentials of the
elastic user. It’s also configured to monitor all programs managed by Elastic Agent
and send the logs and metrics to the same Elasticsearch instance.
To alter this behavior, configure the output and other configuration settings.
When running the agent standalone, specify configuration settings in the
elastic-agent.yml file. When using Fleet, do not modify settings in
elastic-agent.yml file. Instead, use Ingest Manager in Kibana to change
To get started quickly, you can use Fleet to generate a standalone configuration. For more information, see Standalone mode (manual configuration).
Specify one or more outputs. Specifying multiple outputs allows you to pair each data source with a different output.
Elastic Agent currently works with the Elasticsearch output only.
Example output configuration:
outputs: default: type: elasticsearch hosts: [127.0.0.1:9200] username: elastic password: changeme monitoring: type: elasticsearch api_key: VuaCfGcBCdbkQm-e5aOx:ui2lp2axTNmsyakw9tvNnw hosts: ["localhost:9200"] ca_sha256: "7lHLiyp4J8m9kw38SJ7SURJP4bXRZv/BNxyyXkCcE/M="
This example configures two outputs:
Notice that they use different authentication methods. The first one uses a
username and password pair, and the second one contains an API key.
A default output configuration is required.
Beats monitoring settingsedit
Elastic Agent monitors Beats by default. To disable or change monitoring
settings, set options under
agent.monitoring: # enabled turns on monitoring of running processes enabled: true # enables log monitoring logs: true # enables metrics monitoring metrics: true # specifies output to be used use_output: monitoring
To disable monitoring, set
false. When set to
false, Beats monitoring is turned off, and all other options in this section
To enable monitoring, set
true. Also set the
metrics settings to control whether logs, metrics, or both are
collected. If neither setting is specified, monitoring is disabled. Set
use_output to specify the output to which monitoring events are sent.
By default Elastic Agent collects system metrics, such as cpu, memory, network, and filesystem metrics, and sends them to the default output. For example:
inputs: - type: system/metrics data_stream.namespace: default use_output: default streams: - metricset: cpu data_stream.dataset: system.cpu - metricset: memory data_stream.dataset: system.memory - metricset: network data_stream.dataset: system.network - metricset: filesystem data_stream.dataset: system.filesystem
use_output is not specified, the
default output is used.