diff --git a/reference/fleet/add_docker_metadata-processor.md b/reference/fleet/add_docker_metadata-processor.md index 3649bb1f73..1b304efea1 100644 --- a/reference/fleet/add_docker_metadata-processor.md +++ b/reference/fleet/add_docker_metadata-processor.md @@ -52,7 +52,7 @@ If the Docker daemon is restarted, the mounted socket will become invalid, and m #match_source: true #match_source_index: 4 #match_short_id: true - #cleanup_timeout: 60 + #cleanup_timeout: 60s #labels.dedot: false # To connect to Docker over TLS you must specify a client and CA certificate. #ssl: diff --git a/reference/fleet/add_host_metadata-processor.md b/reference/fleet/add_host_metadata-processor.md index 0dc514c6fe..ff7437885a 100644 --- a/reference/fleet/add_host_metadata-processor.md +++ b/reference/fleet/add_host_metadata-processor.md @@ -95,5 +95,5 @@ If `host.*` fields already exist in the event, they are overwritten by default u | `geo.city_name` | No | | Name of the city. | | `geo.country_iso_code` | No | | ISO country code. | | `geo.region_iso_code` | No | | ISO region code. | -| `replace_fields` | No | `true` | Whether to replace original host fields from the event. If set `false`, original host fields from the event are not replaced by host fields from `add_host_metadata`. | +| `replace_fields` | No | `true` | Whether to replace existing host fields in the event. If `true` (default), the processor always runs and overwrites any existing `host.*` fields with metadata from `add_host_metadata`. If `false`, the processor only adds metadata when no `host.*` fields exist in the event or when only `host.name` is present. If other host fields exist, the processor is skipped entirely. | diff --git a/reference/fleet/add_kubernetes_metadata-processor.md b/reference/fleet/add_kubernetes_metadata-processor.md index 66ba4085af..b9f7df0385 100644 --- a/reference/fleet/add_kubernetes_metadata-processor.md +++ b/reference/fleet/add_kubernetes_metadata-processor.md @@ -63,7 +63,7 @@ This configuration enables the processor on an {{agent}} running as a process on host: # If kube_config is not set, KUBECONFIG environment variable will be checked # and if not present it will fall back to InCluster - kube_config: ${fleet} and {agent} Guide/.kube/config + kube_config: ~/.kube/config # Defining indexers and matchers manually is required for {beatname_lc}, for instance: #indexers: # - ip_port: diff --git a/reference/fleet/configure-standalone-elastic-agents.md b/reference/fleet/configure-standalone-elastic-agents.md index bec4bb85e3..b764ddeeb6 100644 --- a/reference/fleet/configure-standalone-elastic-agents.md +++ b/reference/fleet/configure-standalone-elastic-agents.md @@ -39,7 +39,8 @@ inputs: data_stream.namespace: default use_output: default streams: - - metricset: cpu + - metricsets: + - cpu data_stream.dataset: system.cpu ``` diff --git a/reference/fleet/data-streams-scenario2.md b/reference/fleet/data-streams-scenario2.md index dba76329a2..c8727b9839 100644 --- a/reference/fleet/data-streams-scenario2.md +++ b/reference/fleet/data-streams-scenario2.md @@ -10,7 +10,7 @@ products: # Scenario 2: Apply an ILM policy to specific data streams generated from Fleet integrations across all namespaces [data-streams-scenario2] -Mappings and settings for data streams can be customized through the creation of `*@custom` component templates, which are referenced by the index templates created by the {{es}} apm-data plugin. The easiest way to configure a custom index lifecycle policy per data stream is to edit this template. +Mappings and settings for data streams can be customized through the creation of `*@custom` component templates, which are referenced by the index templates created by each integration. The easiest way to configure a custom index lifecycle policy per data stream is to edit this template. This tutorial explains how to apply a custom index lifecycle policy to the `logs-system.auth` data stream. diff --git a/reference/fleet/decode_duration-processor.md b/reference/fleet/decode_duration-processor.md index 86774bdc5e..3c3eea7a09 100644 --- a/reference/fleet/decode_duration-processor.md +++ b/reference/fleet/decode_duration-processor.md @@ -27,8 +27,8 @@ processors: ## Configuration settings [_configuration_settings_21] -| Name | Required | Default | Description | | -| --- | --- | --- | --- | --- | -| `field` | yes | | Which field of event needs to be decoded as `time.Duration` | | -| `format` | yes | `milliseconds` | Supported formats: `milliseconds`/`seconds`/`minutes`/`hours` | | +| Name | Required | Default | Description | +| --- | --- | --- | --- | +| `field` | yes | | Which field of event needs to be decoded as `time.Duration` | +| `format` | yes | `milliseconds` | Supported formats: `milliseconds`/`seconds`/`minutes`/`hours` | diff --git a/reference/fleet/decode_xml_wineventlog-processor.md b/reference/fleet/decode_xml_wineventlog-processor.md index a8758e5fa1..3b7d5d7047 100644 --- a/reference/fleet/decode_xml_wineventlog-processor.md +++ b/reference/fleet/decode_xml_wineventlog-processor.md @@ -149,10 +149,10 @@ If `map_ecs_fields` is enabled then the following field mappings are also perfor | --- | --- | --- | | `event.code` | `winlog.event_id` | | | `event.kind` | `"event"` | | -| `event.provider` | `` | `Name` attribute | -| `event.action` | `` | | -| `event.host.name` | `` | | +| `event.provider` | `winlog.provider_name` | `Name` attribute | +| `event.action` | `winlog.task` | | | `event.outcome` | `winlog.outcome` | | +| `host.name` | `winlog.computer_name` | | | `log.level` | `winlog.level` | | | `message` | `winlog.message` | | | `error.code` | `winlog.error.code` | | diff --git a/reference/fleet/dynamic-input-configuration.md b/reference/fleet/dynamic-input-configuration.md index e5de8c5a2d..ee426a55de 100644 --- a/reference/fleet/dynamic-input-configuration.md +++ b/reference/fleet/dynamic-input-configuration.md @@ -184,7 +184,8 @@ inputs: - id: unique-system-metrics-id type: system/metrics streams: - - metricset: load + - metricsets: + - load data_stream.dataset: system.cpu condition: ${host.platform} != 'windows' ``` @@ -196,7 +197,8 @@ inputs: - id: unique-system-metrics-id type: system/metrics streams: - - metricset: load + - metricsets: + - load data_stream.dataset: system.cpu processors: - add_fields: diff --git a/reference/fleet/elastic-agent-container.md b/reference/fleet/elastic-agent-container.md index 0c4eed8ec0..18c4cbb96c 100644 --- a/reference/fleet/elastic-agent-container.md +++ b/reference/fleet/elastic-agent-container.md @@ -189,10 +189,10 @@ If you’d like to run {{agent}} in a Docker container on a read-only file syste For example: ```bash subs=true -docker run --rm --mount source=$(pwd)/state,destination=/state -e {STATE_PATH}=/state --read-only docker.elastic.co/elastic-agent/elastic-agent:{{version.stack}} <1> +docker run --rm --mount source=$(pwd)/state,destination=/state -e STATE_PATH=/state --read-only docker.elastic.co/elastic-agent/elastic-agent:{{version.stack}} <1> ``` -1. Where `{STATE_PATH}` is the path to a stateful directory to mount where {{agent}} application data can be stored. +1. Where `STATE_PATH` is the path to a stateful directory to mount where {{agent}} application data can be stored. You can also add `type=tmpfs` to the mount parameter (`--mount type=tmpfs,destination=/state...`) to specify a temporary file storage location. This should be done with caution as it can cause data duplication, particularly for logs, when the container is restarted, as no state data is persisted. diff --git a/reference/fleet/elasticsearch-output.md b/reference/fleet/elasticsearch-output.md index 08a5d92291..9e8db8783a 100644 --- a/reference/fleet/elasticsearch-output.md +++ b/reference/fleet/elasticsearch-output.md @@ -248,7 +248,7 @@ Settings used to parse, filter, and transform data. ```yaml outputs: default: - type: elasticsearchoutput.elasticsearch: + type: elasticsearch hosts: ["http://localhost:9200"] pipeline: my_pipeline_id ``` diff --git a/reference/fleet/install-standalone-elastic-agent.md b/reference/fleet/install-standalone-elastic-agent.md index aa1f4f76c6..24e1ef152c 100644 --- a/reference/fleet/install-standalone-elastic-agent.md +++ b/reference/fleet/install-standalone-elastic-agent.md @@ -106,12 +106,12 @@ To install and run {{agent}} standalone: You can use either of the two command formats to set the `ELASTIC_AGENT_FLAVOR` environment variable: ```shell subs=true - curl -L -O https://artifacts.elastic.co/downloads/beats/elastic-agent/elastic-agent-{{version.stack}}-amd64.deb + curl -L -O https://artifacts.elastic.co/downloads/beats/elastic-agent/elastic-agent-{{version.stack}}-x86_64.rpm sudo ELASTIC_AGENT_FLAVOR=servers rpm -vi elastic-agent-{{version.stack}}-x86_64.rpm ``` ```shell subs=true - curl -L -O https://artifacts.elastic.co/downloads/beats/elastic-agent/elastic-agent-{{version.stack}}-amd64.deb + curl -L -O https://artifacts.elastic.co/downloads/beats/elastic-agent/elastic-agent-{{version.stack}}-x86_64.rpm ELASTIC_AGENT_FLAVOR=servers sudo -E rpm -vi elastic-agent-{{version.stack}}-x86_64.rpm ``` @@ -163,7 +163,7 @@ To install and run {{agent}} standalone: sudo ./elastic-agent install ``` - By default the {{agent}} basic flavor is installed. To install the servers flavor, add the `--ìnstall-servers` parameter. Refer to [{{agent}} installation flavors](./install-elastic-agents.md#elastic-agent-installation-flavors) for details. + By default the {{agent}} basic flavor is installed. To install the servers flavor, add the `--install-servers` parameter. Refer to [{{agent}} installation flavors](./install-elastic-agents.md#elastic-agent-installation-flavors) for details. :::: @@ -177,7 +177,7 @@ To install and run {{agent}} standalone: sudo ./elastic-agent install ``` - By default the {{agent}} basic flavor is installed. To install the servers flavor, add the `--ìnstall-servers` parameter. Refer to [{{agent}} installation flavors](./install-elastic-agents.md#elastic-agent-installation-flavors) for details. + By default the {{agent}} basic flavor is installed. To install the servers flavor, add the `--install-servers` parameter. Refer to [{{agent}} installation flavors](./install-elastic-agents.md#elastic-agent-installation-flavors) for details. :::: @@ -191,7 +191,7 @@ To install and run {{agent}} standalone: .\elastic-agent.exe install ``` - By default the {{agent}} basic flavor is installed. To install the servers flavor, add the `--ìnstall-servers` parameter. Refer to [{{agent}} installation flavors](./install-elastic-agents.md#elastic-agent-installation-flavors) for details. + By default the {{agent}} basic flavor is installed. To install the servers flavor, add the `--install-servers` parameter. Refer to [{{agent}} installation flavors](./install-elastic-agents.md#elastic-agent-installation-flavors) for details. :::: diff --git a/reference/fleet/kubernetes-provider.md b/reference/fleet/kubernetes-provider.md index 71f0f602d3..b2bff04bab 100644 --- a/reference/fleet/kubernetes-provider.md +++ b/reference/fleet/kubernetes-provider.md @@ -150,11 +150,12 @@ For example, if the Kubernetes provider provides the following inventory: { "id": "1", "mapping:": {"namespace": "kube-system", "pod": {"name": "kube-controllermanger"}}, - "processors": {"add_fields": {"kuberentes.namespace": "kube-system", "kubernetes.pod": {"name": "kube-controllermanger"}} + "processors": {"add_fields": {"kuberentes.namespace": "kube-system", "kubernetes.pod": {"name": "kube-controllermanger"}}} + }, { "id": "2", "mapping:": {"namespace": "kube-system", "pod": {"name": "kube-scheduler"}}, - "processors": {"add_fields": {"kubernetes.namespace": "kube-system", "kubernetes.pod": {"name": "kube-scheduler"}} + "processors": {"add_fields": {"kubernetes.namespace": "kube-system", "kubernetes.pod": {"name": "kube-scheduler"}}} } ] ``` @@ -163,8 +164,8 @@ For example, if the Kubernetes provider provides the following inventory: ```json [ - {"kubernetes": {"id": "1", "namespace": {"name": "kube-system"}, "pod": {"name": "kube-controllermanger"}}, - {"kubernetes": {"id": "2", "namespace": {"name": "kube-system"}, "pod": {"name": "kube-scheduler"}}, + {"kubernetes": {"id": "1", "namespace": {"name": "kube-system"}, "pod": {"name": "kube-controllermanger"}}}, + {"kubernetes": {"id": "2", "namespace": {"name": "kube-system"}, "pod": {"name": "kube-scheduler"}}} ] ``` diff --git a/reference/fleet/ls-output-settings.md b/reference/fleet/ls-output-settings.md index 49c3dbc2ff..50ff011237 100644 --- a/reference/fleet/ls-output-settings.md +++ b/reference/fleet/ls-output-settings.md @@ -38,7 +38,6 @@ output { elasticsearch { hosts => ["http://localhost:9200"] <2> # cloud_id => "..." - data_stream => "true" api_key => "" <3> data_stream => true ssl_enabled => true diff --git a/reference/fleet/move_fields-processor.md b/reference/fleet/move_fields-processor.md index 817910e309..6b178aa68f 100644 --- a/reference/fleet/move_fields-processor.md +++ b/reference/fleet/move_fields-processor.md @@ -84,11 +84,11 @@ Your final event will be: ## Configuration settings [_configuration_settings_32] -| Name | Required | Default | Description | | -| --- | --- | --- | --- | --- | -| `from` | no | | Which field you want extract. This field and any nested fields will be moved into `to` unless they are filtered out. If empty, indicates event root. | | -| `fields` | no | | Which fields to extract from `from` and move to `to`. An empty list indicates all fields. | | -| `ignore_missing` | no | false | Ignore "not found" errors when extracting fields. | | -| `exclude` | no | | A list of fields to exclude and not move. | | -| `to` | yes | | These fields extract from `from` destination field prefix the `to` will base on fields root. | | +| Name | Required | Default | Description | +| --- | --- | --- | --- | +| `from` | no | | Which field you want extract. This field and any nested fields will be moved into `to` unless they are filtered out. If empty, indicates event root. | +| `fields` | no | | Which fields to extract from `from` and move to `to`. An empty list indicates all fields. | +| `ignore_missing` | no | false | Ignore "not found" errors when extracting fields. | +| `exclude` | no | | A list of fields to exclude and not move. | +| `to` | yes | | These fields extract from `from` destination field prefix the `to` will base on fields root. | diff --git a/reference/fleet/registered_domain-processor.md b/reference/fleet/registered_domain-processor.md index f601989011..1d0f64a077 100644 --- a/reference/fleet/registered_domain-processor.md +++ b/reference/fleet/registered_domain-processor.md @@ -22,7 +22,7 @@ This processor uses the Mozilla Public Suffix list to determine the value. field: dns.question.name target_field: dns.question.registered_domain target_etld_field: dns.question.top_level_domain - target_subdomain_field: dns.question.sudomain + target_subdomain_field: dns.question.subdomain ignore_missing: true ignore_failure: true ``` diff --git a/reference/fleet/secure-connections.md b/reference/fleet/secure-connections.md index df9d0e0af7..397c4f5118 100644 --- a/reference/fleet/secure-connections.md +++ b/reference/fleet/secure-connections.md @@ -224,7 +224,7 @@ To encrypt traffic between {{agent}}s, {{fleet-server}}, and {{es}}: `elastic-agent-cert-key` : The path to the private key to use as for {{agent}}'s connections to {{fleet-server}}. - `elastic-agent-cert-key` + `elastic-agent-cert-key-passphrase` : The path to the file that contains the passphrase for the mutual TLS private key that {{agent}} will use to connect to {{fleet-server}}. The file must only contain the characters of the passphrase, no newline or extra non-printing characters. This option is only used if the `elastic-agent-cert-key` is encrypted and requires a passphrase to use. `fleet-server-es-cert` diff --git a/reference/fleet/tls-overview.md b/reference/fleet/tls-overview.md index 3bedcc5a74..9c4517e65e 100644 --- a/reference/fleet/tls-overview.md +++ b/reference/fleet/tls-overview.md @@ -64,7 +64,7 @@ elastic-agent install --url=https://your-fleet-server.elastic.co:443 \ --certificate-authorities=/path/to/fleet-ca,/path/to/agent-ca \ --elastic-agent-cert=/path/to/agent-cert \ --elastic-agent-cert-key=/path/to/agent-cert-key \ ---elastic-agent-cert-key=/path/to/agent-cert-key-passphrase \ +--elastic-agent-cert-key-passphrase=/path/to/agent-cert-key-passphrase \ --fleet-server-es=https://es.elastic.com:443 \ --fleet-server-es-ca=/path/to/es-ca \ --fleet-server-es-cert=/path/to/fleet-es-cert \