Understanding Headers in Elastic Agents: Normal Mode vs. Fleet Server Mode
Elastic Agents are flexible and powerful tools used within the Elastic Stack for collecting and shipping logs, metrics, and other data to Elasticsearch. However, the headers they use can vary depending on whether they are running in “normal” mode or acting as a Fleet Server. Let’s explore these differences.
Please note that a fleet server is just a special instance of an elastic agent, runnin in “normal” mode. See What is Fleet Server? | Elastic for details.
Headers Used in Normal Mode
When an Elastic Agent is running in its standard mode, it primarily focuses on collecting and sending data to Elasticsearch or a Logstash service. Some common headers seen in this mode include:
- Authorization: This header is used to pass the API token or credentials necessary for authenticating with Elasticsearch or Kibana, and starts with “ApiKey”
- User-Agent: This header provides information about the Elastic Agent version and its environment, such as the operating system and agent version. It starts with “Elastic-Agent”.
Headers Used When Acting as a Fleet Server
In addition to the standard headers used by Elastic Agents, when an agent is running as a Fleet Server, it assumes additional responsibilities, requiring the use of the above headers with different content. Some of these headers include:
- Authorization: This header is used to pass the Bearer token or credentials necessary for authenticating with Elasticsearch or Kibana, and starts with “Bearer”
- User-Agent: This header describes, that when the Elastic Agent is running as a Fleet Server, besides containing version and its environment, such as the operating system. It starts with “Elastic-Fleet-Server”.
Conclusion
Understanding the different headers used by Elastic Agents in various modes is essential for ensuring smooth operation within your Elastic deployment, especially when you have some network gateways between the agent or fleet server and the Elasticsearch service.
Reinhold Trocker
Author
