Can We Temporarily Disable Filestream Integration for a Elastic Agent Policy to temporarily collect data instead of unenroll it?

josh_tran · December 11, 2025, 6:30am

Hi all,

Currently, my system is collecting log data using Filestream (Custom Logs integration). The thousand agents are managed by policies in the Fleet server.

The machines that have the Agents installed usually need to be checked and maintained, and we want to stop collecting data temporarily to investigate.

Is there any option to disable Filebeat on the Agents temporarily, without unenrolling them from Fleet or uninstalling policies (there are many setup steps we do not want to reconfigure)?

I find there is a toggle in the Integration Settings, but I’m not sure if this disables the collection. I tested it, and when I disable the toggle, some data still gets sent to Logstash from the Agents.

Tortoise · December 11, 2025, 7:09am

Hello @josh_tran

Yes , ideally if we disable the integration it should stop sending data related to the integration which is disabled.

In your case is it sending the data related to filestream (logpath configured to read custom logs) or they are the agent logs/metrics which are sent ?

Thanks!!

Topic		Replies	Views
Disabling an integration in fleet Elastic Agent	1	433	April 10, 2023
Changing default configuration of Elastic Agent Integration to filter out events before ingestion Elastic Agent filebeat	1	206	October 13, 2023
Where is Filestream integration? Elastic Agent filebeat	2	545	February 13, 2023
Fleet policy settings "Agent logging to files" & "Agent log level" does not work Kibana fleet	2	50	October 30, 2025
Agents are running properly but no data in Data Stream Beats fleet	17	2960	February 23, 2021

Can We Temporarily Disable Filestream Integration for a Elastic Agent Policy to temporarily collect data instead of unenroll it?

Related topics