IMPORTANT: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
current release documentation.
Capture environment variables
edit
IMPORTANT: This documentation is no longer updated. Refer to Elastic's version policy and the latest documentation.
Capture environment variables
editYou can configure an Elastic Agent policy to capture up to five environment variables (env vars).
- Env var names must be no more than 63 characters, and env var values must be no more than 1023 characters. Values outside these limits are silently ignored.
- Env var names are case sensitive in Linux.
To set up environment variable capture for an Elastic Agent policy:
- Find Policies in the navigation menu or use the global search field.
- Select an Elastic Agent policy.
- Click Show advanced settings.
-
Scroll down or search for
linux.advanced.capture_env_varsormac.advanced.capture_env_vars. -
Enter the names of env vars you want to capture, separated by commas. For example:
PATH,USER - Click Save.
Find captured environment variables
editCaptured environment variables are associated with process events, and appear in each event’s process.env_vars field.
To view environment variables in the Events table:
- Click the Events tab on the Hosts, Network, or Users pages, then click Fields in the Events table.
-
Search for the
process.env_varsfield, select it, and click Close. A new column appears containing captured environment variable data.
Was this helpful?
Thank you for your feedback.