elastic · vishaangelova · Nov 20, 2025 · Nov 19, 2025 · Nov 20, 2025
@@ -19,7 +19,7 @@ Use when
 :   Data collected by {{agent}} needs to be routed to different {{es}} clusters or non-{{es}} destinations depending on the content
 
 Example
-:   Let’s take an example of a Windows workstation, for which we are collecting different types of logs using the System and Windows integrations. These logs need to be sent to different {{es}} clusters and to S3 for backup and a mechanism to send it to other destinations such as different SIEM solutions. In addition, the {{es}} destination is derived based on the type of datastream and an organization identifier.
+:   Let’s take an example of a Windows workstation, for which we are collecting different types of logs using the System and Windows integrations. These logs need to be sent to different {{es}} clusters and to S3 for backup and a mechanism to send it to other destinations such as different SIEM solutions. In addition, the {{es}} destination is derived based on the type of data stream and an organization identifier.
 
     In such use cases, agents send the data to {{ls}} as a routing mechanism to different destinations. The System and Windows integrations must be installed on all {{es}} clusters to which the data is routed.
 

@@ -53,7 +53,7 @@ The metadata that is added to events varies by hosting provider. For examples, r
 | --- | --- | --- | --- |
 | `timeout` | No | `3s` | Maximum amount of time to wait for a successful response when detecting the hosting provider. If a timeout occurs, no instance metadata is added to the events. This makes it possible to enable this processor for all your deployments (in the cloud or on-premise). |
 | `providers` | No |  | List of provider names to use. If `providers` is not configured, all providers that do not access a remote endpoint are enabled by default. The list of providers may alternatively be configured with the environment variable `BEATS_ADD_CLOUD_METADATA_PROVIDERS`, by setting it to a comma-separated list of provider names.<br><br>The list of supported provider names includes:<br><br>* `alibaba` or `ecs` for the Alibaba Cloud provider (disabled by default).<br>* `azure` for Azure Virtual Machine (enabled by default).<br>* `digitalocean` for Digital Ocean (enabled by default).<br>* `aws` or `ec2` for Amazon Web Services (enabled by default).<br>* `gcp` for Google Compute Engine (enabled by default).<br>* `openstack` or `nova` for Openstack Nova (enabled by default).<br>* `openstack-ssl` or `nova-ssl` for Openstack Nova when SSL metadata APIs are enabled (enabled by default).<br>* `tencent` or `qcloud` for Tencent Cloud (disabled by default).<br>* `huawei` for Huawei Cloud (enabled by default).<br> |
-| `overwrite` | No | `false` | Whether to overwrite existing cloud fields. If `true`, the processoroverwrites existing `cloud.*` fields. |
+| `overwrite` | No | `false` | Whether to overwrite existing cloud fields. If `true`, the processor overwrites existing `cloud.*` fields. |
 
 The `add_cloud_metadata` processor supports SSL options to configure the http client used to query cloud metadata.
 

@@ -55,7 +55,7 @@ You can install only a single {{agent}} per host, which means you cannot run {{f
 
 Before deploying, you need to:
 
-* Obtain or generate a Cerfiticate Authority (CA) certificate.
+* Obtain or generate a Certificate Authority (CA) certificate.
 * Ensure components have access to the ports needed for communication.
 
 

@@ -64,5 +64,5 @@ For efficient annotation, application metadata retrieved by the Cloud Foundry cl
 | `client_secret` | Yes |  | Client Secret to authenticate with Cloud Foundry. |
 | `cache_duration` | No | `120s` | Maximum amount of time to cache an application’s metadata. |
 | `cache_retry_delay` | No | `20s` | Time to wait before trying to obtain an application’s metadata again in case of error. |
-| `ssl` | No |  | SSL configuration to use when connecting to Cloud Foundry. For a list ofavailable settings, refer to [SSL/TLS](/reference/fleet/elastic-agent-ssl-configuration.md), specificallythe settings under [Table 7, Common configuration options](/reference/fleet/elastic-agent-ssl-configuration.md#common-ssl-options) and [Table 8, Client configuration options](/reference/fleet/elastic-agent-ssl-configuration.md#client-ssl-options). |
+| `ssl` | No |  | SSL configuration to use when connecting to Cloud Foundry. For a list of available settings, refer to [SSL/TLS](/reference/fleet/elastic-agent-ssl-configuration.md), specifically the settings under [Table 7, Common configuration options](/reference/fleet/elastic-agent-ssl-configuration.md#common-ssl-options) and [Table 8, Client configuration options](/reference/fleet/elastic-agent-ssl-configuration.md#client-ssl-options). |
 
@@ -72,7 +72,7 @@ If the Docker daemon is restarted, the mounted socket will become invalid, and m
 | Name | Required | Default | Description |
 | --- | --- | --- | --- |
 | `host` | No | `unix:///var/run/docker.sock` | Docker socket (UNIX or TCP socket). |
-| `ssl` | No |  | SSL configuration to use when connecting to the Docker socket. For a list ofavailable settings, refer to [SSL/TLS](/reference/fleet/elastic-agent-ssl-configuration.md), specificallythe settings under [Table 7, Common configuration options](/reference/fleet/elastic-agent-ssl-configuration.md#common-ssl-options) and [Table 8, Client configuration options](/reference/fleet/elastic-agent-ssl-configuration.md#client-ssl-options). |
+| `ssl` | No |  | SSL configuration to use when connecting to the Docker socket. For a list of available settings, refer to [SSL/TLS](/reference/fleet/elastic-agent-ssl-configuration.md), specifically the settings under [Table 7, Common configuration options](/reference/fleet/elastic-agent-ssl-configuration.md#common-ssl-options) and [Table 8, Client configuration options](/reference/fleet/elastic-agent-ssl-configuration.md#client-ssl-options). |
 | `match_fields` | No |  | List of fields to match a container ID. At least one of the fields most hold a container ID to get the event enriched. |
 | `match_pids` | No | `["process.pid", "process.parent.pid"]` | List of fields that contain process IDs. If the process is running in Docker, the event will be enriched. |
 | `match_source` | No | `true` | Whether to match the container ID from a log path present in the `log.file.path` field. |

@@ -464,7 +464,7 @@ elastic-agent inspect components [--show-config]
     :   Use to display the configuration in all units.
 
     `--show-spec`
-    :   Use to get input/output runtime spectification for a component.
+    :   Use to get input/output runtime specification for a component.
 
 
 `--help`

@@ -8,7 +8,7 @@ products:
 
 # Rotate SSL/TLS CA certificates [certificates-rotation]
 
-In some scenarioes you may want to rotate your configured certificate authorities (CAs), for instance if your chosen CAs are due to expire. Refer to the following steps to rotate certificates between connected components:
+In some scenarios you may want to rotate your configured certificate authorities (CAs), for instance if your chosen CAs are due to expire. Refer to the following steps to rotate certificates between connected components:
 
 * [Rotating a {{fleet-server}} CA](#certificates-rotation-agent-fs)
 * [Rotating an {{es}} CA for connections from {{fleet-server}}](#certificates-rotation-fs-es)

@@ -53,5 +53,5 @@ If the necessary fields are not present in the event, the processor silently con
 | --- | --- | --- | --- |
 | `fields` | No |  | Field names that the processor reads from:<br><br>`source_ip`<br>:   Field containing the source IP address.<br><br>`source_port`<br>:   Field containing the source port.<br><br>`destination_ip`<br>:   Field containing the destination IP address.<br><br>`destination_port`<br>:   Field containing the destination port.<br><br>`iana_number`<br>:   Field containing the IANA number. The following protocol numbers are currently supported: 1 ICMP, 2 IGMP, 6 TCP, 17 UDP, 47 GRE, 58 ICMP IPv6, 88 EIGRP, 89 OSPF, 103 PIM, and 132 SCTP.<br><br>`transport`<br>:   Field containing the transport protocol. Used only when the `iana_number` field is not present.<br><br>`icmp_type`<br>:   Field containing the ICMP type.<br><br>`icmp_code`<br>:   Field containing the ICMP code.<br> |
 | `target` | No |  | Field that the computed hash is written to. |
-| `seed` | No |  | Seed for the community ID hash. Must be between 0 and 65535 (inclusive). Theseed can prevent hash collisions between network domains, such as a staging andproduction network that use the same addressing scheme. This setting results ina 16-bit unsigned integer that gets incorporated into all generated hashes. |
+| `seed` | No |  | Seed for the community ID hash. Must be between 0 and 65535 (inclusive). The seed can prevent hash collisions between network domains, such as a staging and production network that use the same addressing scheme. This setting results ina 16-bit unsigned integer that gets incorporated into all generated hashes. |
 
@@ -15,7 +15,7 @@ These tutorials explain how to apply a custom {{ilm-init}} policy to an integrat
 
 For certain features you’ll need to use a slightly different procedure to manage the index lifecycle:
 
-* APM: For verions 8.15 and later, refer to [Index lifecycle management](/solutions/observability/apm/index-lifecycle-management.md).
+* APM: For versions 8.15 and later, refer to [Index lifecycle management](/solutions/observability/apm/index-lifecycle-management.md).
 * Synthetic monitoring: Refer to [Manage data retention](/solutions/observability/synthetics/manage-data-retention.md).
 * Universal Profiling: Refer to [Universal Profiling index life cycle management](/solutions/observability/infra-and-hosts/universal-profiling-index-life-cycle-management.md).
 

@@ -153,4 +153,4 @@ To update the cloned index template:
 7. Move the `ecs@mappings` component template right below the `@package` component template.
 8. Save the index template.
 
-Roll over the data stream to apply the changes.
+Roll over the data stream to apply the changes.
@@ -94,7 +94,7 @@ When you install an integration, {{fleet}} creates two default `@custom` compone
 * A `@custom` component template allowing customization across all documents of a given data stream type, named following the pattern: `<data_stream_type>@custom`.
 * A `@custom` component template for each data stream, named following the pattern: `<name_of_data_stream>@custom`.
 
-The `@custom` component template specific to a datastream has higher precedence over the data stream type `@custom` component template.
+The `@custom` component template specific to a data stream has higher precedence over the data stream type `@custom` component template.
 
 You can edit a `@custom` component template to customize your {{es}} indices:
 

@@ -34,7 +34,7 @@ In this example, `http.request.body.content` is used as the source, and `http.re
 | Name | Required | Default | Description |
 | --- | --- | --- | --- |
 | `field` | Yes |  | Field used as the data source. |
-| `target` | Yes |  | Field to populate with the detected type. You can use the `@metadata.` prefixto set the value in the event metadata instead of fields. |
+| `target` | Yes |  | Field to populate with the detected type. You can use the `@metadata.` prefix to set the value in the event metadata instead of fields. |
 
 See [Conditions](/reference/fleet/dynamic-input-configuration.md#conditions) for a list of supported conditions.
 
@@ -18,7 +18,7 @@ The `inputs` section of the `elastic-agent.yml` file specifies how {{agent}} loc
 
 ## Sample metrics input configuration [elastic-agent-input-configuration-sample-metrics]
 
-By default {{agent}} collects system metrics, such as CPU, memory, network, and file system metrics, and sends them to the default output. For example, to define datastreams for `cpu`, `memory`, `network` and `filesystem` metrics, this is the configuration:
+By default {{agent}} collects system metrics, such as CPU, memory, network, and file system metrics, and sends them to the default output. For example, to define data streams for `cpu`, `memory`, `network` and `filesystem` metrics, this is the configuration:
 
 ```yaml
 - type: system/metrics <1>

@@ -10,7 +10,7 @@ products:
 
 Beginning with {{stack}} version 8.15, {{agent}} is no longer required to be run by a user with superuser privileges. You can now run agents in an `unprivileged` mode that does not require `root` access on Linux or macOS, or `admin` access on Windows. Being able to run agents without full administrative privileges is often a requirement in organizations where this kind of access is often limited.
 
-In general, agents running without full administrative privileges will perform and behave exactly as those run by a superuser. There are certain integrations and datastreams that are not available, however. If an integration requires root access, this is [indicated on the integration main page](#unprivileged-integrations).
+In general, agents running without full administrative privileges will perform and behave exactly as those run by a superuser. There are certain integrations and data streams that are not available, however. If an integration requires root access, this is [indicated on the integration main page](#unprivileged-integrations).
 
 You can also [change the privilege mode](#unprivileged-change-mode) of an {{agent}} after it has been installed.
 

@@ -106,7 +106,7 @@ Deprecated: Use the `action_limit` settings instead.
 :   Number of transactions allowed for a burst, controlling oversubscription on outbound buffer.
 
 `artifact_limit.max_body_byte_size`
-:   Maximum size in bytes of the artficact API request body.
+:   Maximum size in bytes of the artifact API request body.
 
 `ack_limit.max`
 :   Maximum number of agents that can call the ack API concurrently. It allows the user to avoid overloading the {{fleet-server}} from Ack API calls.
@@ -139,7 +139,7 @@ Deprecated: Use the `action_limit` settings instead.
 :   How frequently agents can submit status requests to the Fleet Server.
 
 `status_limit.burst`
-:   Burst of status requests to accomodate before falling back to the rate defined by interval.
+:   Burst of status requests to accommodate before falling back to the rate defined by interval.
 
 `status_limit.max_body_byte_size`
 :   Maximum size in bytes of the status API request body.
@@ -151,7 +151,7 @@ Deprecated: Use the `action_limit` settings instead.
 :   How frequently agents can submit file start upload requests to the Fleet Server.
 
 `upload_start_limit.burst`
-:   Burst of file start upload requests to accomodate before falling back to the rate defined by interval.
+:   Burst of file start upload requests to accommodate before falling back to the rate defined by interval.
 
 `upload_start_limit.max_body_byte_size`
 :   Maximum size in bytes of the uploadStart API request body.
@@ -163,7 +163,7 @@ Deprecated: Use the `action_limit` settings instead.
 :   How frequently agents can submit file end upload requests to the Fleet Server.
 
 `upload_end_limit.burst`
-:   Burst of file end upload requests to accomodate before falling back to the rate defined by interval.
+:   Burst of file end upload requests to accommodate before falling back to the rate defined by interval.
 
 `upload_end_limit.max_body_byte_size`
 :   Maximum size in bytes of the uploadEnd API request body.
@@ -175,15 +175,15 @@ Deprecated: Use the `action_limit` settings instead.
 :   How frequently agents can submit file chunk upload requests to the Fleet Server.
 
 `upload_chunk_limit.burst`
-:   Burst of file chunk upload requests to accomodate before falling back to the rate defined by interval.
+:   Burst of file chunk upload requests to accommodate before falling back to the rate defined by interval.
 
 `upload_chunk_limit.max_body_byte_size`
 :   Maximum size in bytes of the uploadChunk API request body.
 
 
 ## Scaling recommendations ({{ecloud}}) [scaling-recommendations]
 
-The following tables provide the minimum resource requirements and scaling guidelines based on the number of agents required by your deployment. It should be noted that these compute resource can be spread across multiple availability zones (for example: a 32GB RAM requirement can be satisfed with 16GB of RAM in 2 different zones).
+The following tables provide the minimum resource requirements and scaling guidelines based on the number of agents required by your deployment. It should be noted that these compute resource can be spread across multiple availability zones (for example: a 32GB RAM requirement can be satisfied with 16GB of RAM in 2 different zones).
 
 * [Resource requirements by number of agents](#resource-requirements-by-number-agents)
 

@@ -144,7 +144,7 @@ co.elastic.hints/processors.dissect.tokenizer: "%{key2} %{key1}"
 In the above sample the processor definition tagged with `1` would be executed first.
 
 ::::{important}
-Processor configuration is not supported on the datastream level, so annotations like `co.elastic.hints/<datastream>.processors` are ignored.
+Processor configuration is not supported on the data stream level, so annotations like `co.elastic.hints/<datastream>.processors` are ignored.
 ::::
 
 

@@ -37,7 +37,7 @@ Enabling deployment and cronjob metadata enrichment leads to an increase of Elas
 
 As an alternative to keeping the feature enabled and using more memory resources for {{agent}}, users can make use of ingest pipelines to add the missing fields of `kubernetes.deployment.name` and `kubernetes.cronjob.name`.
 
-Navigate to `state_pod` datastream under: **Kubernetes Integration Policy > Collect Kubernetes metrics from Kube-state-metrics > Kubernetes Pod Metrics**.
+Navigate to `state_pod` data stream under: **Kubernetes Integration Policy > Collect Kubernetes metrics from Kube-state-metrics > Kubernetes Pod Metrics**.
 
 Create the following custom ingest pipeline with two processors:
 

@@ -24,9 +24,9 @@ Note the following restrictions when installing {{agent}} on your system:
 
 
 ::::{admonition} New FIPS compatible install packages
-:class: note
+:applies_to: stack: preview 9.1
 
-{applies_to}`stack: preview 9.1` FIPS compatible binaries for {{agent}}, {{fleet}}, and other ingest tools are available for download. Look for the `Linux 64-bit (FIPS)` or `Linux aarch64 (FIPS)` platform option on the product [download page](https://www.elastic.co/downloads). Get more details about FIPS compatibility for {{agent}}, {{fleet}} and other ingest tools in [FIPS mode for Ingest tools](/deploy-manage/security/fips-ingest.md).
+FIPS compatible binaries for {{agent}}, {{fleet}}, and other ingest tools are available for download. Look for the `Linux 64-bit (FIPS)` or `Linux aarch64 (FIPS)` platform option on the product [download page](https://www.elastic.co/downloads). Get more details about FIPS compatibility for {{agent}}, {{fleet}} and other ingest tools in [FIPS mode for Ingest tools](/deploy-manage/security/fips-ingest.md).
 
 ::::