diff --git a/docs/a.yml b/docs/a.yml deleted file mode 100644 index 535c6dc31d7..00000000000 --- a/docs/a.yml +++ /dev/null @@ -1 +0,0 @@ -# delete me \ No newline at end of file diff --git a/docs/apm-tune-elasticsearch.asciidoc b/docs/apm-tune-elasticsearch.asciidoc deleted file mode 100644 index 518fbdec244..00000000000 --- a/docs/apm-tune-elasticsearch.asciidoc +++ /dev/null @@ -1,22 +0,0 @@ -[[apm-tune-elasticsearch]] -=== Tune {es} for data ingestion - -++++ -Tune {es} -++++ - -The {es} Reference provides insight on tuning {es}. - -{ref}/tune-for-indexing-speed.html[Tune for indexing speed] provides information on: - -* Refresh interval -* Disabling swapping -* Optimizing file system cache -* Considerations regarding faster hardware -* Setting the indexing buffer size - -{ref}/tune-for-disk-usage.html[Tune for disk usage] provides information on: - -* Disabling unneeded features -* Shard size -* Shrink index diff --git a/docs/integrations-index.asciidoc b/docs/integrations-index.asciidoc index 969db9e096c..dc4e2a42dab 100644 --- a/docs/integrations-index.asciidoc +++ b/docs/integrations-index.asciidoc @@ -64,6 +64,8 @@ include::apm-components.asciidoc[] include::apm-quick-start.asciidoc[] +include::./legacy/setting-up-and-running.asciidoc[] + include::data-model.asciidoc[] include::features.asciidoc[] @@ -127,11 +129,6 @@ include::./legacy/overview.asciidoc[] include::./legacy/getting-started-apm-server.asciidoc[] -include::./legacy/setting-up-and-running.asciidoc[] - -// TODO: This section needs to integrate above -include::./legacy/data-ingestion.asciidoc[] - :beat-specific-security: {docdir}/legacy/security.asciidoc include::{libbeat-dir}/shared-securing-beat.asciidoc[leveloffset=+1] diff --git a/docs/legacy/copied-from-beats/docs/command-reference.asciidoc b/docs/legacy/copied-from-beats/docs/command-reference.asciidoc index 9531d4d2c61..05361f722c9 100644 --- a/docs/legacy/copied-from-beats/docs/command-reference.asciidoc +++ b/docs/legacy/copied-from-beats/docs/command-reference.asciidoc @@ -34,7 +34,6 @@ ifdef::serverless[] endif::serverless[] :help-command-short-desc: Shows help for any command -:keystore-command-short-desc: Manages the <> :modules-command-short-desc: Manages configured modules :package-command-short-desc: Packages the configuration and executable into a zip file :remove-command-short-desc: Removes the specified function from your serverless environment @@ -65,6 +64,8 @@ endif::[] Command reference ++++ +IMPORTANT: These commands only apply to the APM Server binary installation method. + ifndef::no_dashboards[] {beatname_uc} provides a command-line interface for starting {beatname_uc} and performing common tasks, like testing configuration files and loading dashboards. @@ -105,9 +106,6 @@ ifdef::apm-server[] endif::[] |<> |{export-command-short-desc}. |<> |{help-command-short-desc}. -ifndef::serverless[] -|<> |{keystore-command-short-desc}. -endif::[] ifeval::["{beatname_lc}"=="functionbeat"] |<> |{package-command-short-desc}. |<> |{remove-command-short-desc}. @@ -432,65 +430,6 @@ Specifies the name of the command to show help for. {beatname_lc} help export ----- -ifndef::serverless[] -[float] -[[keystore-command]] -==== `keystore` command - -{keystore-command-short-desc}. - -*SYNOPSIS* - -["source","sh",subs="attributes"] ----- -{beatname_lc} keystore SUBCOMMAND [FLAGS] ----- - -*`SUBCOMMAND`* - -*`add KEY`*:: -Adds the specified key to the keystore. Use the `--force` flag to overwrite an -existing key. Use the `--stdin` flag to pass the value through `stdin`. - -*`create`*:: -Creates a keystore to hold secrets. Use the `--force` flag to overwrite the -existing keystore. - -*`list`*:: -Lists the keys in the keystore. - -*`remove KEY`*:: -Removes the specified key from the keystore. - -*FLAGS* - -*`--force`*:: -Valid with the `add` and `create` subcommands. When used with `add`, overwrites -the specified key. When used with `create`, overwrites the keystore. - -*`--stdin`*:: -When used with `add`, uses the stdin as the source of the key's value. - -*`-h, --help`*:: -Shows help for the `keystore` command. - - -{global-flags} - -*EXAMPLES* - -["source","sh",subs="attributes"] ------ -{beatname_lc} keystore create -{beatname_lc} keystore add ES_PWD -{beatname_lc} keystore remove ES_PWD -{beatname_lc} keystore list ------ - -See <> for more examples. - -endif::[] - ifeval::["{beatname_lc}"=="functionbeat"] [float] [[package-command]] diff --git a/docs/legacy/copied-from-beats/docs/https.asciidoc b/docs/legacy/copied-from-beats/docs/https.asciidoc index 9692b7abe57..f8d22215bd7 100644 --- a/docs/legacy/copied-from-beats/docs/https.asciidoc +++ b/docs/legacy/copied-from-beats/docs/https.asciidoc @@ -32,18 +32,10 @@ For example: output.elasticsearch: hosts: ["https://myEShost:9200"] username: "{beat_default_index_prefix}_writer" <1> - password: "{pwd}" <2> + password: "{pwd}" ---------------------------------------------------------------------- <1> This user needs the privileges required to publish events to {es}. To create a user like this, see <>. -<2> This example shows a hard-coded password, but you should store sensitive -values -ifndef::serverless[] -in the <>. -endif::[] -ifdef::serverless[] -in environment variables. -endif::[] -- * To use token-based *API key authentication*, specify the `api_key` under `output.elasticsearch`. @@ -136,17 +128,9 @@ For example, specify a unique username and password to connect to {kib} like thi setup.kibana: host: "mykibanahost:5601" username: "{beat_default_index_prefix}_kib_setup" <1> - password: "{pwd}" <2> + password: "{pwd}" ---- <1> This user needs privileges required to set up dashboards -<2> This example shows a hard-coded password, but you should store sensitive -values -ifndef::serverless[] -in the <>. -endif::[] -ifdef::serverless[] -in environment variables. -endif::[] endif::no_dashboards[] -- diff --git a/docs/legacy/copied-from-beats/docs/keystore.asciidoc b/docs/legacy/copied-from-beats/docs/keystore.asciidoc deleted file mode 100644 index fd2247c0f1e..00000000000 --- a/docs/legacy/copied-from-beats/docs/keystore.asciidoc +++ /dev/null @@ -1,122 +0,0 @@ -////////////////////////////////////////////////////////////////////////// -//// This content is shared by all Elastic Beats. Make sure you keep the -//// descriptions here generic enough to work for all Beats that include -//// this file. When using cross references, make sure that the cross -//// references resolve correctly for any files that include this one. -//// Use the appropriate variables defined in the index.asciidoc file to -//// resolve Beat names: beatname_uc and beatname_lc -//// Use the following include to pull this content into a doc file: -//// include::../../libbeat/docs/keystore.asciidoc[] -////////////////////////////////////////////////////////////////////////// - -[[keystore]] -=== Secrets keystore for secure settings - -++++ -Secrets keystore -++++ - -When you configure {beatname_uc}, you might need to specify sensitive settings, -such as passwords. Rather than relying on file system permissions to protect -these values, you can use the {beatname_uc} keystore to securely store secret -values for use in configuration settings. - -After adding a key and its secret value to the keystore, you can use the key in -place of the secret value when you configure sensitive settings. - -The syntax for referencing keys is identical to the syntax for environment -variables: - -`${KEY}` - -Where KEY is the name of the key. - -For example, imagine that the keystore contains a key called `ES_PWD` with the -value `yourelasticsearchpassword`: - -* In the configuration file, use `output.elasticsearch.password: "${ES_PWD}"` -* On the command line, use: `-E "output.elasticsearch.password=\${ES_PWD}"` - -When {beatname_uc} unpacks the configuration, it resolves keys before resolving -environment variables and other variables. - -Notice that the {beatname_uc} keystore differs from the {es} keystore. -Whereas the {es} keystore lets you store `elasticsearch.yml` values by -name, the {beatname_uc} keystore lets you specify arbitrary names that you can -reference in the {beatname_uc} configuration. - -To create and manage keys, use the `keystore` command. See the -<> for the full command syntax, including -optional flags. - -NOTE: The `keystore` command must be run by the same user who will run -{beatname_uc}. - -[float] -[[creating-keystore]] -=== Create a keystore - -To create a secrets keystore, use: - -["source","sh",subs="attributes"] ----------------------------------------------------------------- -{beatname_lc} keystore create ----------------------------------------------------------------- - - -{beatname_uc} creates the keystore in the directory defined by the `path.data` -configuration setting. - -[float] -[[add-keys-to-keystore]] -=== Add keys - -To store sensitive values, such as authentication credentials for {es}, -use the `keystore add` command: - -["source","sh",subs="attributes"] ----------------------------------------------------------------- -{beatname_lc} keystore add ES_PWD ----------------------------------------------------------------- - - -When prompted, enter a value for the key. - -To overwrite an existing key's value, use the `--force` flag: - -["source","sh",subs="attributes"] ----------------------------------------------------------------- -{beatname_lc} keystore add ES_PWD --force ----------------------------------------------------------------- - -To pass the value through stdin, use the `--stdin` flag. You can also use -`--force`: - -["source","sh",subs="attributes"] ----------------------------------------------------------------- -cat /file/containing/setting/value | {beatname_lc} keystore add ES_PWD --stdin --force ----------------------------------------------------------------- - - -[float] -[[list-settings]] -=== List keys - -To list the keys defined in the keystore, use: - -["source","sh",subs="attributes"] ----------------------------------------------------------------- -{beatname_lc} keystore list ----------------------------------------------------------------- - - -[float] -[[remove-settings]] -=== Remove keys - -To remove a key from the keystore, use: - -["source","sh",subs="attributes"] ----------------------------------------------------------------- -{beatname_lc} keystore remove ES_PWD ----------------------------------------------------------------- diff --git a/docs/legacy/copied-from-beats/docs/shared-directory-layout.asciidoc b/docs/legacy/copied-from-beats/docs/shared-directory-layout.asciidoc index 1d5db8ea70b..83f4fb6ae13 100644 --- a/docs/legacy/copied-from-beats/docs/shared-directory-layout.asciidoc +++ b/docs/legacy/copied-from-beats/docs/shared-directory-layout.asciidoc @@ -10,103 +10,25 @@ ////////////////////////////////////////////////////////////////////////// [[directory-layout]] -=== Directory layout +=== Installation layout -// lint disable usr +View the installation layout and default paths for both Fleet-managed APM Server and the APM Server binary. -The directory layout of an installation is as follows: - -[cols="> in the configuration file. -endif::serverless[] - -[float] -==== Default paths - -{beatname_uc} uses the following default paths unless you explicitly change them. - -ifdef::deb_os,rpm_os[] [float] -===== deb and rpm -[cols="> -* <> - - +[float] [[tune-apm-server]] === Tune APM Server -++++ -APM Server -++++ - * <> * <> * <> [[add-apm-server-instances]] [float] -==== Add APM Server instances +==== Add APM Server or {agent} instances If the APM Server cannot process data quickly enough, you will see request timeouts. - One way to solve this problem is to increase processing power. -This can be done by either migrating your APM Server to a more powerful machine -or adding more APM Server instances. + +Increase processing power by either migrating to a more powerful machine +or adding more APM Server/Elastic Agent instances. Having several instances will also increase <>. [[reduce-payload-size]] @@ -49,18 +42,20 @@ Read more in the {apm-agents-ref}/index.html[agents documentation]. Agents make use of long running requests and flush as many events over a single request as possible. Thus, the rate limiter for anonymous authentication is bound to the number of _events_ sent per second, per IP. -If the event rate limit is hit while events on an established request are sent, the request is not immediately terminated. The intake of events is only throttled to <>, which means that events are queued and processed slower. Only when the allowed buffer queue is also full, does the request get terminated with a `429 - rate limit exceeded` HTTP response. If an agent tries to establish a new request, but the rate limit is already hit, a `429` will be sent immediately. +If the event rate limit is hit while events on an established request are sent, the request is not immediately terminated. The intake of events is only throttled to anonymous event rate limit, which means that events are queued and processed slower. Only when the allowed buffer queue is also full, does the request get terminated with a `429 - rate limit exceeded` HTTP response. If an agent tries to establish a new request, but the rate limit is already hit, a `429` will be sent immediately. -Increasing the <> default value will help avoid `rate limit exceeded` errors. +Increasing the default value for the following configuration variable will help avoid `rate limit exceeded` errors: -[[tune-es]] -=== Tune {es} +|==== +| APM Server binary | <> +| Fleet-managed | `Anonymous Event rate limit (event limit)` +|==== -++++ -{es} -++++ +[float] +[[apm-tune-elasticsearch]] +=== Tune {es} -The {es} reference provides insight on tuning {es}. +The {es} Reference provides insight on tuning {es}. {ref}/tune-for-indexing-speed.html[Tune for indexing speed] provides information on: diff --git a/docs/legacy/getting-started-apm-server.asciidoc b/docs/legacy/getting-started-apm-server.asciidoc index 83dcaf87325..55718d6e38a 100644 --- a/docs/legacy/getting-started-apm-server.asciidoc +++ b/docs/legacy/getting-started-apm-server.asciidoc @@ -238,15 +238,13 @@ apm-server: output.elasticsearch: hosts: ["localhost:9200"] <2> username: "elastic" <3> - password: "changeme" <4> + password: "changeme" ---- <1> The `host:port` APM Server listens on. <2> The {es} `host:port` to connect to. <3> This example uses basic authentication. The user provided here needs the privileges required to publish events to {es}. To create a dedicated user for this role, see <>. -<4> We've hard-coded the password here, -but you should store sensitive values in the <>. All available configuration options are outlined in {apm-server-ref-v}/configuring-howto-apm-server.html[configuring APM Server]. @@ -300,7 +298,7 @@ sudo -u apm-server apm-server [] ---------------------------------- By default, APM Server loads its configuration file from `/etc/apm-server/apm-server.yml`. -See the <<_deb_and_rpm,deb & rpm default paths>> for a full directory layout. +See the <> for a full directory layout. // ******************************************************* // STEP 4 diff --git a/docs/legacy/high-availability.asciidoc b/docs/legacy/high-availability.asciidoc index 06a9144a38b..07f14db747f 100644 --- a/docs/legacy/high-availability.asciidoc +++ b/docs/legacy/high-availability.asciidoc @@ -16,3 +16,5 @@ but instead leverages an HTTP request timeout to act as back-pressure. If {es} goes down, the APM Server will eventually deny incoming requests. Both the APM Server and {apm-agent}(s) will issue logs accordingly. + +TIP: Fleet-managed APM Server users might also be interested in {fleet-guide}/fleet-agent-proxy-support.html[Fleet/Agent proxy support]. \ No newline at end of file diff --git a/docs/legacy/secure-communication-agents.asciidoc b/docs/legacy/secure-communication-agents.asciidoc index d3164089d43..15cf3cad5de 100644 --- a/docs/legacy/secure-communication-agents.asciidoc +++ b/docs/legacy/secure-communication-agents.asciidoc @@ -486,7 +486,6 @@ This option is required if certificate is specified. ===== `elasticsearch.ssl.key_passphrase` An optional passphrase used to decrypt an encrypted key stored in the configured key file. -It is recommended to use the provided keystore instead of entering the passphrase in plain text. [float] ===== `elasticsearch.ssl.cipher_suites` @@ -554,8 +553,6 @@ Here's how you set the secret token in APM Server: apm-server.auth.secret_token: ---- -We recommend saving the token in the APM Server <>. - IMPORTANT: Secret tokens are not applicable for the RUM agent, as there is no way to prevent them from being publicly exposed. diff --git a/docs/legacy/setting-up-and-running.asciidoc b/docs/legacy/setting-up-and-running.asciidoc index 042ead0df62..14940df4694 100644 --- a/docs/legacy/setting-up-and-running.asciidoc +++ b/docs/legacy/setting-up-and-running.asciidoc @@ -1,9 +1,9 @@ [[setting-up-and-running]] -== Set up APM Server +== APM Server advanced setup ++++ -Set up +Advanced setup ++++ Before reading this section, see the <> @@ -12,17 +12,16 @@ for basic installation and running instructions. This section includes additional information on how to set up and run APM Server, including: * <> -* <> * <> * <> * <> include::{libbeat-dir}/shared-directory-layout.asciidoc[] -include::{libbeat-dir}/keystore.asciidoc[] - include::{libbeat-dir}/command-reference.asciidoc[] +include::./data-ingestion.asciidoc[] + include::./high-availability.asciidoc[] include::{libbeat-dir}/shared-systemd.asciidoc[] diff --git a/docs/legacy/ssl-input-settings.asciidoc b/docs/legacy/ssl-input-settings.asciidoc index 066425b6d86..9f4cdfb5f1a 100644 --- a/docs/legacy/ssl-input-settings.asciidoc +++ b/docs/legacy/ssl-input-settings.asciidoc @@ -26,7 +26,6 @@ Required if `apm-server.ssl.enabled` is `true`. ==== `key_passphrase` The passphrase used to decrypt an encrypted key stored in the configured `key` file. -We recommend saving the `key_passphrase` in the APM Server <>. [float] ==== `supported_protocols` diff --git a/docs/legacy/troubleshooting.asciidoc b/docs/legacy/troubleshooting.asciidoc index 827f1ce88bf..071958ebf0b 100644 --- a/docs/legacy/troubleshooting.asciidoc +++ b/docs/legacy/troubleshooting.asciidoc @@ -12,7 +12,7 @@ Other sections in the documentation may also be helpful: * <> * <> -* <> +* <> * {apm-overview-ref-v}/agent-server-compatibility.html[Agent/Server compatibility matrix] If your issue is potentially related to other components of the APM ecosystem, diff --git a/docs/manage-storage.asciidoc b/docs/manage-storage.asciidoc index 48ef3e373bf..42fe7fc2aaa 100644 --- a/docs/manage-storage.asciidoc +++ b/docs/manage-storage.asciidoc @@ -206,5 +206,3 @@ POST /.ds-*-apm*/_update_by_query?expand_wildcards=all // CONSOLE TIP: Remember to also change the service name in the {apm-agents-ref}/index.html[{apm-agent} configuration]. - -include::./apm-tune-elasticsearch.asciidoc[] diff --git a/docs/tab-widgets/directory-layout-widget.asciidoc b/docs/tab-widgets/directory-layout-widget.asciidoc new file mode 100644 index 00000000000..e92c7169342 --- /dev/null +++ b/docs/tab-widgets/directory-layout-widget.asciidoc @@ -0,0 +1,59 @@ +++++ +
+
+ + + +
+ +
+++++ + +include::directory-layout.asciidoc[tag=docker] + +++++ +
+ +
+++++ \ No newline at end of file diff --git a/docs/tab-widgets/directory-layout.asciidoc b/docs/tab-widgets/directory-layout.asciidoc new file mode 100644 index 00000000000..9586af2f626 --- /dev/null +++ b/docs/tab-widgets/directory-layout.asciidoc @@ -0,0 +1,58 @@ +// tag::zip[] + +[cols="