elasticfleet: enabled: description: Enables or disables the Elastic Fleet process. This process is critical for managing Elastic Agents. advanced: True helpLink: elastic-fleet.html enable_manager_output: description: Setting this option to False should only be considered if there is at least one receiver node in the grid. If True, Elastic Agent will send events to the manager and receivers. If False, events will only be send to the receivers. advanced: True global: True forcedType: bool helpLink: elastic-fleet.html files: soc: elastic-defend-disabled-filters__yaml: title: Disabled Elastic Defend filters description: Enter the ID of the filter that should be disabled. syntax: yaml file: True global: True helpLink: elastic-fleet.html advanced: True elastic-defend-custom-filters__yaml: title: Custom Elastic Defend filters description: Enter custom filters seperated by --- syntax: yaml file: True global: True helpLink: elastic-fleet.html advanced: True logging: zeek: excluded: description: This is a list of Zeek logs that are excluded from being shipped through the data processing pipeline. If you remove a log from this list, Elastic Agent will attempt to process it. If an ingest node pipeline is not available to process the logs, you may experience errors. forcedType: "[]string" helpLink: zeek.html config: defend_filters: enable_auto_configuration: description: Enable auto-configuration and management of the Elastic Defend Exclusion filters. global: True helpLink: elastic-fleet.html advanced: True subscription_integrations: description: Enable the installation of integrations that require an Elastic license. global: True forcedType: bool helpLink: elastic-fleet.html auto_upgrade_integrations: description: Enables or disables automatically upgrading Elastic Agent integrations. global: True forcedType: bool helpLink: elastic-fleet.html outputs: logstash: bulk_max_size: description: The maximum number of events to bulk in a single Logstash request. global: True forcedType: int advanced: True helpLink: elastic-fleet.html worker: description: The number of workers per configured host publishing events. global: True forcedType: int advanced: true helpLink: elastic-fleet.html queue_mem_events: title: queued events description: The number of events the queue can store. This value should be evenly divisible by the smaller of 'bulk_max_size' to avoid sending partial batches to the output. global: True forcedType: int advanced: True helpLink: elastic-fleet.html timeout: description: The number of seconds to wait for responses from the Logstash server before timing out. Eg 30s regex: ^[0-9]+s$ advanced: True global: True helpLink: elastic-fleet.html loadbalance: description: If true and multiple Logstash hosts are configured, the output plugin load balances published events onto all Logstash hosts. If false, the output plugin sends all events to one host (determined at random) and switches to another host if the selected one becomes unresponsive. forcedType: bool advanced: True global: True helpLink: elastic-fleet.html compression_level: description: The gzip compression level. The compression level must be in the range of 1 (best speed) to 9 (best compression). regex: ^[1-9]$ forcedType: int advanced: True global: True helpLink: elastic-fleet.html server: custom_fqdn: description: Custom FQDN for Agents to connect to. One per line. global: True helpLink: elastic-fleet.html advanced: True forcedType: "[]string" enable_auto_configuration: description: Enable auto-configuration of Logstash Outputs & Fleet Host URLs. global: True helpLink: elastic-fleet.html advanced: True endpoints_enrollment: description: Endpoint enrollment key. global: True helpLink: elastic-fleet.html sensitive: True advanced: True es_token: description: Elastic auth token. global: True helpLink: elastic-fleet.html sensitive: True advanced: True grid_enrollment: description: Grid enrollment key. global: True helpLink: elastic-fleet.html sensitive: True advanced: True optional_integrations: sublime_platform: enabled_nodes: description: Fleet nodes with the Sublime Platform integration enabled. Enter one per line. global: True helpLink: elastic-fleet.html advanced: True forcedType: "[]string" api_key: description: API key for Sublime Platform. global: True helpLink: elastic-fleet.html advanced: True forcedType: string sensitive: True base_url: description: Base URL for Sublime Platform. global: True helpLink: elastic-fleet.html advanced: True forcedType: string poll_interval: description: Poll interval for alerts from Sublime Platform. global: True helpLink: elastic-fleet.html advanced: True forcedType: string limit: description: The maximum number of message groups to return from Sublime Platform. global: True helpLink: elastic-fleet.html advanced: True forcedType: int kismet: base_url: description: Base URL for Kismet. global: True helpLink: elastic-fleet.html advanced: True forcedType: string poll_interval: description: Poll interval for wireless device data from Kismet. Integration is currently configured to return devices seen as active by any Kismet sensor within the last 10 minutes. global: True helpLink: elastic-fleet.html advanced: True forcedType: string api_key: description: API key for Kismet. global: True helpLink: elastic-fleet.html advanced: True forcedType: string sensitive: True enabled_nodes: description: Fleet nodes with the Kismet integration enabled. Enter one per line. global: True helpLink: elastic-fleet.html advanced: True forcedType: "[]string"