github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-06-29 03:24:45 -04:00
Code Issues Projects Releases Packages Wiki Activity
kibana/docs/reference/configuration-reference/fleet-settings.md
Colleen McGinnis 1814c60017
[docs] Migrate docs from AsciiDoc to Markdown (#212558) 
Migrate docs from AsciiDoc to Markdown. The preview can be built after
#212557 is merged.

@florent-leborgne please tag reviewers, add the appropriate label(s),
and take this out of draft when you're ready.

Note: More files are deleted than added here because the content from
some files was moved to
[elastic/docs-content](https://github.com/elastic/docs-content).

**What has moved to
[elastic/docs-content](https://github.com/elastic/docs-content)?**

Public-facing narrative and conceptual docs have moved. Most can now be
found under the following directories in the new docs:
- explore-analyze: Discover, Dashboards, Visualizations, Reporting,
Alerting, dev tools...
- deploy-manage: Stack management (Spaces, user management, remote
clusters...)
- troubleshooting: .... troubleshooting pages

**What is staying in the Kibana repo?**

- Reference content (= anything that is or could be auto-generated):
Settings, syntax references
- Release notes
- Developer guide

---------

Co-authored-by: Florent Le Borgne <florent.leborgne@elastic.co>
2025-03-04 14:56:07 +01:00

357 lines
12 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
navigation_title: "{{fleet}} settings"
mapped_pages:
- https://www.elastic.co/guide/en/kibana/current/fleet-settings-kb.html
---
# {{fleet}} settings in {{kib}} [fleet-settings-kb]
::::{note}
In {{ecloud}}, {{fleet}} flags are already configured.
::::
You can configure `xpack.fleet` settings in your `kibana.yml`. By default, {{fleet}} is enabled. To use {{fleet}}, you also need to configure {{kib}} and {{es}} hosts.
Many {{fleet}} settings can also be configured directly through the {{fleet}} UI. See [Fleet UI settings](docs-content://reference/ingestion-tools/fleet/fleet-settings.md) for details.
See the [{{fleet}}](docs-content://reference/ingestion-tools/fleet/index.md) docs for more information about {{fleet}}.
## General {{fleet}} settings [general-fleet-settings-kb]
`xpack.fleet.agents.enabled` ![logo cloud](https://doc-icons.s3.us-east-2.amazonaws.com/logo_cloud.svg "Supported on {{ess}}")
: Set to `true` (default) to enable {{fleet}}.
`xpack.fleet.isAirGapped`
: Set to `true` to indicate {{fleet}} is running in an air-gapped environment. Refer to [Air-gapped environments](docs-content://reference/ingestion-tools/fleet/air-gapped.md) for details. Enabling this flag helps Fleet skip needless requests and improve the user experience for air-gapped environments.
## {{package-manager}} settings [fleet-data-visualizer-settings]
`xpack.fleet.registryUrl`
: The address to use to reach the {{package-manager}} registry.
`xpack.fleet.registryProxyUrl`
: The proxy address to use to reach the {{package-manager}} registry if an internet connection is not directly available. Refer to [Air-gapped environments](docs-content://reference/ingestion-tools/fleet/air-gapped.md) for details.
`xpack.fleet.packageVerification.gpgKeyPath`
: The path on disk to the GPG key used to verify {{package-manager}} packages. If the Elastic public key is ever reissued as a security precaution, you can use this setting to specify the new key.
## {{fleet}} settings [_fleet_settings]
`xpack.fleet.agents.fleet_server.hosts`
: Hostnames used by {{agent}} for accessing {{fleet-server}}.
If configured in your `kibana.yml`, this setting is grayed out and unavailable in the {{fleet}} UI. To make this setting editable in the UI, do not configure it in the configuration file.
`xpack.fleet.agents.elasticsearch.hosts`
: Hostnames used by {{agent}} for accessing {{es}}.
`xpack.fleet.agents.elasticsearch.ca_sha256`
: Hash pin used for certificate verification. The pin is a base64-encoded string of the SHA-256 fingerprint.
## Preconfiguration settings (for advanced use cases) [_preconfiguration_settings_for_advanced_use_cases]
Use these settings to pre-define integrations, agent policies, and {{fleet-server}} hosts or proxies that you want {{fleet}} to load up by default.
::::{note}
These settings are not supported to pre-configure the Endpoint and Cloud Security integration.
::::
`xpack.fleet.packages`
: List of integrations that are installed when the {{fleet}} app starts up for the first time.
::::{dropdown} Required properties of `xpack.fleet.packages`
`name`
: Name of the integration from the package registry.
`version`
: Either an exact semantic version, or the keyword `latest` to fetch the latest integration version.
::::
`xpack.fleet.agentPolicies`
: List of agent policies that are configured when the {{fleet}} app starts.
::::{dropdown} Required properties of `xpack.fleet.agentPolicies`
`id`
: Unique ID for this policy. The ID may be a number or string.
`name`
: Policy name.
::::
::::{dropdown} Optional properties of `xpack.fleet.agentPolicies`
`description`
: Text description of this policy.
`namespace`
: String identifying this policys namespace.
`monitoring_enabled`
: List of keywords that specify the monitoring data to collect. Valid values include `['logs']`, `['metrics']`, and `['logs', 'metrics']`.
`keep_monitoring_alive`
: If `true`, monitoring will be enabled, but logs/metrics collection will be disabled. Use this if you want to keep agents monitoring server alive even when logs/metrics arent being collected.
`is_managed`
: If `true`, this policy is not editable by the user and can only be changed by updating the {{kib}} config.
`is_default`
: If `true`, this policy is the default agent policy.
`is_default_fleet_server`
: If `true`, this policy is the default {{fleet-server}} agent policy.
`data_output_id`
: ID of the output to send data. (Need to be identical to `monitoring_output_id`)
`monitoring_output_id`
: ID of the output to send monitoring data. (Need to be identical to `data_output_id`)
`fleet_server_host_id`
: ID of the fleet server.
`package_policies`
: List of integration policies to add to this policy.
::::{dropdown} Properties of `package_policies`
`id`
: Unique ID of the integration policy. The ID may be a number or string.
`name`
: (required) Name of the integration policy.
`package`
: (required) Integration that this policy configures.
::::{dropdown} Properties of `package`
`name`
: Name of the integration associated with this policy.
::::
`description`
: Text string describing this integration policy.
`namespace`
: String identifying this policys namespace.
`inputs`
: Map of input for the integration. Follows the same schema as the package policy API inputs, with the exception that any object in `vars` can be passed `frozen: true` in order to prevent that specific `var` from being edited by the user.
::::
::::
Example configuration:
```yaml
xpack.fleet.packages:
- name: apache
version: 0.5.0
xpack.fleet.agentPolicies:
- name: Preconfigured Policy
id: preconfigured-policy
namespace: test
package_policies:
- package:
name: system
name: System Integration
namespace: test
id: preconfigured-system
inputs:
system-system/metrics:
enabled: true
vars:
'[system.hostfs]': home/test
streams:
'[system.core]':
enabled: true
vars:
period: 20s
system-winlog:
enabled: false
```
`xpack.fleet.outputs`
: List of outputs that are configured when the {{fleet}} app starts.
Certain types of outputs have additional required and optional settings. Refer to [Output settings](docs-content://reference/ingestion-tools/fleet/fleet-settings.md#output-settings) in the {{fleet}} and {{agent}} Guide for the full list of settings for each output type.
If configured in your `kibana.yml`, output settings are grayed out and unavailable in the {{fleet}} UI. To make these settings editable in the UI, do not configure them in the configuration file.
::::{note}
The `xpack.fleet.outputs` settings are intended for advanced configurations such as having multiple outputs. We recommend not enabling the `xpack.fleet.agents.elasticsearch.host` settings when using `xpack.fleet.outputs`.
::::
::::{dropdown} Required properties of `xpack.fleet.outputs`
`id`
: Unique ID for this output. The ID should be a string.
`name`
: Output name.
`type`
: Type of Output. Currently we support "elasticsearch", "logstash", "kafka", and "remote_elasticsearch".
`hosts`
: Array that contains the list of host for that output.
::::
::::{dropdown} Optional properties of `xpack.fleet.outputs`
`is_default`
: If `true`, the output specified in `xpack.fleet.outputs` will be the one used to send agent data unless there is another one configured specifically for the agent policy.
`is_default_monitoring`
: If `true`, the output specified in `xpack.fleet.outputs` will be the one used to send agent monitoring data unless there is another one configured specifically for the agent policy.
`is_internal`
: If `true`, the output specified in `xpack.fleet.outputs` will not appear in the UI, and can only be managed via `kibana.yml` or the Fleet API.
`config`
: Extra config for that output.
`proxy_id`
: Unique ID of a proxy to access the output.
`ssl`
: Set to enable authentication using the Secure Sockets Layer (SSL) protocol.
::::{dropdown} Properties of `ssl`
`certificate`
: The SSL certificate that {{agents}} use to authenticate with the output. Include the full contents of the certificate here.
::::
`secrets`
: Include here any values for preconfigured outputs that should be stored as secrets. A secret value is replaced in the `kibana.yml` settings file with a reference, with the original value stored externally as a secure hash. Note that this type of secret storage requires all configured {{fleet-server}}s to be on version 8.12.0 or later.
::::{dropdown} Properties of `secrets`
`key`:
: The private certificate key that {{agents}} use to authenticate with the output.
::::
::::
Example `xpack.fleet.outputs` configuration:
```yaml
xpack.fleet.outputs:
- id: my-logstash-output-with-a-secret
name: preconfigured logstash output with a secret
type: logstash
hosts: ["localhost:9999"]
ssl:
certificate: xxxxxxxxxx
secrets:
ssl:
key: securekey
```
`xpack.fleet.fleetServerHosts`
: List of {{fleet-server}} hosts that are configured when the {{fleet}} app starts.
::::{dropdown} Required properties of `xpack.fleet.fleetServerHosts`
`id`
: Unique ID for the host server.
`name`
: Name of the host server.
`host_urls`
: Array of one or more host URLs that {{agents}} will use to connect to {{fleet-server}}.
::::
::::{dropdown} Optional properties of `xpack.fleet.fleetServerHosts`
`is_default`
: Whether or not this host should be the default to use for {{fleet-server}}.
`is_internal`
: If `true` the host will not appear in the UI, and can only be managed through `kibana.yml` or the {{fleet}} API.
`proxy_id`
: Unique ID of the proxy to access the {{fleet-server}} host.
::::
`xpack.fleet.proxy`
: List of proxies to access {{fleet-server}} that are configured when the {{fleet}} app starts.
::::{dropdown} Required properties of `xpack.fleet.proxy`
`id`
: Unique ID of the proxy to access the {{fleet-server}} host.
`name`
: Name of the proxy to access the {{fleet-server}} host.
`url`
: URL that {{agents}} use to connect to the proxy to access {{fleet-server}}.
::::
:::::{dropdown} Optional properties of `xpack.fleet.proxy`
`proxy_headers`
: Map of headers to use with the proxy. .Properties of `proxy_headers`
::::{dropdown}
`key`
: Key to use for the proxy header.
`value`
: Value to use for the proxy header.
::::
`certificate_authorities`
: Certificate authority (CA) used to issue the certificate.
`certificate`
: The name of the certificate used to authenticate the proxy.
`certificate_key`
: The certificate key used to authenticate the proxy.
:::::
`xpack.fleet.enableExperimental`
: List of experimental feature flag to enable in Fleet.
::::{note}
Experimental features should not be enabled in production environments. The features in this section are experimental and may be changed or removed completely in future releases. Elastic will make a best effort to fix any issues, but experimental features are not supported to the same level as generally available (GA) features.
::::
`xpack.fleet.enableManagedLogsAndMetricsDataviews`
: Set to `true` (default), to enable the automatic creation of global `logs-*` and `metrics-*` data views.
Reference in a new issue View git blame Copy permalink