packages/system/manifest.yml

format_version: 3.0.2
name: system
title: System
version: "1.63.0"
description: Collect system logs and metrics from your servers with Elastic Agent.
type: integration
categories:
  - os_system
conditions:
  kibana:
    version: "^8.17.0"
screenshots:
  - src: /img/system-overview.png
    title: system overview
    size: 3226x1956
    type: image/png
  - src: /img/host-overview.png
    title: host overview
    size: 3258x5698
    type: image/png
icons:
  - src: /img/system.svg
    title: system
    size: 1000x1000
    type: image/svg+xml
policy_templates:
  - name: system
    title: System logs and metrics
    description: Collect logs and metrics from System instances
    inputs:
      - type: logfile
        title: Collect logs from System instances
        description: Collecting System auth and syslog logs from files
        vars:
          - name: condition
            title: Condition
            description: |
              Condition to filter when to apply this input. Refer to
              [Host provider](https://www.elastic.co/guide/en/fleet/current/host-provider.html)
              to find the available keys and to
              [Conditions](https://www.elastic.co/guide/en/fleet/current/dynamic-input-configuration.html#conditions)
              on how to use the available keys in conditions. It defaults to
              '${host.os_version} != "12 (bookworm)" and (${host.os_platform} != "amzn" or ${host.os_version} != "2023")'
            type: text
            multi: false
            required: false
            show_user: true
            default: ${host.os_version} != "12 (bookworm)" and (${host.os_platform} != "amzn" or ${host.os_version} != "2023")
      - type: journald
        title: Collect logs from System instances using Journald
        description: Collecting System auth and syslog logs using Journald
        vars:
          - name: condition
            title: Condition
            description: |
              Condition to filter when to apply this input. Refer to
              [Host provider](https://www.elastic.co/guide/en/fleet/current/host-provider.html)
              to find the available keys and to
              [Conditions](https://www.elastic.co/guide/en/fleet/current/dynamic-input-configuration.html#conditions)
              on how to use the available keys in conditions. It defaults to
              '${host.os_version} == "12 (bookworm)" or (${host.os_platform} == "amzn" and ${host.os_version} == "2023")'
            type: text
            multi: false
            required: false
            show_user: true
            default: ${host.os_version} == "12 (bookworm)" or (${host.os_platform} == "amzn" and ${host.os_version} == "2023")
      - type: winlog
        title: "Collect events from the Windows event log"
        description: "Collecting events from Windows event log"
      - type: system/metrics
        title: Collect metrics from System instances
        description: Collecting System core, CPU, diskio, entropy, filesystem, fsstat, load, memory, network, Network Summary, process, Process Summary, raid, service, socket, Socket Summary, uptime and users metrics
        vars:
          - name: system.hostfs
            type: text
            title: Proc Filesystem Directory
            multi: false
            required: false
            show_user: true
            description: The proc filesystem base directory.
      - type: httpjson
        title: Collect logs from third-party REST API (deprecated)
        description: Collect logs from third-party REST API (deprecated)
        vars:
          - name: url
            type: text
            title: URL of Splunk Enterprise Server
            description: i.e. scheme://host:port,  path is automatic
            show_user: true
            required: true
            default: https://server.example.com:8089
          - name: enable_request_tracer
            type: bool
            title: Enable request tracing
            multi: false
            required: false
            show_user: false
            description: The request tracer logs requests and responses to the agent's local file-system for debugging configurations. The logs are part of agent's diagnostics dump under `logs/httpjson/http-request-trace-<InputInstanceId>.ndjson`. Enabling this request tracing compromises security and should only be used for debugging. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-httpjson.html#_request_tracer_filename) for details.
          - name: username
            type: text
            title: Splunk REST API Username
            show_user: true
            required: false
          - name: password
            type: password
            title: Splunk REST API Password
            secret: true
            show_user: true
            required: false
          - name: token
            type: password
            title: Splunk Authorization Token
            secret: true
            description: |
              Bearer Token or Session Key, e.g. "Bearer eyJFd3e46..."
              or "Splunk 192fd3e...".  Cannot be used with username
              and password.
            show_user: true
            required: false
          - name: preserve_original_event
            required: true
            show_user: true
            title: Preserve original event
            description: Preserves a raw copy of the original event, added to the field `event.original`
            type: bool
            multi: false
            default: false
          - name: ssl
            type: yaml
            title: SSL Configuration
            description: i.e. certificate_authorities, supported_protocols, verification_mode etc.
            multi: false
            required: false
            show_user: false
            default: |
              #certificate_authorities:
              #  - |
              #    -----BEGIN CERTIFICATE-----
              #    MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF
              #    ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2
              #    MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB
              #    BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n
              #    fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl
              #    94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t
              #    /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP
              #    PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41
              #    CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O
              #    BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux
              #    8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D
              #    874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw
              #    3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA
              #    H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu
              #    8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0
              #    yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk
              #    sxSmbIUfc2SGJGCJD4I=
              #    -----END CERTIFICATE-----
owner:
  github: elastic/obs-infraobs-integrations
  type: elastic