Fleet and Elastic Agent 8.6.0

edit

Review important information about the Fleet and Elastic Agent 8.6.0 release.

Breaking changes

edit

Breaking changes can prevent your application from optimal operation and performance. Before you upgrade, review the breaking changes, then mitigate the impact to your application.

Each input in an agent policy must have a unique ID

Details
Each input in an agent policy must have a unique ID, like id: my-unique-input-id. This change only affects standalone agents. Unique IDs are automatically generated in agent policies managed by Fleet. For more information, refer to #1994

Impact
Make sure that your standalone agent policies have a unique ID.

Diagnostics --pprof argument has been removed and is now always provided

Details
The diagnostics command gathers diagnostic information about the Elastic Agent and each component/unit it runs. Starting in 8.6.0, the --pprof argument is no longer available because pprof information is now always provided. For more information, refer to #1140.

Impact
Remove the --pprof argument from any scripts or commands you use.

Known issues

edit
Osquery live query results can take up to five minutes to show up in Kibana.

Details
A known issue in Elastic Agent may prevent live query results from being available in the Kibana UI even though the results have been successfully sent to Elasticsearch. For more information, refer to #2066.

Impact
Be aware that the live query results shown in Kibana may be delayed by up to 5 minutes.

Installing Elastic Agent on MacOS Ventura may fail if Full Disk Access has not been granted to the application used for installation.

Details
This issue occurs on MacOS Ventura when Full Disk Access is not granted to the application that runs the installation command. This could be either a Terminal or any custom package that a user has built to distribute Elastic Agent.

For more information, refer to #2103.

Impact
Elastic Agent will fail to install and produce "Error: failed to fix permissions: chown elastic-agent.app: operation not permitted" message. Ensure that the application used to install Elastic Agent (for example, the Terminal or custom package) has Full Disk Access before running sudo ./elastic-agent install.

Beats started by agent may fail with output unit has no config error.

Details
A known issue in Elastic Agent may lead to Beat processes being started without a valid output. To correct the problem, trigger a restart of Elastic Agent or the affected Beats. For Beats managed by Elastic Agent, you can trigger a restart by changing the Elastic Agent log level or the output section of the Elastic Agent policy. For more information, refer to #2086.

Impact
Elastic Agent will appear unhealthy and the affected Beats will not be able to write event data to Elasticsearch or Logstash.

Elastic Agent upgrades scheduled for a future time do not run.

Details
A known issue in Elastic Agent may prevent upgrades scheduled to execute at a later time from running. For more information refer to #2343.

Impact
Kibana may show an agent as being stuck with the Updating status. If the scheduled start time has passed, you may force the agent to run by sending it any action (excluding an upgrade action), such as a change to the policy or the log level.

Fleet ignores custom server.* attributes provided through integration settings.

Details
Fleet will ignore any custom server.* attributes provided through the custom configurations yaml block of the intgration. For more information refer to #2303.

Impact
Custom yaml settings are silently ignored by Fleet. Settings with input blocks, such as Max agents are still effective.

New features

edit

The 8.6.0 release adds the following new and notable features.

Fleet
  • Differentiate kubernetes integration multipage experience #145224
  • Add prerelease toggle to Integrations list #143853
  • Add link to allow users to skip multistep add integration workflow #143279
Elastic Agent
  • Upgrade Node to version 18.12.0 #1657
  • Add experimental support for running the elastic-agent-shipper #1527 #219
  • Collect logs from sub-processes via stdout and stderr and write them to a single, unified Elastic Agent log file #1702 #221
  • Remove inputs when all streams are removed #1869 #1868
  • No longer restart Elastic Agent on log level change #1914 #1896
  • Add inspect components command to inspect the computed components/units model of the current configuration (for example, elastic-agent inspect components) #1701 #836
  • Add support for the Common Expression Language (CEL) Filebeat input type #1719
  • Only support Elasticsearch as an output for the beta synthetics integration #1491
  • New control protocol between the Elastic Agent and its subprocesses enables per integration health reporting and simplifies new input development #836 #1701
  • All binaries for every supported integration are now bundled in the Elastic Agent by default #836 #126

Enhancements

edit
Fleet
  • Add ?full option to get package info endpoint to return all package fields #144343
Elastic Agent
  • Health Status: Elastic Agent now indicates detailed status information for each sub-process and input type #1747 #100
  • Change internal directory structure: add a components directory to contain binaries and associated artifacts, and remove the downloads directory #836 #1701

Bug fixes

edit
Fleet
  • Only show Fleet-managed data streams on data streams list page #143300
  • Fix synchronization bug in Fleet Server that can lead to Elasticsearch being flooded by requests to /.fleet-actions/_fleet/_fleet_search #2205.
Elastic Agent
  • Elastic Agent now uses the locally bound port (8221) when running Fleet Server instead of the external port (8220) #1867