- Fleet and Elastic Agent Guide: other versions:
- Fleet and Elastic Agent overview
- Beats and Elastic Agent capabilities
- Quick starts
- Migrate from Beats to Elastic Agent
- Deployment models
- Install Elastic Agents
- Install Fleet-managed Elastic Agents
- Install standalone Elastic Agents
- Install Elastic Agents in a containerized environment
- Run Elastic Agent in a container
- Run Elastic Agent on Kubernetes managed by Fleet
- Advanced Elastic Agent configuration managed by Fleet
- Configuring Kubernetes metadata enrichment on Elastic Agent
- Run Elastic Agent on GKE managed by Fleet
- Run Elastic Agent on Amazon EKS managed by Fleet
- Run Elastic Agent on Azure AKS managed by Fleet
- Run Elastic Agent Standalone on Kubernetes
- Scaling Elastic Agent on Kubernetes
- Using a custom ingest pipeline with the Kubernetes Integration
- Environment variables
- Installation layout
- Air-gapped environments
- Using a proxy server with Elastic Agent and Fleet
- Uninstall Elastic Agents from edge hosts
- Start and stop Elastic Agents on edge hosts
- Elastic Agent configuration encryption
- Secure connections
- Manage Elastic Agents in Fleet
- Configure standalone Elastic Agents
- Create a standalone Elastic Agent policy
- Structure of a config file
- Inputs
- Providers
- Outputs
- SSL/TLS
- Logging
- Feature flags
- Agent download
- Config file examples
- Grant standalone Elastic Agents access to Elasticsearch
- Example: Use standalone Elastic Agent with Elastic Cloud Serverless to monitor nginx
- Example: Use standalone Elastic Agent with Elasticsearch Service to monitor nginx
- Debug standalone Elastic Agents
- Kubernetes autodiscovery with Elastic Agent
- Monitoring
- Reference YAML
- Manage integrations
- Define processors
- Processor syntax
- add_cloud_metadata
- add_cloudfoundry_metadata
- add_docker_metadata
- add_fields
- add_host_metadata
- add_id
- add_kubernetes_metadata
- add_labels
- add_locale
- add_network_direction
- add_nomad_metadata
- add_observer_metadata
- add_process_metadata
- add_tags
- community_id
- convert
- copy_fields
- decode_base64_field
- decode_cef
- decode_csv_fields
- decode_duration
- decode_json_fields
- decode_xml
- decode_xml_wineventlog
- decompress_gzip_field
- detect_mime_type
- dissect
- dns
- drop_event
- drop_fields
- extract_array
- fingerprint
- include_fields
- move_fields
- parse_aws_vpc_flow_log
- rate_limit
- registered_domain
- rename
- replace
- script
- syslog
- timestamp
- translate_sid
- truncate_fields
- urldecode
- Command reference
- Troubleshoot
- Release notes
Add Cloud Foundry metadata
editAdd Cloud Foundry metadata
editThe add_cloudfoundry_metadata processor annotates each event with relevant
metadata from Cloud Foundry applications.
For events to be annotated with Cloud Foundry metadata, they must have a field
called cloudfoundry.app.id that contains a reference to a Cloud Foundry
application, and the configured Cloud Foundry client must be able to retrieve
information for the application.
Each event is annotated with:
- Application Name
- Space ID
- Space Name
- Organization ID
- Organization Name
Pivotal Application Service and Tanzu Application Service include this
metadata in all events from the firehose since version 2.8. In these cases the
metadata in the events is used, and add_cloudfoundry_metadata processor
doesn’t modify these fields.
For efficient annotation, application metadata retrieved by the Cloud Foundry
client is stored in a persistent cache on the filesystem. This is done so the
metadata can persist across restarts of Elastic Agent and its underlying programs. For
control over this cache, use the cache_duration and cache_retry_delay
settings.
Example
edit- add_cloudfoundry_metadata: api_address: https://api.dev.cfdev.sh client_id: uaa-filebeat client_secret: verysecret ssl: verification_mode: none # To connect to Cloud Foundry over verified TLS you can specify a client and CA certificate. #ssl: # certificate_authorities: ["/etc/pki/cf/ca.pem"] # certificate: "/etc/pki/cf/cert.pem" # key: "/etc/pki/cf/cert.key"
Configuration settings
editElastic Agent processors execute before ingest pipelines, which means that they process the raw event data rather than the final event sent to Elasticsearch. For related limitations, refer to What are some limitations of using processors?
| Name | Required | Default | Description |
|---|---|---|---|
|
No |
|
URL of the Cloud Foundry API. |
|
No |
|
URL of the Cloud Foundry Doppler Websocket. |
|
No |
|
URL of the Cloud Foundry UAA API. |
|
No |
|
URL of the Cloud Foundry RLP Gateway. |
|
Yes |
Client ID to authenticate with Cloud Foundry. |
|
|
Yes |
Client Secret to authenticate with Cloud Foundry. |
|
|
No |
|
Maximum amount of time to cache an application’s metadata. |
|
No |
|
Time to wait before trying to obtain an application’s metadata again in case of error. |
|
No |
SSL configuration to use when connecting to Cloud Foundry. For a list of available settings, refer to SSL/TLS, specifically the settings under Table 4, “Common configuration options” and Table 5, “Client configuration options”. |
On this page