elastic · carsonip · May 15, 2023 · May 10, 2023 · May 10, 2023 · May 10, 2023
@@ -1,5 +1,5 @@
 [[configure-agent-config]]
-== Configure APM agent configuration
+= Configure APM agent configuration
 
 ++++
 <titleabbrev>APM agent configuration</titleabbrev>
@@ -19,14 +19,14 @@ apm-server.agent.config.elasticsearch.api_key: TiNAGG4BaaMdaH1tRfuU:KnR6yE41RrSo
 ----
 
 [float]
-=== APM agent configuration options
+== APM agent configuration options
 
 You can specify the following options in the `apm-server.agent.config` section of the
 +{beatname_lc}.yml+ config file:
 
 [float]
 [[agent-config-cache]]
-==== `apm-server.agent.config.cache.expiration`
+=== `apm-server.agent.config.cache.expiration`
 
 When using APM agent configuration, information fetched from {es} will be cached in memory for some time.
 Specify the cache expiration time via this setting. Defaults to `30s` (30 seconds).
@@ -43,7 +43,7 @@ configuration. If `output.elasticsearch` isn't set or doesn't have sufficient pr
 use these {es} options to provide {es} access.
 
 [float]
-=== Common problems
+== Common problems
 
 You may see either of the following HTTP 403 errors from APM Server when it attempts to fetch APM agent configuration:
 

@@ -1,5 +1,5 @@
 [[configuration-anonymous]]
-== Anonymous auth configuration options
+= Anonymous auth configuration options
 
 ++++
 <titleabbrev>Anonymous authentication</titleabbrev>
@@ -29,7 +29,7 @@ IMPORTANT: All anonymous access configuration is ignored if
 
 [float]
 [[config-auth-anon-rum]]
-=== Real User Monitoring (RUM)
+== Real User Monitoring (RUM)
 
 If an <<api-key-legacy,API key>> or <<secret-token-legacy,secret token>> is configured,
 then anonymous authentication must be enabled to collect RUM data.
@@ -40,7 +40,7 @@ See <<configuration-rum>> for additional RUM configuration options.
 
 [float]
 [[config-auth-anon-mitigating]]
-=== Mitigating malicious requests
+== Mitigating malicious requests
 
 There are a few configuration variables that can mitigate the impact of malicious requests to an
 unauthenticated APM Server endpoint.
@@ -54,7 +54,7 @@ This allows you to specify the maximum number of requests allowed per unique IP
 
 [float]
 [[config-auth-anon-client-ip]]
-==== Deriving an incoming request's `client.ip` address
+=== Deriving an incoming request's `client.ip` address
 
 The remote IP address of an incoming request might be different
 from the end-user's actual IP address, for example, because of a proxy. For this reason,
@@ -69,7 +69,7 @@ If none of these headers are present, the remote address for the incoming reques
 
 [float]
 [[config-auth-anon-client-ip-concerns]]
-==== Using a reverse proxy or load balancer
+=== Using a reverse proxy or load balancer
 
 HTTP headers are easily modified;
 it's possible for anyone to spoof the derived `client.ip` value by changing or setting,
@@ -84,29 +84,29 @@ APM Server's rate limiting feature.
 
 [float]
 [[config-auth-anon]]
-=== Configuration reference
+== Configuration reference
 
 Specify the following options in the `apm-server.auth.anonymous` section of the `apm-server.yml` config file:
 
 [float]
 [[config-auth-anon-enabled]]
-==== `enabled`
+=== `enabled`
 
 Enable or disable anonymous authentication.
 
 Default: `false` (disabled)
 
 [float]
 [[config-auth-anon-allow-agent]]
-==== `allow_agent`
+=== `allow_agent`
 A list of permitted {apm-agent} names for anonymous authentication.
 Names in this list must match the agent's `agent.name`.
 
 Default: `[rum-js, js-base]` (only RUM agent events are accepted)
 
 [float]
 [[config-auth-anon-allow-service]]
-==== `allow_service`
+=== `allow_service`
 A list of permitted service names for anonymous authentication.
 Names in this list must match the agent's `service.name`.
 This can be used to limit the number of service-specific indices or data streams created.
@@ -115,7 +115,7 @@ Default: Not set (any service name is accepted)
 
 [float]
 [[config-auth-anon-ip-limit]]
-==== `rate_limit.ip_limit`
+=== `rate_limit.ip_limit`
 The number of unique IP addresses to track in an LRU cache.
 IP addresses in the cache will be rate limited according to the <<config-auth-anon-event-limit>> setting.
 Consider increasing this default if your application has many concurrent clients.
@@ -124,7 +124,7 @@ Default: `1000`
 
 [float]
 [[config-auth-anon-event-limit]]
-==== `rate_limit.event_limit`
+=== `rate_limit.event_limit`
 The maximum number of events allowed per second, per agent IP address.
 
 Default: `300`
@@ -0,0 +1,5 @@
+= Agent authorization
+
+Agent authorization APM Server configuration options.
+
+include::./tab-widgets/auth-config-widget.asciidoc[]
@@ -1,24 +1,6 @@
-//////////////////////////////////////////////////////////////////////////
-//// This content is shared by all Elastic Beats. Make sure you keep the
-//// descriptions here generic enough to work for all Beats that include
-//// this file. When using cross references, make sure that the cross
-//// references resolve correctly for any files that include this one.
-//// Use the appropriate variables defined in the index.asciidoc file to
-//// resolve Beat names: beatname_uc and beatname_lc.
-//// Use the following include to pull this content into a doc file:
-//// :standalone:
-//// include::../../libbeat/docs/shared-env-vars.asciidoc[]
-//// Specify :standalone: when this file is pulled into and index. When
-//// the file is embedded in another file, do no specify :standalone:
-//////////////////////////////////////////////////////////////////////////
-
-ifdef::standalone[]
-
-[[using-environ-vars]]
+[float]
 == Use environment variables in the configuration
 
-endif::[]
-
 You can use environment variable references in the config file to
 set values that need to be configurable during deployment. To do this, use:
 

@@ -1,5 +1,43 @@
 [[configuration-process]]
-== General configuration options
+= General configuration options
+
+General APM Server configuration options.
+
+include::./tab-widgets/general-config-widget.asciidoc[]
+
+[float]
+== Options
+
+Host::
+Defines the host and port the server is listening on.
+Use `"unix:/path/to.sock"` to listen on a Unix domain socket.
+Default: `127.0.0.1:8200`
++
+|====
+| APM Server binary | `apm-server.host`
+| Fleet-managed     | `Host`
+|====
+
+URL::
+The publicly reachable server URL. For deployments on Elastic Cloud or ECK, the default is unchangeable.
++
+|====
+| APM Server binary | N/A
+| Fleet-managed     | `URL`
+|====
+
+Maximum request header::
+Maximum permitted size of a request's header accepted by the server to be processed (in Bytes).
++
+|====
+| APM Server binary | `apm-server.max_header_size`
+| Fleet-managed     | `Maximum size of a request's header`
+|====
+
+
+
+
+
 
 Example config file:
 
@@ -31,64 +69,64 @@ output.elasticsearch:
 
 [float]
 [[configuration-apm-server]]
-=== Configuration options: `apm-server.*`
+== Configuration options: `apm-server.*`
 
 [[host]]
 [float]
-==== `host`
+=== `host`
 Defines the host and port the server is listening on.
 Use `"unix:/path/to.sock"` to listen on a Unix domain socket.
 Defaults to 'localhost:8200'.
 
 [[max_header_size]]
 [float]
-==== `max_header_size`
+=== `max_header_size`
 Maximum permitted size of a request's header accepted by the server to be processed (in Bytes).
 Defaults to 1048576 Bytes (1 MB).
 
 [[idle_timeout]]
 [float]
-==== `idle_timeout`
+=== `idle_timeout`
 Maximum amount of time to wait for the next incoming request before underlying connection is closed.
 Defaults to 45 seconds.
 
 [[read_timeout]]
 [float]
-==== `read_timeout`
+=== `read_timeout`
 Maximum permitted duration for reading an entire request.
 Defaults to 30 seconds.
 
 [[write_timeout]]
 [float]
-==== `write_timeout`
+=== `write_timeout`
 Maximum permitted duration for writing a response.
 Defaults to 30 seconds.
 
 [[shutdown_timeout]]
 [float]
-==== `shutdown_timeout`
+=== `shutdown_timeout`
 Maximum duration in seconds before releasing resources when shutting down the server.
 Defaults to 5 seconds.
 
 [[max_event_size]]
 [float]
-==== `max_event_size`
+=== `max_event_size`
 Maximum permitted size of an event accepted by the server to be processed (in Bytes).
 Defaults to 307200 Bytes.
 
 [float]
 [[configuration-other]]
-=== Configuration options: general
+== Configuration options: general
 
 [[max_connections]]
 [float]
-==== `max_connections`
+=== `max_connections`
 Maximum number of TCP connections to accept simultaneously.
 Default value is 0, which means _unlimited_.
 
 [[config-secret-token]]
 [float]
-==== `auth.secret_token`
+=== `auth.secret_token`
 Authorization token for sending data to the APM server.
 If a token is set, the agents must send it in the following format:
 Authorization: Bearer <secret-token>.
@@ -99,7 +137,7 @@ Read more about <<securing-apm-server, Securing APM Server>> and the <<secret-to
 
 [[config-secret-token-legacy]]
 [float]
-==== `secret_token`
+=== `secret_token`
 
 deprecated::[7.14.0, Replaced by `auth.secret_token`. See <<config-secret-token>>]
 
@@ -108,70 +146,70 @@ The old configuration will continue to work until 8.0.0, and the new configurati
 
 [[capture_personal_data]]
 [float]
-==== `capture_personal_data`
+=== `capture_personal_data`
 If true,
 APM Server captures the IP of the instrumented service and its User Agent if any.
 Enabled by default.
 
 [[default_service_environment]]
 [float]
-==== `default_service_environment`
+=== `default_service_environment`
 Sets the default service environment to associate with data and requests received from agents which have no service environment defined.
 
 [[expvar.enabled]]
 [float]
-==== `expvar.enabled`
+=== `expvar.enabled`
 When set to true APM Server exposes https://golang.org/pkg/expvar/[golang expvar].
 Disabled by default.
 
 [[expvar.url]]
 [float]
-==== `expvar.url`
+=== `expvar.url`
 Configure the URL to expose expvar.
 Defaults to `debug/vars`.
 
 [[instrumentation.enabled]]
 [float]
-==== `instrumentation.enabled`
+=== `instrumentation.enabled`
 Enables self instrumentation of the APM Server itself.
 Disabled by default.
 
 [float]
 [[configuration-tbs]]
-=== Configuration options: tail-based sampling
+== Configuration options: tail-based sampling
 
 [[sampling.tail.enabled]]
 [float]
-==== `sampling.tail.enabled`
+=== `sampling.tail.enabled`
 Set to `true` to enable tail based sampling.
 Disabled by default.
 
 [[sampling.tail.interval]]
 [float]
-==== `sampling.tail.interval`
+=== `sampling.tail.interval`
 Synchronization interval for multiple APM Servers.
 Should be in the order of tens of seconds or low minutes.
 
 [[sampling.tail.policies]]
 [float]
-==== `sampling.tail.policies`
+=== `sampling.tail.policies`
 Criteria used to match a root transaction to a sample rate.
 
 [float]
-=== Configuration options: `max_procs`
+== Configuration options: `max_procs`
 
 [[max_procs]]
 [float]
-==== `max_procs`
+=== `max_procs`
 Sets the maximum number of CPUs that can be executing simultaneously.
 The default is the number of logical CPUs available in the system.
 
 [float]
-=== Configuration options: `data_streams`
+== Configuration options: `data_streams`
 
 [[data_streams.wait_for_integration]]
 [float]
-==== `wait_for_integration`
+=== `wait_for_integration`
 Wait for the `apm` {fleet} integration to be installed by {kib}. Requires either <<kibana-enabled>>
 or for the <<elasticsearch-output, {es} output>> to be configured.
 Defaults to true.