Fleet UI settings

edit

The settings described here are configurable through the Fleet UI. Refer to Fleet settings in Kibana for a list of settings that you can configure in the kibana.yml configuration file.

On the Settings tab in Fleet, you can configure global settings available to all Elastic Agents enrolled in Fleet. This includes Fleet Server hosts and output settings.

Fleet Server host settings

edit

Click Edit hosts and specify the host URLs your Elastic Agents will use to connect to a Fleet Server.

If the Edit hosts option is grayed out, Fleet Server hosts are configured outside of Fleet. For more information, refer to Fleet settings in Kibana.

Not sure if Fleet Server is running? Refer to Add a Fleet Server.

On self-managed clusters, you must specify one or more URLs.

On Elastic Cloud, this field is populated automatically. If you are using Azure Private Link, GCP Private Service Connect, or AWS PrivateLink and enrolling the Elastic Agent with a private link URL, ensure that this setting is configured. Otherwise, Elastic Agent will reset to use a default address instead of the private link URL.

If a URL is specified without a port, Kibana sets the port to 80 (http) or 443 (https).

By default, Fleet Server is typically exposed on the following ports:

8220
Default Fleet Server port for self-managed clusters
443 or 9243
Default Fleet Server port for Elastic Cloud. View the Fleet Settings tab to find the actual port that’s used.

The exposed ports must be open for ingress and egress in the firewall and networking rules on the host to allow Elastic Agents to communicate with Fleet Server.

Specify multiple URLs (click Add row) to scale out your deployment and provide automatic failover. If multiple URLs exist, Fleet shows the first provided URL for enrollment purposes. Enrolled Elastic Agents will connect to the URLs in round robin order until they connect successfully.

When a Fleet Server is added or removed from the list, all agent policies are updated automatically.

Examples:

  • https://192.0.2.1:8220
  • https://abae718c1276457893b1096929e0f557.fleet.eu-west-1.aws.qa.cld.elstc.co:443
  • https://[2001:db8::1]:8220

Output settings

edit

Add or edit output settings to specify where Elastic Agents send data. Elastic Agents use the default output if you don’t select an output in the agent policy.

The Elastic Cloud internal output is locked and cannot be edited. This output is used for internal routing to reduce external network charges when using the Elastic Cloud agent policy. It also provides visibility for troubleshooting on Elastic Cloud Enterprise.

To add or edit an output:

  1. Go to Fleet → Settings.
  2. Under Outputs, click Add output or Edit.
  3. Set the output name and type.
  4. Specify settings for the output type you selected:

If the options for editing an output are grayed out, outputs are configured outside of Fleet. For more information, refer to Fleet settings in Kibana.

Elasticsearch output settings

edit

Specify these settings to send data over a secure connection to Elasticsearch.

Elasticsearch output must match only the cluster with which Fleet Server is associated. It’s not possible to reference URLs belonging to other Elasticsearch clusters.

Hosts

The Elasticsearch URLs where Elastic Agents will send data. By default, Elasticsearch is exposed on the following ports:

9200
Default Elasticsearch port for self-managed clusters
443
Default Elasticsearch port for Elastic Cloud

Examples:

  • https://192.0.2.0:9200
  • https://1d7a52f5eb344de18ea04411fe09e564.fleet.eu-west-1.aws.qa.cld.elstc.co:443
  • https://[2001:db8::1]:9200

Elasticsearch CA trusted fingerprint

HEX encoded SHA-256 of a CA certificate. If this certificate is present in the chain during the handshake, it will be added to the certificate_authorities list and the handshake will continue normally. To learn more about trusted fingerprints, refer to the Elasticsearch security documentation.

Advanced YAML configuration

YAML settings that will be added to the Elasticsearch output section of each policy that uses this output. Make sure you specify valid YAML. The UI does not currently provide validation.

Make this output the default for agent integrations

When this setting is on, Elastic Agents use this output to send data if no other output is set in the agent policy.

Make this output the default for agent monitoring

When this setting is on, Elastic Agents use this output to send agent monitoring data if no other output is set in the agent policy.

Sending monitoring data to a remote Elasticsearch cluster is currently not supported.

Logstash output settings

edit

Specify these settings to send data over a secure connection to Logstash. You must also configure a Logstash pipeline that reads encrypted data from Elastic Agents and sends the data to Elasticsearch. Follow the in-product steps to configure the Logstash pipeline.

To learn how to generate certificates, refer to Configure SSL/TLS for the Logstash output.

Logstash hosts

The addresses your Elastic Agents will use to connect to Logstash. Use the format host:port. Click add row to specify additional Logstash addresses.

Examples:

  • 192.0.2.0:5044
  • mylogstashhost:5044

Server SSL certificate authorities

The CA certificate to use to connect to Logstash. This is the CA used to generate the certificate and key for Logstash. Copy and paste in the full contents for the CA certificate.

This setting is optional.

Client SSL certificate

The certificate generated for the client. Copy and paste in the full contents of the certificate. This is the certificate that all the agents will use to connect to Logstash.

In cases where each client has a unique certificate, the local path to that certificate can be placed here. The agents will pick the certificate in that location when establishing a connection to Logstash.

Client SSL certificate key

The private key generated for the client. This must be in PKCS 8 key. Copy and paste in the full contents of the certificate key. This is the certificate key that all the agents will use to connect to Logstash.

In cases where each client has a unique certificate key, the local path to that certificate key can be placed here. The agents will pick the certificate key in that location when establishing a connection to Logstash.

Advanced YAML configuration

YAML settings that will be added to the Logstash output section of each policy that uses this output. Make sure you specify valid YAML. The UI does not currently provide validation.

Make this output the default for agent integrations

When this setting is on, Elastic Agents use this output to send data if no other output is set in the agent policy.

Make this output the default for agent monitoring

When this setting is on, Elastic Agents use this output to send agent monitoring data if no other output is set in the agent policy.

Agent binary download settings

edit

Elastic Agents must be able to access the Elastic artifact registry to download binaries during upgrades. By default Elastic Agents download artifacts from the artifact registry at https://artifacts.elastic.co/downloads/.

For Elastic Agents that cannot access the internet, you can specify agent binary download settings, and then configure agents to download their artifacts from the alternate location. For more information about running Elastic Agents in a restricted environment, refer to Air-gapped environments.

To add or edit the source of binary downloads:

  1. Go to Fleet → Settings.
  2. Under Agent Binary Download, click Add agent binary source or Edit.
  3. Set the agent binary source name.
  4. For Host, specify the address where you are hosting the artifacts repository.
  5. (Optional) To make this location the default, select Make this host the default for all agent policies. Elastic Agents use the default location if you don’t select a different agent binary source in the agent policy.

Host name format settings

edit

These settings control the format of information provided about the current host through the host.name key, in events produced by Elastic Agent.

Hostname

When this setting is selected, information about the current host is in a non-fully-qualified format (somehost, rather than somehost.example.com). This is the default reporting format.

Fully Qualified Domain Name (FQDN)

When this setting is selected, information about the current host is in FQDN format (somehost.example.com rather than somehost). This helps you to distinguish between hosts on different domains that have similar names. The fully qualified hostname allows each host to be more easily identified when viewed in Kibana, for example.

This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.

FQDN reporting is not currently supported in APM.

For FQDN reporting to work as expected, the hostname of the current host must either:

  • Have a CNAME entry defined in DNS.
  • Have one of its corresponding IP addresses respond successfully to a reverse DNS lookup.

If neither pre-requisite is satisfied, host.name continues to report the hostname of the current host in a non-fully-qualified format.