Run Elastic Agent standalone (advanced users)

edit

Run Elastic Agent standalone (advanced users)

edit

This functionality is in beta and is subject to change. The design and code is less mature than official GA features and is being provided as-is with no warranties. Beta features are not subject to the support SLA of official GA features.

Instead of using Fleet to manage your Elastic Agents, you can run agents standalone. With standalone mode, you manually configure and manage the agents locally on the systems where they are installed.

Standalone agents are unable to update to new integration package versions automatically. When you update the package version in Kibana, you’ll need to update the standalone policy manually.

To save time, use Fleet in Kibana to generate your standalone configuration:

  1. Log in to Kibana and go to Management > Fleet.
  2. On the Agents tab, click Add agent, and look at the deployment instructions under Run standalone.
  3. If you haven’t already, download and extract the Elastic Agent to your host:

    curl -L -O https://artifacts.elastic.co/downloads/beats/elastic-agent/elastic-agent-7.11.2-darwin-x86_64.tar.gz
    tar xzvf elastic-agent-7.11.2-darwin-x86_64.tar.gz

    See the download page for other installation options.

  4. Back in Fleet, under Choose an agent policy, select a policy to use for the agent. The default policy includes a system integration for collecting logs and metrics from the host system.
  5. Under Configure the agent, copy or download the policy. Copy this policy to the elastic-agent.yml on the host where the Elastic Agent is extracted.

    Fleet showing default agent policy in YAML format

    The policy generated by Fleet already contains the correct Elasticsearch address and port for your setup. If you run everything locally, the address is 127.0.0.1:9200. If you use our hosted Elasticsearch Service on Elastic Cloud, you can see the Elasticsearch endpoint URL by copying it from the overview page of your deployment.

  6. Modify ES_USERNAME and ES_PASSWORD in the outputs section of elastic-agent.yml to use your Elasticsearch credentials. For example:

    [...]
    outputs:
      default:
        type: elasticsearch
        hosts:
          - 'http://localhost:9200'
        username: ES_USERNAME 
        password: ES_PASSWORD
    [...]

    This user must have the privileges shown in the following example.

    To create a role that has the privileges needed by the Elastic Agent user, go to Management > Dev Tools in Kibana and run:

    POST /_security/role/standalone_agent
    {
      "cluster": ["monitor"],
      "indices": [
        {
          "names": ["logs-*", "metrics-*", "events-*", ".ds-logs-*", ".ds-metrics-*", ".ds-events-*"],
          "privileges": ["write", "create_index", "indices:admin/auto_create"]
        }
      ]
    }

    Make sure you assign this role to the user in Kibana.

  7. From the agent directory, run the appropriate command to install Elastic Agent as a managed service and start the service:

    You must run this command as the root user because some integrations require root privileges to collect sensitive data.

    sudo ./elastic-agent install

    This step installs the Elastic Agent files, including the elastic-agent.yml file you modified earlier, into the directory locations described in Installation layout.

For additional configuration options, see Policy settings.