From 125ca9ea673d4e3d085e0f00ae002d15304812f5 Mon Sep 17 00:00:00 2001
From: Fae Charlton <fae.charlton@elastic.co>
Date: Tue, 5 Dec 2023 11:34:09 -0500
Subject: [PATCH] make update

---
 x-pack/packetbeat/packetbeat.reference.yml | 21 ++++++++++++++++++---
 x-pack/packetbeat/packetbeat.yml           |  4 ++++
 x-pack/winlogbeat/winlogbeat.reference.yml | 21 ++++++++++++++++++---
 3 files changed, 40 insertions(+), 6 deletions(-)

diff --git a/x-pack/packetbeat/packetbeat.reference.yml b/x-pack/packetbeat/packetbeat.reference.yml
index d31a7b901d9d..b39e473dbb77 100644
--- a/x-pack/packetbeat/packetbeat.reference.yml
+++ b/x-pack/packetbeat/packetbeat.reference.yml
@@ -916,7 +916,15 @@ output.elasticsearch:
   # IPv6 addresses should always be defined as: https://[2001:db8::1]:9200
   hosts: ["localhost:9200"]
 
+  # Performance presets configure other output fields to recommended values
+  # based on a performance priority.
+  # Options are "balanced", "throughput", "scale", "latency" and "custom".
+  # Default if unspecified: "custom"
+  preset: balanced
+
   # Set gzip compression level. Set to 0 to disable compression.
+  # This field may conflict with performance presets. To set it
+  # manually use "preset: custom".
   # The default is 1.
   #compression_level: 1
 
@@ -937,6 +945,8 @@ output.elasticsearch:
     #param2: value2
 
   # Number of workers per Elasticsearch host.
+  # This field may conflict with performance presets. To set it
+  # manually use "preset: custom".
   #worker: 1
 
   # If set to true and multiple hosts are configured, the output plugin load
@@ -974,8 +984,10 @@ output.elasticsearch:
   #max_retries: 3
 
   # The maximum number of events to bulk in a single Elasticsearch bulk API index request.
-  # The default is 50.
-  #bulk_max_size: 50
+  # This field may conflict with performance presets. To set it
+  # manually use "preset: custom".
+  # The default is 1600.
+  #bulk_max_size: 1600
 
   # The number of seconds to wait before trying to reconnect to Elasticsearch
   # after a network error. After waiting backoff.init seconds, the Beat
@@ -991,7 +1003,10 @@ output.elasticsearch:
   # The maximum amount of time an idle connection will remain idle
   # before closing itself.  Zero means use the default of 60s. The
   # format is a Go language duration (example 60s is 60 seconds).
-  # idle_connection_timeout: 60s
+  # This field may conflict with performance presets. To set it
+  # manually use "preset: custom".
+  # The default is 3s.
+  # idle_connection_timeout: 3s
 
   # Configure HTTP request timeout before failing a request to Elasticsearch.
   #timeout: 90
diff --git a/x-pack/packetbeat/packetbeat.yml b/x-pack/packetbeat/packetbeat.yml
index cfe15388a35f..fea1a2fb1153 100644
--- a/x-pack/packetbeat/packetbeat.yml
+++ b/x-pack/packetbeat/packetbeat.yml
@@ -213,6 +213,10 @@ output.elasticsearch:
   # Array of hosts to connect to.
   hosts: ["localhost:9200"]
 
+  # Performance preset - one of "balanced", "throughput", "scale",
+  # "latency", or "custom".
+  preset: balanced
+
   # Protocol - either `http` (default) or `https`.
   #protocol: "https"
 
diff --git a/x-pack/winlogbeat/winlogbeat.reference.yml b/x-pack/winlogbeat/winlogbeat.reference.yml
index f3ff654bca24..0987144a8540 100644
--- a/x-pack/winlogbeat/winlogbeat.reference.yml
+++ b/x-pack/winlogbeat/winlogbeat.reference.yml
@@ -334,7 +334,15 @@ output.elasticsearch:
   # IPv6 addresses should always be defined as: https://[2001:db8::1]:9200
   hosts: ["localhost:9200"]
 
+  # Performance presets configure other output fields to recommended values
+  # based on a performance priority.
+  # Options are "balanced", "throughput", "scale", "latency" and "custom".
+  # Default if unspecified: "custom"
+  preset: balanced
+
   # Set gzip compression level. Set to 0 to disable compression.
+  # This field may conflict with performance presets. To set it
+  # manually use "preset: custom".
   # The default is 1.
   #compression_level: 1
 
@@ -355,6 +363,8 @@ output.elasticsearch:
     #param2: value2
 
   # Number of workers per Elasticsearch host.
+  # This field may conflict with performance presets. To set it
+  # manually use "preset: custom".
   #worker: 1
 
   # If set to true and multiple hosts are configured, the output plugin load
@@ -392,8 +402,10 @@ output.elasticsearch:
   #max_retries: 3
 
   # The maximum number of events to bulk in a single Elasticsearch bulk API index request.
-  # The default is 50.
-  #bulk_max_size: 50
+  # This field may conflict with performance presets. To set it
+  # manually use "preset: custom".
+  # The default is 1600.
+  #bulk_max_size: 1600
 
   # The number of seconds to wait before trying to reconnect to Elasticsearch
   # after a network error. After waiting backoff.init seconds, the Beat
@@ -409,7 +421,10 @@ output.elasticsearch:
   # The maximum amount of time an idle connection will remain idle
   # before closing itself.  Zero means use the default of 60s. The
   # format is a Go language duration (example 60s is 60 seconds).
-  # idle_connection_timeout: 60s
+  # This field may conflict with performance presets. To set it
+  # manually use "preset: custom".
+  # The default is 3s.
+  # idle_connection_timeout: 3s
 
   # Configure HTTP request timeout before failing a request to Elasticsearch.
   #timeout: 90