diff --git a/docs/en/ingest-management/elastic-agent/configuration/authentication/kerberos-shared-settings.asciidoc b/docs/en/ingest-management/elastic-agent/configuration/authentication/kerberos-shared-settings.asciidoc
new file mode 100644
index 0000000000..216e339b50
--- /dev/null
+++ b/docs/en/ingest-management/elastic-agent/configuration/authentication/kerberos-shared-settings.asciidoc
@@ -0,0 +1,121 @@
+// These settings are shared across some inputs and outputs.
+
+// You can include this whole block, or individual settings
+// tag::kerberos-all-settings[]
+
+
+[cols="2*<a"]
+|===
+| Setting | Description
+
+// =============================================================================
+
+// tag::kerberos.auth_type-setting[]
+|
+[id="{type}-kerberos.auth_type-setting"]
+`kerberos.auth_type`
+
+| (string) The type of authentication to use with Kerberos KDC:
+
+`password`::
+When specified, also set `kerberos.username` and `kerberos.password`.
+
+`keytab`::
+When specified, also set `kerberos.username` and `kerberos.keytab`. The keytab
+must contain the keys of the selected principal, or authentication fails.
+
+*Default:* `password`
+
+// end::kerberos.auth_type-setting[]
+
+// =============================================================================
+
+// tag::kerberos.config_path[]
+|
+[id="{type}-kerberos.config_path"]
+`kerberos.config_path`
+
+| (string) Path to the `krb5.conf`. {agent} uses this setting to find the
+Kerberos KDC to retrieve a ticket.
+
+// end::kerberos.config_path[]
+
+// =============================================================================
+
+// tag::kerberos.enabled-setting[]
+|
+[id="{type}-kerberos.enabled-setting"]
+`kerberos.enabled`
+
+| (boolean) Enables or disables the Kerberos configuration.
+
+NOTE: Kerberos settings are disabled if either `enabled` is set to `false` or the
+`kerberos` section is missing.
+
+// end::kerberos.enabled-setting[]
+
+// =============================================================================
+
+// tag::kerberos.enable_krb5_fast[]
+|
+[id="{type}-kerberos.enable_krb5_fast"]
+`kerberos.enable_krb5_fast`
+
+| (boolean) If `true`, enables Kerberos FAST authentication. This may conflict
+with some Active Directory installations.
+
+*Default:* `false`
+
+// end::kerberos.enable_krb5_fast[]
+
+// =============================================================================
+
+// tag::kerberos.keytab[]
+|
+[id="{type}-kerberos.keytab"]
+`kerberos.keytab`
+
+| (string) If `kerberos.auth_type` is `keytab`, provide the path to the keytab
+of the selected principal.
+
+// end::kerberos.keytab[]
+
+// =============================================================================
+
+// tag::kerberos.password[]
+|
+[id="{type}-kerberos.password"]
+`kerberos.password`
+
+| (string) If `kerberos.auth_type` is `password`, provide a password for the
+selected principal.
+
+// end::kerberos.password[]
+
+// =============================================================================
+
+// tag::kerberos.realm[]
+|
+[id="{type}-kerberos.realm"]
+`kerberos.realm`
+
+| (string) Name of the realm where the output resides.
+
+// end::kerberos.realm[]
+
+// =============================================================================
+
+// tag::kerberos.username[]
+|
+[id="{type}-kerberos.username"]
+`kerberos.username`
+
+| (string) Name of the principal used to connect to the output.
+
+// end::kerberos.username[]
+
+// =============================================================================
+
+|===
+
+// end::kerberos-all-settings[]
diff --git a/docs/en/ingest-management/elastic-agent/configuration/authentication/ssl-shared-settings.asciidoc b/docs/en/ingest-management/elastic-agent/configuration/authentication/ssl-shared-settings.asciidoc
new file mode 100644
index 0000000000..3f755a4c9c
--- /dev/null
+++ b/docs/en/ingest-management/elastic-agent/configuration/authentication/ssl-shared-settings.asciidoc
@@ -0,0 +1,536 @@
+// These settings are shared across some inputs and outputs.
+
+// You can include this whole block to include the whole table, or individual
+// settings to add rows to an existing table.
+
+// tag::ssl-all-settings[]
+
+There are a number of SSL configuration settings available depending on whether
+you are configuring the client, server, or both. See the following tables for
+available settings:
+
+* <<{type}-common-ssl-options>>. These settings are valid in both client and
+server configurations.
+
+* <<{type}-client-ssl-options>>
+
+* <<{type}-server-ssl-options>>
+
+TIP: For more information about using certificates, refer to
+<<secure-connections>>.
+
+[id="{type}-common-ssl-options"]
+.Common configuration options
+[cols="2*<a"]
+|===
+| Setting | Description
+
+// tag::ssl.ca_sha256-common-setting[]
+|
+[id="{type}-ssl.ca_sha256-common-setting"]
+`ssl.ca_sha256`
+
+| (string) This configures a certificate pin that you can use to ensure that a
+specific certificate is part of the verified chain.
+
+The pin is a base64 encoded string of the SHA-256 of the certificate.
+
+NOTE: This check is not a replacement for the normal SSL validation, but it adds
+additional validation. If this setting is used with  `verification_mode` set to
+`none`, the check will always fail because it will not receive any verified
+chains.
+
+// end::ssl.ca_sha256-common-setting[]
+
+// =============================================================================
+
+// tag::ssl.cipher_suites-common-setting[]
+|
+[id="{type}-ssl.cipher_suites-common-setting"]
+`ssl.cipher_suites`
+
+| (list) The list of cipher suites to use. The first entry has the highest
+priority. If this option is omitted, the Go crypto library's
+https://golang.org/pkg/crypto/tls/[default suites] are used (recommended). Note
+that TLS 1.3 cipher suites are not individually configurable in Go, so they are
+not included in this list.
+
+The following cipher suites are available:
+
+* ECDHE-ECDSA-AES-128-CBC-SHA
+* ECDHE-ECDSA-AES-128-CBC-SHA256: TLS 1.2 only. Disabled by default.
+* ECDHE-ECDSA-AES-128-GCM-SHA256: TLS 1.2 only.
+* ECDHE-ECDSA-AES-256-CBC-SHA
+* ECDHE-ECDSA-AES-256-GCM-SHA384: TLS 1.2 only.
+* ECDHE-ECDSA-CHACHA20-POLY1305: TLS 1.2 only.
+* ECDHE-ECDSA-RC4-128-SHA: Disabled by default. RC4 not recommended.
+* ECDHE-RSA-3DES-CBC3-SHA
+* ECDHE-RSA-AES-128-CBC-SHA
+* ECDHE-RSA-AES-128-CBC-SHA256: TLS 1.2 only. Disabled by default.
+* ECDHE-RSA-AES-128-GCM-SHA256: TLS 1.2 only.
+* ECDHE-RSA-AES-256-CBC-SHA
+* ECDHE-RSA-AES-256-GCM-SHA384: TLS 1.2 only.
+* ECDHE-RSA-CHACHA20-POLY1205: TLS 1.2 only.
+* ECDHE-RSA-RC4-128-SHA: Disabled by default. RC4 not recommended.
+* RSA-3DES-CBC3-SHA
+* RSA-AES-128-CBC-SHA
+* RSA-AES-128-CBC-SHA256: TLS 1.2 only. Disabled by default.
+* RSA-AES-128-GCM-SHA256: TLS 1.2 only.
+* RSA-AES-256-CBC-SHA
+* RSA-AES-256-GCM-SHA384: TLS 1.2 only.
+* RSA-RC4-128-SHA: Disabled by default. RC4 not recommended.
+
+Here is a list of acronyms used in defining the cipher suites:
+
+* 3DES:
+  Cipher suites using triple DES
+
+* AES-128/256:
+  Cipher suites using AES with 128/256-bit keys.
+
+* CBC:
+  Cipher using Cipher Block Chaining as block cipher mode.
+
+* ECDHE:
+  Cipher suites using Elliptic Curve Diffie-Hellman (DH) ephemeral key exchange.
+
+* ECDSA:
+  Cipher suites using Elliptic Curve Digital Signature Algorithm for authentication.
+
+* GCM:
+  Galois/Counter mode is used for symmetric key cryptography.
+
+* RC4:
+  Cipher suites using RC4.
+
+* RSA:
+  Cipher suites using RSA.
+
+* SHA, SHA256, SHA384:
+  Cipher suites using SHA-1, SHA-256 or SHA-384.
+
+// end::ssl.cipher_suites-common-setting[]
+
+// =============================================================================
+
+// tag::ssl.curve_types-common-setting[]
+|
+[id="{type}-ssl.curve_types-common-setting"]
+`ssl.curve_types`
+| (list) The list of curve types for ECDHE (Elliptic Curve Diffie-Hellman
+ephemeral key exchange).
+
+The following elliptic curve types are available:
+
+* P-256
+* P-384
+* P-521
+* X25519
+
+// end::ssl.curve_types-common-setting[]
+
+// =============================================================================
+
+// tag::ssl.enabled-common-setting[]
+|
+[id="{type}-ssl.enabled-common-setting"]
+`ssl.enabled`
+
+| (boolean) Enables or disables the SSL configuration.
+
+*Default:* `true`
+
+NOTE: SSL settings are disabled if either `enabled` is set to `false` or the
+`ssl` section is missing.
+
+// end::ssl.enabled-common-setting[]
+
+// =============================================================================
+
+// tag::ssl.supported_protocols-common-setting[]
+|
+[id="{type}-ssl.supported_protocols-common-setting"]
+`ssl.supported_protocols`
+
+| (list) List of allowed SSL/TLS versions. If the SSL/TLS server supports none
+of the specified versions, the connection will be dropped during or after the
+handshake. The list of allowed protocol versions include: `SSLv3`, `TLSv1`
+for TLS version 1.0, `TLSv1.0`, `TLSv1.1`, `TLSv1.2`, and `TLSv1.3`.
+
+*Default:* `[TLSv1.1, TLSv1.2, TLSv1.3]`
+
+// end::ssl.supported_protocols-common-setting[]
+
+// =============================================================================
+
+|===
+
+
+[id="{type}-client-ssl-options"]
+.Client configuration options
+[cols="2*<a"]
+|===
+| Setting | Description
+
+// tag::ssl.certificate-client-setting[]
+|
+[id="{type}-ssl.certificate-client-setting"]
+`ssl.certificate`
+
+| (string) The path to the certificate for SSL client authentication. This
+setting is only required if `client_authentication` is specified. If
+`certificate` is not specified, client authentication is not available, and the
+connection might fail if the server requests client authentication. If the SSL
+server does not require client authentication, the certificate will be loaded,
+but not requested or used by the server.
+
+Example:
+
+[source,yaml]
+----
+ssl.certificate: "/path/to/cert.pem"
+----
+
+When this setting is configured, the `ssl.key` setting is also required.
+
+Specify a path, or embed a certificate directly in the `YAML` configuration:
+
+//asciidoc note: Because this example is in a table, you must escape the
+// pipeline character in the asciidoc source
+
+[source,yaml]
+----
+ssl.certificate: \|
+    -----BEGIN CERTIFICATE-----
+    CERTIFICATE CONTENT APPEARS HERE
+    -----END CERTIFICATE-----
+----
+
+// end::ssl.certificate-client-setting[]
+
+// =============================================================================
+
+// tag::ssl.certificate_authorities-client-setting[]
+|
+[id="{type}-ssl.certificate_authorities-client-setting"]
+`ssl.certificate`
+`_authorities`
+
+| (list) The list of root certificates for verifications (required). If
+`certificate_authorities` is empty or not set, the system keystore is used. If
+`certificate_authorities` is self-signed, the host system needs to trust that CA
+cert as well.
+
+Example:
+
+[source,yaml]
+----
+ssl.certificate_authorities: ["/path/to/root/ca.pem"]
+----
+
+Specify a list of files that {agent} will read, or embed a certificate directly
+in the `YAML` configuration:
+
+//asciidoc note: Because this example is in a table, you must escape the
+// pipeline character in the asciidoc source
+
+[source,yaml]
+----
+ssl.certificate_authorities:
+  - \|
+    -----BEGIN CERTIFICATE-----
+    CERTIFICATE CONTENT APPEARS HERE
+    -----END CERTIFICATE-----
+----
+
+//QUESTION: Is it OK to leave out the contents of the certificate in the example?
+//Including the certificate content messes up the table format, requiring users
+//to scroll right to see all the cell text (including the intro text). It's
+//annoying.
+
+// end::ssl.certificate_authorities-client-setting[]
+
+// =============================================================================
+
+// tag::ssl.key-client-setting[]
+|
+[id="{type}-ssl.key-client-setting"]
+`ssl.key`
+
+| (string) The client certificate key used for client authentication. Only
+required if `client_authentication` is configured.
+
+Example:
+
+[source,yaml]
+----
+ssl.key: "/path/to/cert.key"
+----
+
+Specify a path, or embed the private key directly in the `YAML` configuration:
+
+//asciidoc note: Because this example is in a table, you must escape the
+// pipeline character in the asciidoc source
+
+[source,yaml]
+----
+ssl.key: \|
+    -----BEGIN PRIVATE KEY-----
+    KEY CONTENT APPEARS HERE
+    -----END PRIVATE KEY-----
+----
+
+// end::ssl.key-client-setting[]
+
+// =============================================================================
+
+
+// tag::ssl.key_passphrase-client-setting[]
+|
+[id="{type}-ssl.key_passphrase-client-setting"]
+`ssl.key_passphrase`
+
+| (string) The passphrase used to decrypt an encrypted key stored in the
+configured `key` file.
+
+// end::ssl.key_passphrase-client-setting[]
+
+// =============================================================================
+
+// tag::ssl.verification_mode-client-setting[]
+|
+[id="{type}-ssl.verification_mode-client-setting"]
+`ssl.verification`
+`_mode`
+
+| (string) Controls the verification of server certificates. Valid values are:
+
+`full`::
+Verifies that the provided certificate is signed by a trusted
+authority (CA) and also verifies that the server's hostname (or IP address)
+matches the names identified within the certificate.
+
+`strict`::
+Verifies that the provided certificate is signed by a trusted
+authority (CA) and also verifies that the server's hostname (or IP address)
+matches the names identified within the certificate. If the Subject Alternative
+Name is empty, it returns an error.
+
+`certificate`::
+Verifies that the provided certificate is signed by a
+trusted authority (CA), but does not perform any hostname verification.
+
+`none`::
+Performs _no verification_ of the server's certificate. This
+mode disables many of the security benefits of SSL/TLS and should only be used
+after cautious consideration. It is primarily intended as a temporary
+diagnostic mechanism when attempting to resolve TLS errors; its use in
+production environments is strongly discouraged.
+
+*Default:* `full`
+
+// end::ssl.verification_mode-client-setting[]
+
+// =============================================================================
+
+
+|===
+
+[id="{type}-server-ssl-options"]
+.Server configuration options
+[cols="2*<a"]
+|===
+| Setting | Description
+
+// tag::ssl.certificate-server-setting[]
+|
+[id="{type}-ssl.certificate-server-setting"]
+`ssl.certificate`
+
+| (string) The path to the certificate for SSL server authentication. If the
+certificate is not specified, startup will fail.
+
+Example:
+
+[source,yaml]
+----
+ssl.certificate: "/path/to/server/cert.pem"
+----
+
+When this setting is configured, the `key` setting is also required.
+
+Specify a path, or embed a certificate directly in the `YAML` configuration:
+
+[source,yaml]
+----
+ssl.certificate: \|
+    -----BEGIN CERTIFICATE-----
+    CERTIFICATE CONTENT APPEARS HERE
+    -----END CERTIFICATE-----
+----
+
+// end::ssl.certificate-server-setting[]
+
+// =============================================================================
+
+// tag::ssl.certificate_authorities-server-setting[]
+|
+[id="{type}-ssl.certificate_authorities-server-setting"]
+`ssl.certificate`
+`_authorities`
+
+| (list) The list of root certificates for client verifications is only required
+if  `client_authentication` is configured. If `certificate_authorities` is empty
+or not set, and `client_authentication` is configured, the system keystore is
+used. If `certificate_authorities` is self-signed, the host system needs to
+trust that CA cert too.
+
+Example:
+
+[source,yaml]
+----
+ssl.certificate_authorities: ["/path/to/root/ca.pem"]
+----
+
+Specify a list of files that {agent} will read, or embed a certificate directly
+in the `YAML` configuration:
+
+//asciidoc note: Because this example is in a table, you must escape the
+// pipeline character in the asciidoc source
+
+[source,yaml]
+----
+ssl.certificate_authorities:
+  - \|
+    -----BEGIN CERTIFICATE-----
+    CERTIFICATE CONTENT APPEARS HERE
+    -----END CERTIFICATE-----
+----
+
+// end::ssl.certificate_authorities-server-setting[]
+
+// =============================================================================
+
+// tag::ssl.client_authentication-server-setting[]
+|
+[id="{type}-ssl.client_authentication-server-setting"]
+`ssl.client_`
+`authentication`
+
+| (string) Configures client authentication. The valid options are:
+
+`none`::
+Disables client authentication.
+
+`optional`::
+When a client certificate is supplied, the server will verify it.
+
+`required`::
+Requires clients to provide a valid certificate.
+
+*Default:* `required` (if `certificate_authorities` is set); otherwise, `none`
+
+// =============================================================================
+
+// tag::ssl.key-server-setting[]
+|
+[id="{type}-ssl.key-server-setting"]
+`ssl.key`
+
+| (string) The server certificate key used for authentication (required).
+
+Example:
+
+[source,yaml]
+----
+ssl.key: "/path/to/server/cert.key"
+----
+
+Specify a path, or embed the private key directly in the `YAML` configuration:
+
+[source,yaml]
+----
+ssl.key: \|
+    -----BEGIN PRIVATE KEY-----
+    KEY CONTENT APPEARS HERE
+    -----END PRIVATE KEY-----
+----
+
+// end::ssl.key-server-setting[]
+
+// =============================================================================
+
+// tag::ssl.key_passphrase-server-setting[]
+|
+[id="{type}-ssl.key_passphrase-server-setting"]
+`ssl.key_passphrase`
+
+| (string) The passphrase used to decrypt an encrypted key stored in the
+configured `key` file.
+
+// end::ssl.key_passphrase-server-setting[]
+
+// =============================================================================
+
+// tag::ssl.renegotiation-server-setting[]
+|
+[id="{type}-ssl.renegotiation-server-setting"]
+`ssl.renegotiation`
+
+| (string) Configures the type of TLS renegotiation to support. The valid options
+are:
+
+`never`::
+Disables renegotiation.
+
+`once`::
+Allows a remote server to request renegotiation once per connection.
+
+`freely`::
+Allows a remote server to request renegotiation repeatedly.
+
+*Default:* `never`
+
+// end::ssl.renegotiation-server-setting[]
+
+// =============================================================================
+
+// tag::ssl.verification_mode-server-setting[]
+|
+[id="{type}-ssl.verification_mode-server-setting"]
+`ssl.verification`
+`_mode`
+
+| (string) Controls the verification of client certificates. Valid values are:
+
+`full`::
+Verifies that the provided certificate is signed by a trusted
+authority (CA) and also verifies that the server's hostname (or IP address)
+matches the names identified within the certificate.
+
+`strict`::
+Verifies that the provided certificate is signed by a trusted
+authority (CA) and also verifies that the server's hostname (or IP address)
+matches the names identified within the certificate. If the Subject Alternative
+Name is empty, it returns an error.
+
+`certificate`::
+Verifies that the provided certificate is signed by a
+trusted authority (CA), but does not perform any hostname verification.
+
+`none`::
+Performs _no verification_ of the server's certificate. This mode disables many
+of the security benefits of SSL/TLS and should only be used after cautious
+consideration. It is primarily intended as a temporary diagnostic mechanism when
+attempting to resolve TLS errors; its use in production environments is strongly
+discouraged.
+
+*Default:* `full`
+
+// end::ssl.verification_mode-server-setting[]
+
+// =============================================================================
+
+|===
+
+// end::ssl-all-settings[]
diff --git a/docs/en/ingest-management/elastic-agent/configuration/elastic-agent-configuration.asciidoc b/docs/en/ingest-management/elastic-agent/configuration/elastic-agent-configuration.asciidoc
new file mode 100644
index 0000000000..110d0fc0c2
--- /dev/null
+++ b/docs/en/ingest-management/elastic-agent/configuration/elastic-agent-configuration.asciidoc
@@ -0,0 +1,34 @@
+[[elastic-agent-configuration]]
+[role="xpack"]
+= {agent} standalone configuration
+
+Standalone {agent}s are manually configured and managed locally on the systems
+where they are installed. To configure standalone {agent}s, specify settings
+in the `elastic-agent.yml` file deployed with the agent. Prior to installation,
+the file is located in the extracted {agent} package. After installation, the
+file is copied to the directory described in <<installation-layout>>. To apply
+changes after installation, you must modify the installed file.
+
+The following sections describe some settings you might need to configure to
+run an {agent} standalone. For a full reference example, refer to the
+<<elastic-agent-reference-yaml,elastic-agent.reference.yml>> file.
+
+The settings described here are available for standalone {agent}s. Settings for
+{fleet}-managed agents are specified through the UI. You do not set them
+explicitly in a configuration file.
+
+TIP: To get started quickly, you can use {fleet} to generate a standalone
+configuration. You'll still need to deploy and manage the file, though. For more
+information, see <<run-elastic-agent-standalone>>.
+
+//TODO: Explain the structure of the file, how it's used, etc.
+
+include::inputs/input-configuration.asciidoc[leveloffset=+1]
+
+include::outputs/output-configuration.asciidoc[leveloffset=+1]
+
+include::elastic-agent-standalone-logging.asciidoc[leveloffset=+1]
+
+include::elastic-agent-monitoring.asciidoc[leveloffset=+1]
+
+include::yaml/elastic-agent-reference-yaml.asciidoc[leveloffset=+1]
diff --git a/docs/en/ingest-management/elastic-agent/configuration/elastic-agent-monitoring.asciidoc b/docs/en/ingest-management/elastic-agent/configuration/elastic-agent-monitoring.asciidoc
new file mode 100644
index 0000000000..9d5aaff376
--- /dev/null
+++ b/docs/en/ingest-management/elastic-agent/configuration/elastic-agent-monitoring.asciidoc
@@ -0,0 +1,34 @@
+[[elastic-agent-monitoring-configuration]]
+[role="xpack"]
+= Configure monitoring for standalone {agent}s
+
+++++
+<titleabbrev>Monitoring</titleabbrev>
+++++
+
+{agent} monitors {beats} by default. To turn off or change monitoring
+settings, set options under `agent.monitoring` in the `elastic-agent.yml` file.
+
+This example configures {agent} monitoring:
+
+[source,yaml]
+----
+agent.monitoring:
+  # enabled turns on monitoring of running processes
+  enabled: true
+  # enables log monitoring
+  logs: true
+  # enables metrics monitoring
+  metrics: true
+  # specifies output to be used
+  use_output: monitoring
+----
+
+To turn off monitoring, set `agent.monitoring.enabled` to `false`. When set to
+`false`, {beats} monitoring is turned off, and all other options in this section
+are ignored.
+
+To enable monitoring, set `agent.monitoring.enabled` to `true`. Also set the
+`logs` and `metrics` settings to control whether logs, metrics, or both are
+collected. If neither setting is specified, monitoring is turned off. Set
+`use_output` to specify the output to which monitoring events are sent.
\ No newline at end of file
diff --git a/docs/en/ingest-management/elastic-agent/elastic-agent-standalone-logging.asciidoc b/docs/en/ingest-management/elastic-agent/configuration/elastic-agent-standalone-logging.asciidoc
similarity index 97%
rename from docs/en/ingest-management/elastic-agent/elastic-agent-standalone-logging.asciidoc
rename to docs/en/ingest-management/elastic-agent/configuration/elastic-agent-standalone-logging.asciidoc
index dbf8ce8a67..364d785ed4 100644
--- a/docs/en/ingest-management/elastic-agent/elastic-agent-standalone-logging.asciidoc
+++ b/docs/en/ingest-management/elastic-agent/configuration/elastic-agent-standalone-logging.asciidoc
@@ -2,10 +2,16 @@
 [role="xpack"]
 = Configure logging for standalone {agent}s
 
+++++
+<titleabbrev>Logging</titleabbrev>
+++++
+
 The Logging section of the `elastic-agent.yml` config file contains settings for configuring the logging output.
 The logging system can write logs to the `syslog`, `file`, `stderr`, `eventlog`, or rotate log files.
 If you do not explicitly configure logging, the `stderr` output is used.
 
+This example configures {agent} logging:
+
 ["source","yaml",subs="attributes"]
 ----
 agent.logging.level: info
@@ -21,7 +27,8 @@ agent.logging.files:
 [[elastic-agent-standalone-logging-settings]]
 == Logging configuration settings
 
-You can specify the following settings in the Logging section of the `elastic-agent.yml` config file.
+You can specify the following settings in the Logging section of the
+`elastic-agent.yml` config file.
 
 [cols="2*<a"]
 |===
diff --git a/docs/en/ingest-management/elastic-agent/configuration/inputs/input-configuration.asciidoc b/docs/en/ingest-management/elastic-agent/configuration/inputs/input-configuration.asciidoc
new file mode 100644
index 0000000000..bffb49e4d3
--- /dev/null
+++ b/docs/en/ingest-management/elastic-agent/configuration/inputs/input-configuration.asciidoc
@@ -0,0 +1,32 @@
+[[elastic-agent-input-configuration]]
+[role="xpack"]
+= Configure inputs for standalone {agent}s
+
+++++
+<titleabbrev>Inputs</titleabbrev>
+++++
+
+The `inputs` section of the `elastic-agent.yml` file specifies how {agent}
+locates and processes input data.
+
+By default {agent} collects system metrics, such as cpu, memory, network, and
+filesystem metrics, and sends them to the default output. For example:
+
+[source,yaml]
+-------------------------------------------------------------------------------------
+inputs:
+  - type: system/metrics
+    data_stream.namespace: default
+    use_output: default
+    streams:
+      - metricset: cpu
+        data_stream.dataset: system.cpu
+      - metricset: memory
+        data_stream.dataset: system.memory
+      - metricset: network
+        data_stream.dataset: system.network
+      - metricset: filesystem
+        data_stream.dataset: system.filesystem
+-------------------------------------------------------------------------------------
+
+If `use_output` is not specified, the `default` output is used.
diff --git a/docs/en/ingest-management/elastic-agent/configuration/outputs/output-configuration.asciidoc b/docs/en/ingest-management/elastic-agent/configuration/outputs/output-configuration.asciidoc
new file mode 100644
index 0000000000..2d40af0d2b
--- /dev/null
+++ b/docs/en/ingest-management/elastic-agent/configuration/outputs/output-configuration.asciidoc
@@ -0,0 +1,46 @@
+[[elastic-agent-output-configuration]]
+= Configure outputs for standalone {agent}s
+
+++++
+<titleabbrev>Outputs</titleabbrev>
+++++
+
+The `outputs` section of the `elastic-agent.yml` file specifies where to
+send data. You can specify multiple outputs to pair specific inputs with
+specific outputs.
+
+This example configures two outputs: `default` and  `monitoring`:
+
+[source,yaml]
+-------------------------------------------------------------------------------------
+outputs:
+  default:
+    type: elasticsearch
+    hosts: [127.0.0.1:9200]
+    username: elastic
+    password: changeme
+
+  monitoring:
+    type: elasticsearch
+    api_key: VuaCfGcBCdbkQm-e5aOx:ui2lp2axTNmsyakw9tvNnw
+    hosts: ["localhost:9200"]
+    ca_sha256: "7lHLiyp4J8m9kw38SJ7SURJP4bXRZv/BNxyyXkCcE/M="
+-------------------------------------------------------------------------------------
+
+
+Notice that they use different authentication methods. The first one uses a
+username and password pair, and the second one contains an API key.
+
+[NOTE]
+==============
+A default output configuration is required.
+==============
+
+{agent} currently supports these outputs:
+
+* <<elasticsearch-output>>
+* <<logstash-output>> (standalone mode only)
+
+include::output-elasticsearch.asciidoc[leveloffset=+1]
+
+include::output-logstash.asciidoc[leveloffset=+1]
diff --git a/docs/en/ingest-management/elastic-agent/configuration/outputs/output-elasticsearch.asciidoc b/docs/en/ingest-management/elastic-agent/configuration/outputs/output-elasticsearch.asciidoc
new file mode 100644
index 0000000000..8a7fab532e
--- /dev/null
+++ b/docs/en/ingest-management/elastic-agent/configuration/outputs/output-elasticsearch.asciidoc
@@ -0,0 +1,575 @@
+:type: output-elasticsearch
+
+[[elasticsearch-output]]
+= Configure the {es} output
+
+++++
+<titleabbrev>Elasticsearch</titleabbrev>
+++++
+
+//QUESTION: Do we/are we going to support cloud ID?
+
+The {es} output sends events directly to {es} by using the {es} HTTP API.
+
+*Compatibility:* This output works with all compatible versions of {es}. See the
+https://www.elastic.co/support/matrix#matrix_compatibility[Elastic Support
+Matrix].
+
+This example configures an {es} output called `default` in the
+`elastic-agent.yml` file:
+
+//TODO: Provide a example that shows more of the settings users are likely to
+//change.
+
+[source,yaml]
+----
+outputs:
+  default:
+    type: elasticsearch
+    hosts: [127.0.0.1:9200]
+    username: elastic
+    password: changeme
+----
+
+== {es} output configuration settings
+
+The `elasticsearch` output type supports the following settings, grouped by
+category. Many of these settings have sensible defaults that allow you to run
+{agent} with minimal configuration.
+
+* <<output-elasticsearch-commonly-used-settings>>
+
+* <<output-elasticsearch-authentication-settings>>
+
+* <<output-elasticsearch-data-parsing-settings>>
+
+* <<output-elasticsearch-http-settings>>
+
+* <<output-elasticsearch-performance-tuning-settings>>
+
+[[output-elasticsearch-commonly-used-settings]]
+== Commonly used settings
+
+[cols="2*<a"]
+|===
+| Setting | Description
+
+// =============================================================================
+
+include::output-shared-settings.asciidoc[tag=enabled-setting]
+
+*Default:* `true`
+
+// =============================================================================
+
+// tag::hosts-setting[]
+|
+[id="{type}-hosts-setting"]
+`hosts`
+
+| (list) The list of {es} nodes to connect to. The events are distributed to
+these nodes in round robin order. If one node becomes unreachable, the event is
+automatically sent to another node. Each {es} node can be defined as a `URL` or
+`IP:PORT`. For example: `http://192.15.3.2`, `https://es.found.io:9230` or
+`192.24.3.2:9300`. If no port is specified, `9200` is used.
+
+NOTE: When a node is defined as an `IP:PORT`, the _scheme_ and _path_ are taken
+from the `protocol` and `path` settings. 
+
+[source,yaml]
+------------------------------------------------------------------------------
+outputs:
+  default:
+    type: elasticsearch
+    hosts: ["10.45.3.2:9220", "10.45.3.1:9230"] <1>
+    protocol: https
+    path: /elasticsearch
+------------------------------------------------------------------------------
+<1> In this example, the {es} nodes are available at
+`https://10.45.3.2:9220/elasticsearch` and
+`https://10.45.3.1:9230/elasticsearch`.
+// end::hosts-setting[]
+
+// =============================================================================
+
+// tag::protocol-setting[]
+|
+[id="{type}-protocol-setting"]
+`protocol`
+
+| (string) The name of the protocol {es} is reachable on. The options are:
+`http` or `https`. The default is `http`. However, if you specify a URL for
+`hosts`, the value of `protocol` is overridden by whatever scheme you specify in
+the URL.
+// end::protocol-setting[]
+
+// =============================================================================
+
+// tag::proxy_disable-setting[]
+|
+[id="{type}-proxy_disable-setting"]
+`proxy_disable`
+
+| (boolean) If set to `true`, all proxy settings, including `HTTP_PROXY` and
+`HTTPS_PROXY` variables, are ignored.
+
+*Default:* `false`
+
+// end::proxy_disable-setting[]
+
+// =============================================================================
+
+// tag::proxy_headers-setting[]
+|
+[id="{type}-proxy_headers-setting"]
+`proxy_headers`
+
+| (string) Additional headers to send to proxies during CONNECT requests.
+
+// end::proxy_headers-setting[]
+
+// =============================================================================
+// tag::proxy_url-setting[]
+|
+[id="{type}-proxy_url-setting"]
+`proxy_url`
+
+| (string) The URL of the proxy to use when connecting to the {es} servers. The
+value may be either a complete URL or a `host[:port]`, in which case the `http`
+scheme is assumed. If a value is not specified through the configuration file
+then proxy environment variables are used. See the
+https://golang.org/pkg/net/http/#ProxyFromEnvironment[Go documentation]
+for more information about the environment variables.
+// end::proxy_url-setting[]
+
+// =============================================================================
+
+|===
+
+[[output-elasticsearch-authentication-settings]]
+== Authentication settings
+
+Settings for authenticating with {es}.
+
+When sending data to a secured cluster through the `elasticsearch`
+output, {agent} can use any of the following authentication methods:
+
+* <<output-elasticsearch-basic-authentication-settings>>
+* <<output-elasticsearch-apikey-authentication-settings>>
+* <<output-elasticsearch-pki-certs-authentication-settings>>
+* <<output-elasticsearch-kerberos-authentication-settings>>
+
+[[output-elasticsearch-basic-authentication-settings]]
+=== Basic authentication credentials
+
+[source,yaml]
+----
+outputs:
+  default:
+    type: elasticsearch
+    hosts: ["https://myEShost:9200"]
+    username: "your-username"
+    password: "your-password"
+----
+
+[cols="2*<a"]
+|===
+| Setting | Description
+
+// tag::password-setting[]
+|
+[id="{type}-password-setting"]
+`password`
+
+| (string) The basic authentication password for connecting to {es}.
+// end::password-setting[]
+
+// =============================================================================
+
+// tag::username-setting[]
+|
+[id="{type}-username-setting"]
+`username`
+
+| (string) The basic authentication username for connecting to {es}.
+
+This user needs the privileges required to publish events to {es}.
+//To create a user like this, see <<privileges-to-publish-events>>.
+// end::username-setting[]
+
+// =============================================================================
+
+|===
+
+[[output-elasticsearch-apikey-authentication-settings]]
+=== Token-based (API key) authentication
+
+[source,yaml]
+----
+outputs:
+  default:
+    type: elasticsearch
+    hosts: ["https://myEShost:9200"]
+    api_key: "KnR6yE41RrSowb0kQ0HWoA"
+----
+
+[cols="2*<a"]
+|===
+| Setting | Description
+
+// tag::api_key-setting[]
+|
+[id="{type}-api_key-setting"]
+`api_key`
+
+| (string) Instead of using a username and password, you can use API keys to
+secure communication with {es}. The value must be the ID of the API key and the
+API key joined by a colon: `id:api_key`.
+// end::api_key-setting[]
+
+// =============================================================================
+
+|===
+
+[[output-elasticsearch-pki-certs-authentication-settings]]
+=== Public Key Infrastructure (PKI) certificates
+
+[source,yaml]
+----
+outputs:
+  default:
+    type: elasticsearch
+    hosts: ["https://myEShost:9200"]
+    ssl.certificate: "/etc/pki/client/cert.pem"
+    ssl.key: "/etc/pki/client/cert.key"
+----
+
+//QUESTION: Should this example show certificate_authorities too?
+
+include::../authentication/ssl-shared-settings.asciidoc[tag=ssl-all-settings]
+
+
+[[output-elasticsearch-kerberos-authentication-settings]]
+=== Kerberos
+
+The following encryption types are supported:
+
+* aes128-cts-hmac-sha1-96
+* aes128-cts-hmac-sha256-128
+* aes256-cts-hmac-sha1-96
+* aes256-cts-hmac-sha384-192
+* des3-cbc-sha1-kd
+* rc4-hmac
+
+Example output config with Kerberos password-based authentication:
+
+[source,yaml]
+----
+outputs:
+  default:
+    type: elasticsearch
+    hosts: ["http://my-elasticsearch.elastic.co:9200"]
+    kerberos.auth_type: password
+    kerberos.username: "elastic"
+    kerberos.password: "changeme"
+    kerberos.config_path: "/etc/krb5.conf"
+    kerberos.realm: "ELASTIC.CO"
+----
+
+The service principal name for the {es} instance is constructed from these
+options. Based on this configuration, the name would be:
+
+`HTTP/my-elasticsearch.elastic.co@ELASTIC.CO`
+
+include::../authentication/kerberos-shared-settings.asciidoc[tag=kerberos-all-settings]
+
+[[output-elasticsearch-data-parsing-settings]]
+=== Data parsing, filtering, and manipulation settings
+Settings used to parse, filter, and transform data.
+
+[cols="2*<a"]
+|===
+| Setting | Description
+
+include::output-shared-settings.asciidoc[tag=escape_html-setting]
+
+// =============================================================================
+
+// tag::pipeline-setting[]
+|
+[id="{type}-pipeline-setting"]
+`pipeline`
+
+| (string) A format string value that specifies the
+{ref}/ingest.html[ingest pipeline] to write events to.
+
+[source,yaml]
+------------------------------------------------------------------------------
+outputs:
+  default:
+    type: elasticsearchoutput.elasticsearch:
+    hosts: ["http://localhost:9200"]
+    pipeline: my_pipeline_id
+------------------------------------------------------------------------------
+
+You can set the ingest pipeline dynamically by using a format string to
+access any event field. For example, this configuration uses a custom field,
+`fields.log_type`, to set the pipeline for each event:
+
+[source,yaml]
+------------------------------------------------------------------------------
+outputs:
+  default:
+    type: elasticsearch  hosts: ["http://localhost:9200"]
+    pipeline: "%{[fields.log_type]}_pipeline"
+------------------------------------------------------------------------------
+
+With this configuration, all events with `log_type: normal` are sent to a
+pipeline named `normal_pipeline`, and all events with `log_type: critical` are
+sent to a pipeline named `critical_pipeline`.
+
+TIP: To learn how to add custom fields to events, see the `fields` option.
+
+See the `pipelines` setting for other ways to set the ingest pipeline
+dynamically.
+// end::pipelines-setting[]
+
+// =============================================================================
+
+// tag::pipelines-setting[]
+|
+[id="{type}-pipelines-setting"]
+`pipelines`
+
+| An array of pipeline selector rules. Each rule specifies the {ref}/ingest.html[ingest pipeline]
+to use for events that match the rule. During publishing, {agent} uses the first
+matching rule in the array. Rules can contain conditionals, format string-based
+fields, and name mappings. If the `pipelines` setting is missing or no rule
+matches, the `pipeline` setting is used.
+
+Rule settings:
+
+*`pipeline`*:: The pipeline format string to use. If this string contains field
+references, such as `%{[fields.name]}`, the fields must exist, or the rule
+fails.
+
+*`mappings`*:: A dictionary that takes the value returned by `pipeline` and maps
+it to a new name.
+
+*`default`*:: The default string value to use if `mappings` does not find a
+match.
+
+*`when`*:: A condition that must succeed in order to execute the current rule.
+
+All the conditions supported by processors are also supported here.
+
+The following example sends events to a specific pipeline based on whether the
+`message` field contains the specified string:
+
+[source,yaml]
+------------------------------------------------------------------------------
+outputs:
+  default:
+    type: elasticsearch  hosts: ["http://localhost:9200"]
+    pipelines:
+      - pipeline: "warning_pipeline"
+        when.contains:
+          message: "WARN"
+      - pipeline: "error_pipeline"
+        when.contains:
+          message: "ERR"
+------------------------------------------------------------------------------
+
+
+The following example sets the pipeline by taking the name returned by the
+`pipeline` format string and mapping it to a new name that's used for the
+pipeline:
+
+[source,yaml]
+------------------------------------------------------------------------------
+outputs:
+  default:
+    type: elasticsearch
+    hosts: ["http://localhost:9200"]
+    pipelines:
+      - pipeline: "%{[fields.log_type]}"
+        mappings:
+          critical: "sev1_pipeline"
+          normal: "sev2_pipeline"
+        default: "sev3_pipeline"
+------------------------------------------------------------------------------
+
+
+With this configuration, all events with `log_type: critical` are sent to
+`sev1_pipeline`, all events with `log_type: normal` are sent to a
+`sev2_pipeline`, and all other events are sent to `sev3_pipeline`.
+
+// end::pipelines-setting[]
+
+// =============================================================================
+
+|===
+
+[[output-elasticsearch-http-settings]]
+== HTTP settings
+
+Settings that modify the HTTP requests sent to {es}.
+
+[cols="2*<a"]
+|===
+| Setting | Description
+
+
+// tag::headers-setting[]
+|
+[id="{type}-headers-setting"]
+`headers`
+
+| Custom HTTP headers to add to each request created by the {es} output.
+
+Example:
+
+[source,yaml]
+------------------------------------------------------------------------------
+outputs:
+  default:
+    type: elasticsearch
+    headers:
+      X-My-Header: Header contents
+------------------------------------------------------------------------------
+
+Specify multiple header values for the same header name by separating them with
+a comma.
+// end::headers-setting[]
+
+// =============================================================================
+
+// tag::parameters-setting[]
+|
+[id="{type}-parameters-setting"]
+`parameters`
+
+| Dictionary of HTTP parameters to pass within the url with index operations.
+// end::parameters-setting[]
+
+// =============================================================================
+
+// tag::path-setting[]
+|
+[id="{type}-path-setting"]
+`path`
+
+| (string) An HTTP path prefix that is prepended to the HTTP API calls. This is
+useful for the cases where {es} listens behind an HTTP reverse proxy that
+exports the API under a custom prefix.
+// end::path-setting[]
+
+// =============================================================================
+
+|===
+
+[[output-elasticsearch-performance-tuning-settings]]
+== Performance tuning settings
+
+Settings that may affect performance.
+
+
+[cols="2*<a"]
+|===
+| Setting | Description
+
+// tag::backoff.init-setting[]
+|
+[id="{type}-backoff.init-setting"]
+`backoff.init`
+
+| (string) The number of seconds to wait before trying to reconnect to {es}
+after a network error. After waiting `backoff.init` seconds, {agent} tries to
+reconnect. If the attempt fails, the backoff timer is increased exponentially up
+to `backoff.max`. After a successful connection, the backoff timer is reset.
+
+*Default:* `1s`
+// end::backoff.init-setting[]
+
+// =============================================================================
+
+// tag::backoff.max-setting[]
+|
+[id="{type}-backoff.max-setting"]
+`backoff.max`
+
+| (string) The maximum number of seconds to wait before attempting to connect to
+{es} after a network error.
+
+*Default:* `60s`
+// end::backoff.max-setting[]
+
+// =============================================================================
+
+// tag::bulk_max_size-setting[]
+|
+[id="{type}-bulk_max_size-setting"]
+`bulk_max_size`
+
+| (int) The maximum number of events to bulk in a single {es} bulk API index
+request. 
+
+Events can be collected into batches. {agent} will split batches larger than
+`bulk_max_size` into multiple batches.
+
+Specifying a larger batch size can improve performance by lowering the overhead
+of sending events. However big batch sizes can also increase processing times,
+which might result in API errors, killed connections, timed-out publishing
+requests, and, ultimately, lower throughput.
+
+Setting `bulk_max_size` to values less than or equal to 0 turns off the
+splitting of batches. When splitting is disabled, the queue decides on the
+number of events to be contained in a batch.
+
+*Default:* `50`
+// end::bulk_max_size-setting[]
+
+// =============================================================================
+
+include::output-shared-settings.asciidoc[tag=compression_level-setting]
+
+*Default:* `0`
+
+// =============================================================================
+
+// tag::max_retries-setting[]
+|
+[id="{type}-max_retries-setting"]
+`max_retries`
+
+| (int) The number of times to retry publishing an event after a publishing
+failure. After the specified number of retries, the events are typically
+dropped.
+
+Set `max_retries` to a value less than 0 to retry until all events are published.
+
+*Default:* `3`
+// end::max_retries-setting[]
+
+// =============================================================================
+
+// tag::timeout-setting[]
+|
+[id="{type}-timeout-setting"]
+`timeout`
+
+| (string) The HTTP request timeout in seconds for the {es} request.
+
+*Default:* `90s`
+
+// end::timeout-setting[]
+
+// =============================================================================
+
+include::output-shared-settings.asciidoc[tag=worker-setting]
+
+// =============================================================================
+
+|===
+
+:type!: 
diff --git a/docs/en/ingest-management/elastic-agent/configuration/outputs/output-logstash.asciidoc b/docs/en/ingest-management/elastic-agent/configuration/outputs/output-logstash.asciidoc
new file mode 100644
index 0000000000..7728994681
--- /dev/null
+++ b/docs/en/ingest-management/elastic-agent/configuration/outputs/output-logstash.asciidoc
@@ -0,0 +1,347 @@
+:type: output-logstash
+
+[[logstash-output]]
+= {ls} output
+
+++++
+<titleabbrev>Logstash</titleabbrev>
+++++
+
+IMPORTANT: The {ls} output is currently only supported for {agent}s in
+standalone mode. {fleet}-managed agents are not supported.
+
+The {ls} output uses an internal protocol to send events directly to {ls} over
+TCP. {ls} provides additional parsing, transformation, and routing of data
+collected by {agent}.
+
+*Compatibility:* This output works with all compatible versions of {ls}. Refer
+to the https://www.elastic.co/support/matrix#matrix_compatibility[Elastic
+Support Matrix].
+
+This example configures a {ls} output called `default` in the
+`elastic-agent.yml` file:
+
+//TODO: Provide a example that shows more of the settings users are likely to
+//change.
+
+[source,yaml]
+----
+outputs:
+  default:
+    type: logstash
+    hosts: ["127.0.0.1:5044"] <1>
+----
+<1> The {ls} server and the port (`5044`) where {ls} is configured to listen for
+incoming {agent} connections.
+
+To receive the events in {ls}, you also need to create a {ls} configuration pipeline.
+The {ls} configuration pipeline listens for incoming {agent} connections,
+processes received events, and then sends the events to {es}.
+
+The following example configures a {ls} pipeline that listens on port `5044` for
+incoming {agent} connections and routes received events to {es}:
+
+[source,yaml]
+----
+input {
+  elastic_agent {
+    port => 5044
+  }
+}
+
+output {
+  elasticsearch {
+    hosts => ["http://localhost:9200"] <1>
+    data_stream => "true"
+  }
+}
+----
+<1> The {es} server and the port (`9200`) where {es} is running.
+
+For more information about configuring {ls}, refer to
+{logstash-ref}/configuration.html[Configuring {ls}] and
+{logstash-ref}/plugins-inputs-elastic_agent.html[{agent} input plugin].
+
+== {ls} output configuration settings
+
+The `logstash` output supports the following settings, grouped by category.
+Many of these settings have sensible defaults that allow you to run {agent} with
+minimal configuration.
+
+* <<output-logstash-commonly-used-settings>>
+
+* <<output-logstash-authentication-settings>>
+
+* <<output-logstash-performance-tuning-settings>>
+
+[[output-logstash-commonly-used-settings]]
+== Commonly used settings
+
+[cols="2*<a"]
+|===
+| Setting | Description
+
+include::output-shared-settings.asciidoc[tag=enabled-setting]
+
+// =============================================================================
+
+include::output-shared-settings.asciidoc[tag=escape_html-setting]
+
+// =============================================================================
+
+// tag::hosts-setting[]
+|
+[id="{type}-hosts-setting"]
+`hosts`
+
+| (list) The list of known {ls} servers to connect to. If load balancing is
+disabled, but multiple hosts are configured, one host is selected randomly
+(there is no precedence). If one host becomes unreachable, another one is
+selected randomly.
+
+All entries in this list can contain a port number. If no port is specified,
+`5044` is used.
+
+// =============================================================================
+
+// tag::proxy_url-setting[]
+|
+[id="{type}-proxy_url-setting"]
+`proxy_url`
+
+| (string) The URL of the SOCKS5 proxy to use when connecting to the {ls}
+servers. The value must be a URL with a scheme of `socks5://`. The protocol used
+to communicate to {ls} is not based on HTTP, so you cannot use a web proxy.
+
+If the SOCKS5 proxy server requires client authentication, embed a username and
+password in the URL as shown in the example.
+
+When using a proxy, hostnames are resolved on the proxy server instead of on the
+client. To change this behavior, set `proxy_use_local_resolver`.
+
+[source,yaml]
+----
+outputs:
+  default:
+    type: logstash
+    hosts: ["remote-host:5044"]
+    proxy_url: socks5://user:password@socks5-proxy:2233
+----
+
+// end::proxy_url-setting[]
+
+// =============================================================================
+// tag::proxy_use_local_resolver-setting[]
+|
+[id="{type}-proxy_use_local_resolver-setting"]
+`proxy_use_`
+`local_resolver`
+
+| (boolean) Determines whether {ls} hostnames are resolved locally when using a
+proxy. If `false` and a proxy is used, name resolution occurs on the proxy
+server.
+
+*Default:* `false`
+
+// end::proxy_use_local_resolver-setting[]
+
+// =============================================================================
+
+
+|===
+
+
+[[output-logstash-authentication-settings]]
+== Authentication settings
+
+Settings for authenticating with {ls}.
+
+To use SSL, you must also configure the
+{logstash-ref}/plugins-inputs-beats.html[{agent} input plugin for Logstash] to
+use SSL/TLS.
+
+include::../authentication/ssl-shared-settings.asciidoc[tag=ssl-all-settings]
+
+[[output-logstash-performance-tuning-settings]]
+== Performance tuning settings
+
+Settings that may affect performance.
+
+[cols="2*<a"]
+|===
+| Setting | Description
+
+// tag::backoff.init-setting[]
+|
+[id="{type}-backoff.init-setting"]
+`backoff.init`
+
+| (string) The number of seconds to wait before trying to reconnect to {ls}
+after a network error. After waiting `backoff.init` seconds, {agent} tries to
+reconnect. If the attempt fails, the backoff timer is increased exponentially up
+to `backoff.max`. After a successful connection, the backoff timer is reset.
+
+*Default:* `1s`
+// end::backoff.init-setting[]
+
+// =============================================================================
+
+// tag::backoff.max-setting[]
+|
+[id="{type}-backoff.max-setting"]
+`backoff.max`
+
+| (string) The maximum number of seconds to wait before attempting to connect to
+{es} after a network error.
+
+*Default:* `60s`
+
+// end::backoff.max-setting[]
+
+// =============================================================================
+
+// tag::bulk_max_size-setting[]
+|
+[id="{type}-bulk_max_size-setting"]
+`bulk_max_size`
+
+| (int) The maximum number of events to bulk in a single {ls} request.
+
+Events can be collected into batches. {agent} will split batches larger than
+`bulk_max_size` into multiple batches.
+
+Specifying a larger batch size can improve performance by lowering the overhead
+of sending events. However big batch sizes can also increase processing times,
+which might result in API errors, killed connections, timed-out publishing
+requests, and, ultimately, lower throughput.
+
+Set this value to `0` to turn off the splitting of batches. When splitting is
+turned off, the queue determines the number of events to be contained in a
+batch.
+
+*Default:* `2048`
+// end::bulk_max_size-setting[]
+
+// =============================================================================
+
+include::output-shared-settings.asciidoc[tag=compression_level-setting]
+
+*Default:* `3`
+
+// =============================================================================
+
+// tag::loadbalance-setting[]
+|
+[id="{type}-loadbalance-setting"]
+`loadbalance`
+
+| If `true` and multiple {ls} hosts are configured, the output plugin
+load balances published events onto all {ls} hosts. If `false`,
+the output plugin sends all events to one host (determined at random) and
+switches to another host if the selected one becomes unresponsive.
+
+*Default:* `false`
+
+Example:
+
+[source,yaml]
+------------------------------------------------------------------------------
+outputs:
+  default:
+    type: logstash
+    hosts: ["localhost:5044", "localhost:5045"]
+    loadbalance: true
+------------------------------------------------------------------------------
+
+// end::loadbalance-setting[]
+
+// =============================================================================
+
+// tag::max_retries-setting[]
+|
+[id="{type}-max_retries-setting"]
+`max_retries`
+
+| (int) The number of times to retry publishing an event after a publishing
+failure. After the specified number of retries, the events are typically
+dropped.
+
+Set `max_retries` to a value less than 0 to retry until all events are published.
+
+*Default:* `3`
+// end::max_retries-setting[]
+
+// =============================================================================
+
+// tag::pipelining-setting[]
+|
+[id="{type}-pipelining-setting"]
+`pipelining`
+
+| (int) The number of batches to send asynchronously to {ls} while waiting
+for an ACK from {ls}. The output becomes blocking after the specified number of
+batches are written. Specify `0` to turn off pipelining.
+
+*Default:* `2`
+
+// end::pipelining-setting[]
+
+// =============================================================================
+
+// tag::slow_start-setting[]
+|
+[id="{type}-slow_start-setting"]
+`slow_start`
+
+| (boolean) If `true`, only a subset of events in a batch of events is transferred
+per transaction. The number of events to be sent increases up to
+`bulk_max_size` if no error is encountered. On error, the number of events per
+transaction is reduced again.
+
+*Default:* `false`
+
+// end::slow_start-setting[]
+
+// =============================================================================
+
+// tag::timeout-setting[]
+|
+[id="{type}-timeout-setting"]
+`timeout`
+
+| (string) The number of seconds to wait for responses from the {ls} server
+before timing out.
+
+*Default:* `30s`
+
+// end::timeout-setting[]
+
+// =============================================================================
+
+// tag::ttl-setting[]
+|
+[id="{type}-ttl-setting"]
+`ttl`
+
+| (string) Time to live for a connection to {ls} after which the connection will be
+reestablished. This setting is useful when {ls} hosts represent load balancers.
+Because connections to {ls} hosts are sticky, operating behind load balancers
+can lead to uneven load distribution across instances. Specify a TTL on the
+connection to achieve equal connection distribution across instances.
+
+*Default:* `0` (turns off the feature)
+
+NOTE: The `ttl` option is not yet supported on an async {ls} client (one with
+the `pipelining` option set).
+
+// end::ttl-setting[]
+
+// =============================================================================
+
+include::output-shared-settings.asciidoc[tag=worker-setting]
+
+// =============================================================================
+
+|===
+
+:type!: 
diff --git a/docs/en/ingest-management/elastic-agent/configuration/outputs/output-shared-settings.asciidoc b/docs/en/ingest-management/elastic-agent/configuration/outputs/output-shared-settings.asciidoc
new file mode 100644
index 0000000000..35be9fe0da
--- /dev/null
+++ b/docs/en/ingest-management/elastic-agent/configuration/outputs/output-shared-settings.asciidoc
@@ -0,0 +1,60 @@
+// These settings are shared across the docs for multiple outputs. 
+
+// =============================================================================
+
+// tag::compression_level-setting[]
+|
+[id="{type}-compression_level-setting"]
+`compression_level`
+
+| (int) The gzip compression level. Set this value to `0` to disable compression.
+The compression level must be in the range of `1` (best speed) to `9` (best
+compression).
+
+Increasing the compression level reduces network usage but increases CPU usage.
+
+// Default varies by output
+// end::compression_level-setting[]
+
+// =============================================================================
+
+// tag::enabled-setting[]
+|
+[id="{type}-enabled-setting"]
+`enabled`
+
+| (boolean) Enables or disables the output. If set to `false`, the output is
+disabled.
+
+// end::enabled-setting[]
+
+// =============================================================================
+
+// tag::escape_html-setting[]
+|
+[id="{type}-escape_html-setting"]
+`escape_html`
+
+| (boolean) Configures escaping of HTML in strings. Set to `true` to enable
+escaping.
+
+*Default:* `false`
+// end::escape_html-setting[]
+
+// =============================================================================
+
+// tag::worker-setting[]
+|
+[id="{type}-worker-setting"]
+`worker`
+
+| (int) The number of workers per configured host publishing events to
+{output-type}. This is best used with load balancing mode enabled. Example: If
+you have two hosts and three workers, in total six workers are started (three
+for each host).
+
+*Default:* `1`
+// end::worker-setting[]
+
+// =============================================================================
+
diff --git a/docs/en/ingest-management/elastic-agent/configuration/yaml/elastic-agent-reference-yaml.asciidoc b/docs/en/ingest-management/elastic-agent/configuration/yaml/elastic-agent-reference-yaml.asciidoc
new file mode 100644
index 0000000000..460ce2f30b
--- /dev/null
+++ b/docs/en/ingest-management/elastic-agent/configuration/yaml/elastic-agent-reference-yaml.asciidoc
@@ -0,0 +1,13 @@
+[[elastic-agent-reference-yaml]]
+[role="xpack"]
+= Reference yaml
+
+The {agent} installation includes an `elastic-agent.reference.yml` file that
+describes all the settings available in a standalone configuration.
+
+This file is included here for your convenience.
+
+[source,yaml]
+----
+include::elastic-agent-reference-yaml.yml[]
+----
\ No newline at end of file
diff --git a/docs/en/ingest-management/elastic-agent/elastic-agent-reference-yaml.yml b/docs/en/ingest-management/elastic-agent/configuration/yaml/elastic-agent-reference-yaml.yml
similarity index 74%
rename from docs/en/ingest-management/elastic-agent/elastic-agent-reference-yaml.yml
rename to docs/en/ingest-management/elastic-agent/configuration/yaml/elastic-agent-reference-yaml.yml
index 55ed22e65a..a59be452c6 100644
--- a/docs/en/ingest-management/elastic-agent/elastic-agent-reference-yaml.yml
+++ b/docs/en/ingest-management/elastic-agent/configuration/yaml/elastic-agent-reference-yaml.yml
@@ -1,3 +1,9 @@
+###################### Agent Configuration Example #########################
+
+# This file is an example configuration file highlighting only the most common
+# options. The elastic-agent.reference.yml file from the same directory contains all the
+# supported options with more comments. You can use it as a reference.
+
 ######################################
 # Fleet configuration
 ######################################
@@ -11,22 +17,13 @@ outputs:
 inputs:
   - type: system/metrics
 
-    # The only two requirement are that it has only characters allowed in an Elasticsearch index name
-    # Index names must meet the following criteria:
-    #   Lowercase only
-    #   Cannot include \, /, *, ?, ", <, >, |, ` ` (space character), ,, #
-    #   Cannot start with -, _, +
-    #   Cannot be . or ..
+    # Namespace name must conform to the naming conventions for Elasticsearch indices, cannot contain dashes (-), and cannot exceed 100 bytes
+    # For index naming restrictions, see https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-create-index.html#indices-create-api-path-params
     data_stream.namespace: default
     use_output: default
     streams:
       - metricset: cpu
-        # The only two requirement are that it has only characters allowed in an Elasticsearch index name
-        # Index names must meet the following criteria:
-        #   Lowercase only
-        #   Cannot include \, /, *, ?, ", <, >, |, ` ` (space character), ,, #
-        #   Cannot start with -, _, +
-        #   Cannot be . or ..
+        # Dataset name must conform to the naming conventions for Elasticsearch indices, cannot contain dashes (-), and cannot exceed 100 bytes
         data_stream.dataset: system.cpu
       - metricset: memory
         data_stream.dataset: system.memory
@@ -116,8 +113,17 @@ inputs:
 #   logs: false
 #   # enables metrics monitoring
 #   metrics: false
-
-# # Allow fleet to reload his configuration locally on disk.
+#   # exposes agent metrics using http, by default sockets and named pipes are used
+#   http:
+#       # enables http endpoint
+#       enabled: false
+#       # The HTTP endpoint will bind to this hostname, IP address, unix socket or named pipe.
+#       # When using IP addresses, it is recommended to only use localhost.
+#       host: localhost
+#       # Port on which the HTTP endpoint will bind. Default is 0 meaning feature is disabled.
+#       port: 6791
+
+# # Allow fleet to reload its configuration locally on disk.
 # # Notes: Only specific process configuration will be reloaded.
 # agent.reload:
 #   # enabled configure the Elastic Agent to reload or not the local configuration.
@@ -200,3 +206,48 @@ agent.logging.to_stderr: true
 # information. Recommended to use in combination with `logging.json=true`
 # Defaults to false.
 #agent.logging.ecs: false
+
+# Providers
+
+# Providers supply the key/values pairs that are used for variable substitution
+# and conditionals. Each provider's keys are automatically prefixed with the name
+# of the provider.
+
+#providers:
+
+# Agent provides information about the running agent.
+#  agent:
+#    enabled: true
+
+# Docker provides inventory information from Docker.
+#  docker:
+#    enabled: true
+#    host: "unix:///var/run/docker.sock"
+#    cleanup_timeout: 60
+
+# Env providers information about the running environment.
+#  env:
+#    enabled: true
+
+# Host provides information about the current host.
+#  host:
+#    enabled: true
+
+# Local provides custom keys to use as variable.
+#  local:
+#    enabled: true
+#    vars:
+#      foo: bar
+
+# Local dynamic allows you to define multiple key/values to generate multiple configurations.
+#  local_dynamic:
+#    enabled: true
+#    items:
+#      - vars:
+#          my_var: key1
+#      - vars:
+#          my_var: key2
+#      - vars:
+#          my_var: key3
+
+
diff --git a/docs/en/ingest-management/elastic-agent/elastic-agent-configuration.asciidoc b/docs/en/ingest-management/elastic-agent/elastic-agent-configuration.asciidoc
deleted file mode 100644
index bae8e6790f..0000000000
--- a/docs/en/ingest-management/elastic-agent/elastic-agent-configuration.asciidoc
+++ /dev/null
@@ -1,193 +0,0 @@
-[[elastic-agent-configuration]]
-[role="xpack"]
-= Agent policy settings
-
-The policy settings for {fleet}-managed agents are specified through the UI.
-You do not set them explicitly in a configuration file.
-
-For standalone agents, you need to configure settings in the `elastic-agent.yml`
-file. Prior to installation, edit the file located in the extracted {agent}
-package. After installation, edit the file located in the directory
-described in <<installation-layout>>.
-
-TIP: To get started quickly, you can use {fleet} to generate a standalone
-configuration. For more information, see <<run-elastic-agent-standalone>>.
-
-The following sections describe some settings you might need to configure to
-run an {agent} standalone. For a full reference example, refer to the
-<<elastic-agent-reference-yaml,elastic-agent.reference.yml>> file.
-
-
-[discrete]
-[[elastic-agent-output-configuration]]
-== Output settings
-
-Output settings specify where to send data. You can specify multiple outputs to
-pair specific inputs with specific outputs.
-
-{agent} currently supports these outputs:
-
-* <<elasticsearch-output>>
-* <<logstash-output>> (standalone mode only)
-
-[discrete]
-[[elasticsearch-output]]
-=== {es} output
-
-The {es} output sends events directly to {es} by using the {es} HTTP API.
-
-*Compatibility:* This output works with all compatible versions of {es}. See the
-https://www.elastic.co/support/matrix#matrix_compatibility[Elastic Support
-Matrix].
-
-This example configures two {es} outputs: `default` and  `monitoring`:
-
-[source,yaml]
--------------------------------------------------------------------------------------
-outputs:
-  default:
-    type: elasticsearch
-    hosts: [127.0.0.1:9200]
-    username: elastic
-    password: changeme
-
-  monitoring:
-    type: elasticsearch
-    api_key: VuaCfGcBCdbkQm-e5aOx:ui2lp2axTNmsyakw9tvNnw
-    hosts: ["localhost:9200"]
-    ca_sha256: "7lHLiyp4J8m9kw38SJ7SURJP4bXRZv/BNxyyXkCcE/M="
--------------------------------------------------------------------------------------
-
-Notice that they use different authentication methods. The first one uses a
-username and password pair, and the second one contains an API key.
-
-[NOTE]
-==============
-A default output configuration is required.
-==============
-
-[discrete]
-[[logstash-output]]
-= {ls} output
-
-IMPORTANT: The {ls} output is currently only supported for {agent}s in
-standalone mode. {fleet}-managed agents are not supported.
-
-The {ls} output uses an internal protocol to send events directly to {ls} over
-TCP. {ls} provides additional parsing, transformation, and routing of data
-collected by {agent}.
-
-*Compatibility:* This output works with all compatible versions of {ls}. Refer
-to the https://www.elastic.co/support/matrix#matrix_compatibility[Elastic
-Support Matrix].
-
-This example configures a {ls} output called `default` in the
-`elastic-agent.yml` file:
-
-[source,yaml]
-----
-outputs:
-  default:
-    type: logstash
-    hosts: ["127.0.0.1:5044"] <1>
-----
-<1> The {ls} server and the port (`5044`) where {ls} is configured to listen for
-incoming {agent} connections.
-
-To send events to {ls}, you also need to create a {ls} configuration pipeline.
-The {ls} configuration pipeline listens for incoming {agent} connections,
-processes received events, and then sends the events to {es}.
-
-The following example configures a {ls} pipeline that listens on port `5044` for
-incoming {agent} connections and routes received events to {es}:
-
-[source,yaml]
-----
-input {
-  elastic_agent {
-    port => 5044
-  }
-}
-output {
-  elasticsearch {
-    hosts => ["http://localhost:9200"] <1>
-    data_stream => "true"
-  }
-}
-----
-<1> The {es} server and the port (`9200`) where {es} is running.
-
-For more information about configuring {ls}, refer to
-{logstash-ref}/configuration.html[Configuring {ls}] and
-{logstash-ref}/plugins-inputs-elastic_agent.html[{agent} input plugin].
-
-[discrete]
-[[elastic-agent-monitoring-configuration]]
-== {beats} monitoring settings
-
-{agent} monitors {beats} by default. To disable or change monitoring
-settings, set options under `agent.monitoring`:
-
-[source,yaml]
--------------------------------------------------------------------------------------
-agent.monitoring:
-  # enabled turns on monitoring of running processes
-  enabled: true
-  # enables log monitoring
-  logs: true
-  # enables metrics monitoring
-  metrics: true
-  # specifies output to be used
-  use_output: monitoring
--------------------------------------------------------------------------------------
-
-
-To disable monitoring, set `agent.monitoring.enabled` to `false`. When set to
-`false`, {beats} monitoring is turned off, and all other options in this section
-are ignored.
-
-To enable monitoring, set `agent.monitoring.enabled` to `true`. Also set the
-`logs` and `metrics` settings to control whether logs, metrics, or both are
-collected. If neither setting is specified, monitoring is disabled. Set
-`use_output` to specify the output to which monitoring events are sent.
-
-[discrete]
-[[elastic-agent-input-configuration]]
-== Input settings
-
-By default {agent} collects system metrics, such as cpu, memory, network, and
-filesystem metrics, and sends them to the default output. For example:
-
-
-[source,yaml]
--------------------------------------------------------------------------------------
-inputs:
-  - type: system/metrics
-    data_stream.namespace: default
-    use_output: default
-    streams:
-      - metricset: cpu
-        data_stream.dataset: system.cpu
-      - metricset: memory
-        data_stream.dataset: system.memory
-      - metricset: network
-        data_stream.dataset: system.network
-      - metricset: filesystem
-        data_stream.dataset: system.filesystem
--------------------------------------------------------------------------------------
-
-If `use_output` is not specified, the `default` output is used.
-
-[discrete]
-[[elastic-agent-reference-yaml]]
-== Reference yaml
-
-The {agent} installation includes an `elastic-agent.reference.yml` file that
-describes settings available in a standalone configuration.
-
-The contents of the file are included here for your convenience.
-
-[source,yaml]
-----
-include::elastic-agent-reference-yaml.yml[]
-----
diff --git a/docs/en/ingest-management/elastic-agent/elastic-agent.asciidoc b/docs/en/ingest-management/elastic-agent/elastic-agent.asciidoc
index 7218f9e99b..c708c85ed6 100644
--- a/docs/en/ingest-management/elastic-agent/elastic-agent.asciidoc
+++ b/docs/en/ingest-management/elastic-agent/elastic-agent.asciidoc
@@ -20,11 +20,9 @@ To learn how to install, configure, and run your {agent}s, see:
 * <<start-elastic-agent>>
 * <<stop-elastic-agent>>
 * <<unenroll-elastic-agent>>
-* <<elastic-agent-configuration>>
 * <<dynamic-input-configuration>>
 * <<agent-environment-variables>>
 * <<elastic-agent-logging>>
-* <<elastic-agent-standalone-logging-config>>
 
 include::install-elastic-agent.asciidoc[leveloffset=+1]
 
@@ -32,8 +30,6 @@ include::uninstall-elastic-agent.asciidoc[leveloffset=+1]
 
 include::run-elastic-agent-standalone.asciidoc[leveloffset=+1]
 
-include::elastic-agent-configuration.asciidoc[leveloffset=+2]
-
 include::elastic-agent-container.asciidoc[leveloffset=+1]
 
 include::running-on-kubernetes-managed-by-fleet.asciidoc[leveloffset=+1]
@@ -57,5 +53,3 @@ include::elastic-agent-capabilities.asciidoc[leveloffset=+1]
 include::configuration/env/container-envs.asciidoc[leveloffset=+1]
 
 include::elastic-agent-logging.asciidoc[leveloffset=+1]
-
-include::elastic-agent-standalone-logging.asciidoc[leveloffset=+1]
diff --git a/docs/en/ingest-management/index.asciidoc b/docs/en/ingest-management/index.asciidoc
index 837d99d2b7..107336e22e 100644
--- a/docs/en/ingest-management/index.asciidoc
+++ b/docs/en/ingest-management/index.asciidoc
@@ -40,12 +40,14 @@ include::getting-started-traces.asciidoc[leveloffset=+1]
 
 include::elastic-agent/elastic-agent.asciidoc[leveloffset=+1]
 
+include::agent-policies.asciidoc[leveloffset=+1]
+
+include::elastic-agent/configuration/elastic-agent-configuration.asciidoc[leveloffset=+1]
+
 include::fleet/fleet-settings.asciidoc[leveloffset=+1]
 
 include::fleet/fleet-server.asciidoc[leveloffset=+1]
 
-include::agent-policies.asciidoc[leveloffset=+1]
-
 include::security/enrollment-tokens.asciidoc[leveloffset=+1]
 
 include::security/certificates.asciidoc[leveloffset=+1]