Skip to content

[Agent] New serverless config example for Logstash output 8.19 #1893

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
karenzone merged 4 commits into from
Feb 23, 2026
+34 −8
Merged

[Agent] New serverless config example for Logstash output 8.19 #1893

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
b7ac0ab
[Agent] New serverless config example for Logstash output 8.19
karenzone Feb 20, 2026
c6c2a69
Fix new headings
karenzone Feb 23, 2026
e056611
Merge branch '8.19' into 5193-ls-output-8.19
karenzone Feb 23, 2026
6ae8179
Update docs/en/ingest-management/security/logstash-certificates.asciidoc
karenzone Feb 23, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .../ingest-management/elastic-agent/configuration/outputs/output-logstash.asciidoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ We recommend that the pipeline doesn’t edit or remove the fields and their con
Editing the structure of the documents coming from {agent} can prevent the {es} ingest pipelines associated to the integrations in use to work correctly.
We cannot guarantee that the {es} ingest pipelines associated to the integrations using {agent} can work with missing or modified fields.

The following {ls} pipeline definition example configures a pipeline that listens on port `5044` for
This {ls} pipeline definition example configures a pipeline that listens on port `5044` for
incoming {agent} connections and routes received events to {es}.


Expand Down
40 changes: 33 additions & 7 deletions docs/en/ingest-management/security/logstash-certificates.asciidoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -112,12 +112,40 @@ add the following configuration. Replace the path to your file.
path.config: "/etc/path/to/elastic-agent-pipeline.conf"
----

In the `elastic-agent-pipeline.conf` file, add the pipeline configuration. Note
that the configuration needed for {ess} on {ecloud} is different from
In the `elastic-agent-pipeline.conf` file, add the pipeline configuration.
The configuration needed on {ecloud} is different from
self-managed {es} clusters. If you copied the configuration shown in {fleet},
adjust it as needed.

{ess} example:
[discrete]
=== {es-serverless} example

[source,text]
----
input {
elastic_agent {
port => 5044
ssl_enabled => true
ssl_certificate_authorities => ["/path/to/ca.crt"]
ssl_certificate => "/path/to/logstash.crt"
ssl_key => "/path/to/logstash.pkcs8.key"
ssl_client_authentication => "required"
}
}

output {
elasticsearch {
hosts => "ELASTICSEARCH_ENDPOINT_URL" <1>
api_key => "xxxx:xxxx" <2>
data_stream => true
}
}
----
<1> The {es} endpoint URL for your {es-serverless} project is available in **Application endpoints, cluster and component IDs**. Select **Manage** next to your project to access this information.
<2> In {fleet}, you can generate this API key when you add a {ls} output.

[discrete]
=== {ech} example

[source,text]
----
Expand All @@ -137,16 +165,14 @@ output {
cloud_id => "xxxx:xxxxxxxxxxxxxxxxxxxxxxxxxxxxx=" <1>
api_key => "xxxx:xxxx" <2>
data_stream => true
ssl => true <3>
}
}
----
<1> Use the `cloud_id` shown on your deployment page in {ecloud}.
<2> In {fleet}, you can generate this API key when you add a {ls} output.
<3> {ess} uses standard publicly trusted certificates, so there's no need
specify other SSL settings here.

Self-managed {es} cluster example:
[discrete]
=== Self-managed {es} cluster example

[source,text]
----
Expand Down