Install Elastic Agents
editInstall Elastic Agents
editTo collect and ship data to the Elastic Stack, install an Elastic Agent on each host you want to monitor. These steps assume that you’re running a fresh installation. If Elastic Agent is already running on your system and you want to upgrade to a new version, see Upgrade Elastic Agent.
You have a few options for installing and managing an Elastic Agent:
-
Install a Fleet-managed Elastic Agent (recommended)
With Fleet, you enroll each agent in a policy defined in Kibana and stored in Elasticsearch. The policy specifies how to collect observability data from the services you want to monitor. The Elastic Agent connects to a trusted Fleet Server instance to retrieve the policy and report agent events.
We recommend using Fleet management because it makes the management and upgrade of your agents considerably easier.
-
Run an Elastic Agent standalone (advanced users)
With standalone mode, you manually configure and manage Elastic Agents locally on the systems where they are installed. This approach is recommended for advanced users only.
Running Elastic Agent in standalone mode is an advanced use case. The documentation is incomplete and not yet mature. When possible, we recommend using Fleet-managed agents instead of standalone mode.
Install a Fleet-managed Elastic Agent
editThis section shows the commands to install an Elastic Agent and enroll it in Fleet. If you’re a new user, read the Quick Start and follow the in-product steps in Kibana, if possible, instead of following the steps described here.
Prerequisites:
- Fleet is currently only available to users with the superuser role.
- A Fleet Server must be running in a location accessible to the Elastic Agent. See Fleet Server.
- In order to use Fleet, the Elastic Agents must have a direct network connection to Fleet Server and Elasticsearch.
-
An internet connection is required for Kibana to download integration packages
from the Elastic Package Registry. Make sure the Kibana server can connect to
https://epr.elastic.co
on port443
. - You must have an enrollment token generated by Fleet. Don’t have a Fleet enrollment key? Read Fleet enrollment tokens to learn how to get one from Fleet.
- You must have the host and IP where Fleet Server is running. Not sure where it’s running? Look at the Fleet settings in Kibana.
- If you’re running Elastic Agent 7.9 or earlier, stop the agent and manually remove it from your host.
To install an Elastic Agent and enroll it in Fleet:
-
On your host, download and extract the installation package.
curl -L -O https://artifacts.elastic.co/downloads/beats/elastic-agent/elastic-agent-7.15.2-darwin-x86_64.tar.gz tar xzvf elastic-agent-7.15.2-darwin-x86_64.tar.gz
curl -L -O https://artifacts.elastic.co/downloads/beats/elastic-agent/elastic-agent-7.15.2-linux-x86_64.tar.gz tar xzvf elastic-agent-7.15.2-linux-x86_64.tar.gz
- Download the Elastic Agent Windows zip file from the downloads page.
- Extract the contents of the zip file.
To simplify upgrading to future versions of Elastic Agent, we recommended that you use the tarball distribution instead of the DEB distribution.
curl -L -O https://artifacts.elastic.co/downloads/beats/elastic-agent/elastic-agent-7.15.2-amd64.deb sudo dpkg -i elastic-agent-7.15.2-amd64.deb
To simplify upgrading to future versions of Elastic Agent, we recommended that you use the tarball distribution instead of the RPM distribution.
curl -L -O https://artifacts.elastic.co/downloads/beats/elastic-agent/elastic-agent-7.15.2-x86_64.rpm sudo rpm -vi elastic-agent-7.15.2-x86_64.rpm
-
From the agent directory, run the following commands to install Elastic Agent, enroll it in Fleet, and start it as a service.
On macOS, Linux (tar package), and Windows, run the
install
command to install Elastic Agent as a managed service, enroll it in Fleet, and start the service. The DEB and RPM packages include a service unit for Linux systems with systemd, so use theenroll
command instead ofinstall
.You must run this command as the root user because some integrations require root privileges to collect sensitive data.
You must run this command as the root user because some integrations require root privileges to collect sensitive data.
Open a PowerShell prompt as an Administrator (right-click the PowerShell icon and select Run As Administrator).
From the PowerShell prompt, change to the directory where you installed Elastic Agent, and run:
You must run this command as the root user because some integrations require root privileges to collect sensitive data.
sudo elastic-agent enroll --url=<fleet_server_url> --enrollment-token=<enrollment_token> sudo systemctl enable elastic-agent sudo systemctl start elastic-agent
fleet_server_url
is the host and IP where Fleet Server is running, andenrollment_token
is the enrollment token acquired from Fleet. Not sure where Fleet Server is running? Look at the Fleet settings in Kibana.The DEB package includes a service unit for Linux systems with systemd. On these systems, you can manage Elastic Agent by using the usual systemd commands. If you don’t have systemd, run
sudo service elastic-agent start
.You must run this command as the root user because some integrations require root privileges to collect sensitive data.
sudo elastic-agent enroll --url=<fleet_server_url> --enrollment-token=<enrollment_token> sudo systemctl enable elastic-agent sudo systemctl start elastic-agent
fleet_server_url
is the host and IP where Fleet Server is running, andenrollment_token
is the enrollment token acquired from Fleet.The RPM package includes a service unit for Linux systems with systemd. On these systems, you can manage Elastic Agent by using the usual systemd commands. If you don’t have systemd, run
sudo service elastic-agent start
.If you see an "x509: certificate signed by unknown authority" error, you might be trying to enroll in a Fleet Server that uses self-signed certs. To fix this problem in a non-production environment, pass the
--insecure
flag. For more information, refer to the troubleshooting guide.Refer to Installation layout for the location of installed Elastic Agent files.
Because Elastic Agent is installed as an auto-starting service, it will restart automatically if the system is rebooted.
To confirm that Elastic Agent is installed and running, go to the Agents tab in Fleet.
If you run into problems:
- Check the Elastic Agent logs. If you use the default policy, agent logs and metrics are collected automatically unless you change the default settings. For more information, refer to Configure logging for Fleet-managed Elastic Agents.
- Refer to Troubleshoot common problems.
Installation layout
editWhen you run the install
command, Elastic Agent installs files in the following
locations. You cannot override these installation paths because they are
required for upgrades.
-
/Library/Elastic/Agent/*
- Elastic Agent program files
-
/Library/Elastic/Agent/elastic-agent.yml
- Main Elastic Agent configuration
-
/Library/Elastic/Agent/fleet.yml
- Main Elastic Agent Fleet configuration
-
/Library/Elastic/Agent/data/elastic-agent-*/logs/elastic-agent-json.log
- Log files for Elastic Agent[1]
-
/Library/Elastic/Agent/data/elastic-agent-*/logs/default/*-json.log
- Log files for Beats shippers
-
/usr/bin/elastic-agent
- Shell wrapper installed into PATH
-
/opt/Elastic/Agent/*
- Elastic Agent program files
-
/opt/Elastic/Agent/elastic-agent.yml
- Main Elastic Agent configuration
-
/opt/Elastic/Agent/fleet.yml
- Main Elastic Agent Fleet configuration
-
/opt/Elastic/Agent/data/elastic-agent-*/logs/elastic-agent-json.log
- Log files for Elastic Agent[1]
-
/opt/Elastic/Agent/data/elastic-agent-*/logs/default/*-json.log
- Log files for Beats shippers
-
/usr/bin/elastic-agent
- Shell wrapper installed into PATH
-
C:\Program Files\Elastic\Agent*
- Elastic Agent program files
-
C:\Program Files\Elastic\Agent\elastic-agent.yml
- Main Elastic Agent configuration
-
C:\Program Files\Elastic\Agent\fleet.yml
- Main Elastic Agent Fleet configuration
-
C:\Program Files\Elastic\Agent\data\elastic-agent-*\logs\elastic-agent-json.log
- Log files for Elastic Agent[1]
-
C:\Program Files\Elastic\Agent\data\elastic-agent-*\logs\default\*-json.log*
- Log files for Beats shippers
-
/usr/share/elastic-agent/*
- Elastic Agent program files
-
/etc/elastic-agent/elastic-agent.yml
- Main Elastic Agent configuration
-
/etc/elastic-agent/fleet.yml
- Main Elastic Agent Fleet configuration
-
/var/lib/elastic-agent/data/elastic-agent-*/logs/elastic-agent-json.log
- Log files for Elastic Agent[1]
-
/var/lib/elastic-agent/data/elastic-agent-*/logs/default/*-json.log*
- Log files for Beats shippers
-
/usr/bin/elastic-agent
- Shell wrapper installed into PATH
-
/usr/share/elastic-agent/*
- Elastic Agent program files
-
/etc/elastic-agent/elastic-agent.yml
- Main Elastic Agent configuration
-
/etc/elastic-agent/fleet.yml
- Main Elastic Agent Fleet configuration
-
/var/lib/elastic-agent/data/elastic-agent-*/logs/elastic-agent-json.log
- Log files for Elastic Agent[1]
-
/var/lib/elastic-agent/data/elastic-agent-*/logs/default/*-json.log*
- Log files for Beats shippers
-
/usr/bin/elastic-agent
- Shell wrapper installed into PATH