Fleet settings in Kibana

edit

Fleet settings in Kibana

edit

In Elastic Cloud, Fleet flags are already configured.

You can configure xpack.fleet settings in your kibana.yml. By default, Fleet is enabled. To use Fleet, you also need to configure Kibana and Elasticsearch hosts.

Many Fleet settings can also be configured directly through the Fleet UI. See Fleet UI settings for details.

See the Fleet docs for more information about Fleet.

General Fleet settings

edit
xpack.fleet.agents.enabled logo cloud
Set to true (default) to enable Fleet.
xpack.fleet.isAirGapped
Set to true to indicate Fleet is running in an air-gapped environment. Refer to Air-gapped environments for details. Enabling this flag helps Fleet skip needless requests and improve the user experience for air-gapped environments.

Elastic Package Manager settings

edit
xpack.fleet.registryUrl
The address to use to reach the Elastic Package Manager registry.
xpack.fleet.registryProxyUrl
The proxy address to use to reach the Elastic Package Manager registry if an internet connection is not directly available. Refer to Air-gapped environments for details.
xpack.fleet.packageVerification.gpgKeyPath
The path on disk to the GPG key used to verify Elastic Package Manager packages. If the Elastic public key is ever reissued as a security precaution, you can use this setting to specify the new key.

Fleet settings

edit
xpack.fleet.agents.fleet_server.hosts

Hostnames used by Elastic Agent for accessing Fleet Server.

If configured in your kibana.yml, this setting is grayed out and unavailable in the Fleet UI. To make this setting editable in the UI, do not configure it in the configuration file.

xpack.fleet.agents.elasticsearch.hosts
Hostnames used by Elastic Agent for accessing Elasticsearch.
xpack.fleet.agents.elasticsearch.ca_sha256
Hash pin used for certificate verification. The pin is a base64-encoded string of the SHA-256 fingerprint.

Preconfiguration settings (for advanced use cases)

edit

Use these settings to pre-define integrations, agent policies, and Fleet Server hosts or proxies that you want Fleet to load up by default.

These settings are not supported to pre-configure the Endpoint and Cloud Security integration.

xpack.fleet.packages

List of integrations that are installed when the Fleet app starts up for the first time.

Required properties of xpack.fleet.packages
name
Name of the integration from the package registry.
version
Either an exact semantic version, or the keyword latest to fetch the latest integration version.
xpack.fleet.agentPolicies

List of agent policies that are configured when the Fleet app starts.

Required properties of xpack.fleet.agentPolicies
id
Unique ID for this policy. The ID may be a number or string.
name
Policy name.
Optional properties of xpack.fleet.agentPolicies
description
Text description of this policy.
namespace
String identifying this policy’s namespace.
monitoring_enabled
List of keywords that specify the monitoring data to collect. Valid values include ['logs'], ['metrics'], and ['logs', 'metrics'].
keep_monitoring_alive
If true, monitoring will be enabled, but logs/metrics collection will be disabled. Use this if you want to keep agent’s monitoring server alive even when logs/metrics aren’t being collected.
is_managed
If true, this policy is not editable by the user and can only be changed by updating the Kibana config.
is_default
If true, this policy is the default agent policy.
is_default_fleet_server
If true, this policy is the default Fleet Server agent policy.
data_output_id
ID of the output to send data. (Need to be identical to monitoring_output_id)
monitoring_output_id
ID of the output to send monitoring data. (Need to be identical to data_output_id)
fleet_server_host_id
ID of the fleet server.
package_policies

List of integration policies to add to this policy.

Properties of package_policies
id
Unique ID of the integration policy. The ID may be a number or string.
name
(required) Name of the integration policy.
package

(required) Integration that this policy configures.

Properties of package
name
Name of the integration associated with this policy.
description
Text string describing this integration policy.
namespace
String identifying this policy’s namespace.
inputs
Map of input for the integration. Follows the same schema as the package policy API inputs, with the exception that any object in vars can be passed frozen: true in order to prevent that specific var from being edited by the user.

Example configuration:

xpack.fleet.packages:
  - name: apache
    version: 0.5.0

xpack.fleet.agentPolicies:
  - name: Preconfigured Policy
    id: preconfigured-policy
    namespace: test
    package_policies:
      - package:
          name: system
        name: System Integration
        namespace: test
        id: preconfigured-system
        inputs:
          system-system/metrics:
            enabled: true
            vars:
              '[system.hostfs]': home/test
            streams:
              '[system.core]':
                enabled: true
                vars:
                  period: 20s
          system-winlog:
            enabled: false
xpack.fleet.outputs

List of outputs that are configured when the Fleet app starts.

Certain types of outputs have additional required and optional settings. Refer to Output settings in the Fleet and Elastic Agent Guide for the full list of settings for each output type.

If configured in your kibana.yml, output settings are grayed out and unavailable in the Fleet UI. To make these settings editable in the UI, do not configure them in the configuration file.

The xpack.fleet.outputs settings are intended for advanced configurations such as having multiple outputs. We recommend not enabling the xpack.fleet.agents.elasticsearch.host settings when using xpack.fleet.outputs.

Required properties of xpack.fleet.outputs
id
Unique ID for this output. The ID should be a string.
name
Output name.
type
Type of Output. Currently we support "elasticsearch", "logstash", "kafka", and "remote_elasticsearch".
hosts
Array that contains the list of host for that output.
Optional properties of xpack.fleet.outputs
is_default
If true, the output specified in xpack.fleet.outputs will be the one used to send agent data unless there is another one configured specifically for the agent policy.
is_default_monitoring
If true, the output specified in xpack.fleet.outputs will be the one used to send agent monitoring data unless there is another one configured specifically for the agent policy.
is_internal
If true, the output specified in xpack.fleet.outputs will not appear in the UI, and can only be managed via kibana.yml or the Fleet API.
config
Extra config for that output.
proxy_id
Unique ID of a proxy to access the output.
ssl

Set to enable authentication using the Secure Sockets Layer (SSL) protocol.

Properties of ssl
certificate
The SSL certificate that Elastic Agents use to authenticate with the output. Include the full contents of the certificate here.
secrets

Include here any values for preconfigured outputs that should be stored as secrets. A secret value is replaced in the kibana.yml settings file with a reference, with the original value stored externally as a secure hash. Note that this type of secret storage requires all configured Fleet Servers to be on version 8.12.0 or later.

Properties of secrets
key:
The private certificate key that Elastic Agents use to authenticate with the output.

Example xpack.fleet.outputs configuration:

xpack.fleet.outputs:
  - id: my-logstash-output-with-a-secret
    name: preconfigured logstash output with a secret
    type:  logstash
    hosts: ["localhost:9999"]
    ssl:
      certificate: xxxxxxxxxx
    secrets:
      ssl:
        key: securekey
xpack.fleet.fleetServerHosts

List of Fleet Server hosts that are configured when the Fleet app starts.

Required properties of xpack.fleet.fleetServerHosts
id
Unique ID for the host server.
name
Name of the host server.
host_urls
Array of one or more host URLs that Elastic Agents will use to connect to Fleet Server.
Optional properties of xpack.fleet.fleetServerHosts
is_default
Whether or not this host should be the default to use for Fleet Server.
is_internal
If true the host will not appear in the UI, and can only be managed through kibana.yml or the Fleet API.
proxy_id
Unique ID of the proxy to access the Fleet Server host.
xpack.fleet.proxy

List of proxies to access Fleet Server that are configured when the Fleet app starts.

Required properties of xpack.fleet.proxy
id
Unique ID of the proxy to access the Fleet Server host.
name
Name of the proxy to access the Fleet Server host.
url
URL that Elastic Agents use to connect to the proxy to access Fleet Server.
Optional properties of xpack.fleet.proxy
proxy_headers
Map of headers to use with the proxy. .Properties of proxy_headers
Details
key
Key to use for the proxy header.
value
Value to use for the proxy header.
certificate_authorities
Certificate authority (CA) used to issue the certificate.
certificate
The name of the certificate used to authenticate the proxy.
certificate_key
The certificate key used to authenticate the proxy.
xpack.fleet.enableExperimental
List of experimental feature flag to enable in Fleet.

Experimental features should not be enabled in production environments. The features in this section are experimental and may be changed or removed completely in future releases. Elastic will make a best effort to fix any issues, but experimental features are not supported to the same level as generally available (GA) features.