Elastic Agent command line options
editElastic Agent command line options
editThis functionality is in beta and is subject to change. The design and code is less mature than official GA features and is being provided as-is with no warranties. Beta features are not subject to the support SLA of official GA features.
Elastic Agent provides commands for running the agent and doing common tasks:
You might need to log in as a root user to run these commands.
elastic-agent enroll
editEnroll the Elastic Agent in Fleet.
We recommend that you run this command as the root user because some
integrations require root privileges to collect sensitive data. This command
overwrites the elastic-agent.yml
file in the agent directory.
Synopsis
editelastic-agent enroll <kibana_url> <enrollment_token> [--ca-sha256 <string>] [--certificate-authorities <string>] [--force] [--help] [--insecure] [global-flags]
Options
edit-
kibana_url
- Required. URL of the Kibana endpoint where Fleet is running.
-
enrollment_token
- Required. Enrollment token generated by Fleet. You can use the same enrollment token for multiple agents.
-
--ca-sha256 <string>
- Comma-separated list of certificate authority hash pins used for certificate verification.
-
--certificate-authorities <string>
- Comma-separated list of root certificates used for server verification.
-
--force
- Force overwrite of current configuration without prompting for confirmation. This flag is helpful when using automation software or scripted deployments.
-
--help
-
Show help for the
enroll
command. -
--insecure
- Allow an insecure connection to Kibana. When this flag is specified, API keys are sent in clear text. We strongly recommend that you use a secure connection.
For more flags, see Global flags.
Example
editelastic-agent enroll http://localhost:5601 ZnmNIdzVITUJua2QIdU5FTWROVjY6dHY2N1EybWNTMUdPejg5ODbYcVpNUQ==
elastic-agent help
editShow help for a specific command.
Synopsis
editelastic-agent help <command> [--help] [global-flags]
Options
edit-
command
- The name of the command.
-
--help
-
Show help for the
help
command.
For more flags, see Global flags.
Example
editelastic-agent help enroll
elastic-agent inspect
editShow the current Elastic Agent configuration.
If no parameters are specified, shows the full Elastic Agent configuration.
Synopsis
editelastic-agent inspect [--help] [global-flags] elastic-agent inspect output [--output <string>] [--program <string>] [--help] [global-flags]
Options
edit-
output
-
Display the current configuration for the output. This command accepts additional flags:
-
--output <string>
- The name of the output to inspect.
-
--program <string>
-
The type of program to inspect. For example,
filebeat
. This option must be combined with--output
.
-
-
--help
-
Show help for the
inspect
command.
For more flags, see Global flags.
Examples
editelastic-agent inspect elastic-agent inspect output --output default elastic-agent inspect output --output default --program filebeat
elastic-agent install
editInstall Elastic Agent permanently on the system and manage it by using the system’s service manager. The agent will start automatically after installation is complete. On Linux, this command requires a system and service manager like systemd.
You must run this command as the root user (or Administrator on Windows)
to write files to the correct locations. This command overwrites the
elastic-agent.yml
file in the agent directory.
Synopsis
editelastic-agent install [--ca-sha256 <string>] [--certificate-authorities <string>] [--enrollment-token <string>] [--force] [--help] [--insecure] [--kibana-url <string>] [global-flags]
Options
edit-
--ca-sha256 <string>
- Comma-separated list of certificate authority hash pins used for certificate verification.
-
--certificate-authorities <string>
- Comma-separated list of root certificates used for server verification.
-
--enrollment-token <string>
- Enrollment token generated by Fleet. You can use the same enrollment token for multiple agents.
-
--force
- Force overwrite of current configuration without prompting for confirmation. This flag is helpful when using automation software or scripted deployments.
-
--help
-
Show help for the
install
command. -
--insecure
- Allow an insecure connection to Kibana. When this flag is specified, API keys are sent in clear text. We strongly recommend that you use a secure connection.
-
--kibana-url <string>
- URL of the Kibana endpoint where Fleet is running.
For more flags, see Global flags.
Examples
editelastic-agent install -f --kibana-url=https://yourhost:5601 \ --enrollment-token=OEV0bmauVUI0a3dmdWc1T3Bad1o6VGxCa3U4UEFTQ0NycbBSUFwoazVBdx==
elastic-agent restart
editRestart the currently running Elastic Agent daemon.
Synopsis
editelastic-agent restart [--help] [global-flags]
Options
edit-
--help
-
Show help for the
restart
command.
For more flags, see Global flags.
Examples
editelastic-agent restart
elastic-agent run
editStart the elastic-agent
process.
Synopsis
editelastic-agent run [global-flags]
Global flags
editThese flags are valid whenever you run elastic-agent
on the command line.
-
-c <string>
-
The configuration file to use. If not specified, Elastic Agent uses
{path.config}/elastic-agent.yml
. -
--e
- Log to stderr and disable syslog/file output.
-
--environment <environmentVar>
- The environment in which the agent will run.
-
--path.config <string>
- The directory where Elastic Agent looks for its configuration file. The default varies by platform.
-
--path.home <string>
-
The root directory of Elastic Agent.
path.home
determines the location of the configuration files and data directory.If not specified, Elastic Agent uses the current working directory.
-
--path.logs <string>
- Path to the log output for Elastic Agent. The default varies by platform.
-
--v
- Set log level to INFO.
Example
editelastic-agent run -c myagentconfig.yml
elastic-agent uninstall
editPermanently uninstall Elastic Agent from the system.
You must run this command as the root user (or Administrator on Windows) to remove files.
Synopsis
editelastic-agent uninstall [--force] [--help] [global-flags]
Options
edit-
--force
- Uninstall Elastic Agent and do not prompt for confirmation. This flag is helpful when using automation software or scripted deployments.
-
--help
-
Show help for the
uninstall
command.
For more flags, see Global flags.
Examples
editelastic-agent uninstall
elastic-agent upgrade
editUpgrade the currently running Elastic Agent to the specified version. This should only be used with agents running in standalone mode. Agents enrolled in Fleet should be upgraded through Fleet.
Synopsis
editelastic-agent upgrade <version> [--source-uri <string>] [--help] [flags]
Options
edit-
version
- The version of Elastic Agent to upgrade to.
-
--source-uri <string>
- The source URI to download the new version from. By default, Elastic Agent uses the Elastic Artifacts URL.
-
--help
-
Show help for the
upgrade
command.
For more flags, see Global flags.
Examples
editelastic-agent upgrade 7.10.1
elastic-agent version
editShow the version of Elastic Agent.
Synopsis
editelastic-agent version [--help] [global-flags]
Options
edit-
--help
-
Show help for the
version
command.
For more flags, see Global flags.
Example
editelastic-agent version