Elastic Agent command line options

edit

Elastic Agent command line options

edit

This functionality is in beta and is subject to change. The design and code is less mature than official GA features and is being provided as-is with no warranties. Beta features are not subject to the support SLA of official GA features.

Elastic Agent provides commands for running the agent and doing common tasks:

You might need to log in as a root user to run these commands.


elastic-agent enroll

edit

Enroll the Elastic Agent in Fleet.

We recommend that you run this command as the root user because some integrations require root privileges to collect sensitive data. This command overwrites the elastic-agent.yml file in the agent directory.

Synopsis
edit
elastic-agent enroll <kibana_url> <enrollment_token> [--ca-sha256 <string>]
                     [--certificate-authorities <string>] [--force] [--help]
                     [--insecure] [global-flags]
Options
edit
kibana_url
Required. URL of the Kibana endpoint where Fleet is running.
enrollment_token
Required. Enrollment token generated by Fleet. You can use the same enrollment token for multiple agents.
--ca-sha256 <string>
Comma-separated list of certificate authority hash pins used for certificate verification.
--certificate-authorities <string>
Comma-separated list of root certificates used for server verification.
--force
Force overwrite of current configuration without prompting for confirmation. This flag is helpful when using automation software or scripted deployments.
--help
Show help for the enroll command.
--insecure
Allow an insecure connection to Kibana. When this flag is specified, API keys are sent in clear text. We strongly recommend that you use a secure connection.

For more flags, see Global flags.

Example
edit
elastic-agent enroll http://localhost:5601 ZnmNIdzVITUJua2QIdU5FTWROVjY6dHY2N1EybWNTMUdPejg5ODbYcVpNUQ==

elastic-agent help

edit

Show help for a specific command.

Synopsis
edit
elastic-agent help <command> [--help] [global-flags]
Options
edit
command
The name of the command.
--help
Show help for the help command.

For more flags, see Global flags.

Example
edit
elastic-agent help enroll

elastic-agent inspect

edit

Show the current Elastic Agent configuration.

If no parameters are specified, shows the full Elastic Agent configuration.

Synopsis
edit
elastic-agent inspect [--help] [global-flags]
elastic-agent inspect output [--output <string>] [--program <string>]
                             [--help] [global-flags]
Options
edit
output

Display the current configuration for the output. This command accepts additional flags:

--output <string>
The name of the output to inspect.
--program <string>
The type of program to inspect. For example, filebeat. This option must be combined with --output.
--help
Show help for the inspect command.

For more flags, see Global flags.

Examples
edit
elastic-agent inspect
elastic-agent inspect output --output default
elastic-agent inspect output --output default --program filebeat

elastic-agent install

edit

Install Elastic Agent permanently on the system and manage it by using the system’s service manager. The agent will start automatically after installation is complete. On Linux, this command requires a system and service manager like systemd.

You must run this command as the root user (or Administrator on Windows) to write files to the correct locations. This command overwrites the elastic-agent.yml file in the agent directory.

Synopsis
edit
elastic-agent install [--ca-sha256 <string>] [--certificate-authorities <string>]
                      [--enrollment-token <string>] [--force] [--help]
                      [--insecure] [--kibana-url <string>]
                      [global-flags]
Options
edit
--ca-sha256 <string>
Comma-separated list of certificate authority hash pins used for certificate verification.
--certificate-authorities <string>
Comma-separated list of root certificates used for server verification.
--enrollment-token <string>
Enrollment token generated by Fleet. You can use the same enrollment token for multiple agents.
--force
Force overwrite of current configuration without prompting for confirmation. This flag is helpful when using automation software or scripted deployments.
--help
Show help for the install command.
--insecure
Allow an insecure connection to Kibana. When this flag is specified, API keys are sent in clear text. We strongly recommend that you use a secure connection.
--kibana-url <string>
URL of the Kibana endpoint where Fleet is running.

For more flags, see Global flags.

Examples
edit
elastic-agent install -f --kibana-url=https://yourhost:5601 \
  --enrollment-token=OEV0bmauVUI0a3dmdWc1T3Bad1o6VGxCa3U4UEFTQ0NycbBSUFwoazVBdx==

elastic-agent restart

edit

Restart the currently running Elastic Agent daemon.

Synopsis
edit
elastic-agent restart [--help] [global-flags]
Options
edit
--help
Show help for the restart command.

For more flags, see Global flags.

Examples
edit
elastic-agent restart

elastic-agent run

edit

Start the elastic-agent process.

Synopsis
edit
elastic-agent run [global-flags]
Global flags
edit

These flags are valid whenever you run elastic-agent on the command line.

-c <string>
The configuration file to use. If not specified, Elastic Agent uses {path.config}/elastic-agent.yml.
--e
Log to stderr and disable syslog/file output.
--environment <environmentVar>
The environment in which the agent will run.
--path.config <string>
The directory where Elastic Agent looks for its configuration file. The default varies by platform.
--path.home <string>

The root directory of Elastic Agent. path.home determines the location of the configuration files and data directory.

If not specified, Elastic Agent uses the current working directory.

--path.logs <string>
Path to the log output for Elastic Agent. The default varies by platform.
--v
Set log level to INFO.
Example
edit
elastic-agent run -c myagentconfig.yml

elastic-agent uninstall

edit

Permanently uninstall Elastic Agent from the system.

You must run this command as the root user (or Administrator on Windows) to remove files.

Synopsis
edit
elastic-agent uninstall [--force] [--help] [global-flags]
Options
edit
--force
Uninstall Elastic Agent and do not prompt for confirmation. This flag is helpful when using automation software or scripted deployments.
--help
Show help for the uninstall command.

For more flags, see Global flags.

Examples
edit
elastic-agent uninstall

elastic-agent upgrade

edit

Upgrade the currently running Elastic Agent to the specified version. This should only be used with agents running in standalone mode. Agents enrolled in Fleet should be upgraded through Fleet.

Synopsis
edit
elastic-agent upgrade <version> [--source-uri <string>] [--help] [flags]
Options
edit
version
The version of Elastic Agent to upgrade to.
--source-uri <string>
The source URI to download the new version from. By default, Elastic Agent uses the Elastic Artifacts URL.
--help
Show help for the upgrade command.

For more flags, see Global flags.

Examples
edit
elastic-agent upgrade 7.10.1

elastic-agent version

edit

Show the version of Elastic Agent.

Synopsis
edit
elastic-agent version [--help] [global-flags]
Options
edit
--help
Show help for the version command.

For more flags, see Global flags.

Example
edit
elastic-agent version