Configure logging for Fleet-managed Elastic Agents

edit

Configure logging for Fleet-managed Elastic Agents

edit

Agent monitoring, which includes collecting agent logs and agent metrics, is enabled by default on each agent policy assigned to an agent. If logging for the agent is not required, you need to deselect the logging option when creating the agent policy.

  1. In Kibana, go to Management > Fleet.
  2. Under the Agent policies tab, click Create agent policy > Advanced options.
  3. Under Agent monitoring, deselect Collect agent logs.
  4. To confirm your change, click Create agent policy.

To disable logging on an agent policy already assigned to an agent:

  1. Select the Agents tab, and then click the agent policy.
  2. Click the Settings tab.
  3. Under Agent monitoring, deselect Collect agent logs.
  4. To confirm your change, click Save changes.

View log events

edit

The Logs page for each agent enables you to monitor all of the log events flowing in from your agents and integrations in a centralized view.

To help you get started with your analysis faster, you can use the search bar to create structured queries using Kibana Query Language. Along with the power of search, you also have the option to view historical logs from a specified time range.

  1. In Kibana, go to Management > Fleet.
  2. Under Agents, click the agent name listed in the Host column.
  3. Click the Logs tab.

To view log events for an agent or related programs, such as Filebeat or Fleet Server, make your selections under Dataset.

Fleet showing datasets for logging

To view specific log levels relating to a log event, make your selections under Log level. You can select from error, warn, and info.

Selector for logging levels

When you have searched and filtered your logs for a specific log event, you may want to examine the metadata and the structured fields associated with that event in the Logs app. Click Open in Logs.

Set the agent logging level

edit

Within Fleet, you can specify the logging level for each agent to help troubleshoot any issues.

  1. In Kibana, go to Management > Fleet.
  2. Under Agents, select the agent from the Host column.
  3. Click the Logs tab.
  4. Located at the bottom of the Logs page, you can select the Agent logging level:

    • error: Logs errors and critical errors.
    • warning: Logs warnings, errors, and critical errors.
    • info: Logs informational messages, including the number of events that are published. Also logs any warnings, errors, or critical errors.
    • debug: Logs debug messages, including a detailed printout of all events flushed. Also logs informational messages, warnings, errors, and critical errors.
  5. Once you have made your selection, click Apply changes.