IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.
« Fleet and Elastic Agent 8.7.1 Appendix A: Install a Fleet-managed Elastic Agent »
Elastic Docs Fleet and Elastic Agent Guide [8.7] Release notes

Fleet and Elastic Agent 8.7.0

edit

Fleet and Elastic Agent 8.7.0

edit

Review important information about the Fleet and Elastic Agent 8.7.0 release.

Breaking changes

edit

Breaking changes can prevent your application from optimal operation and performance. Before you upgrade, review the breaking changes, then mitigate the impact to your application.

Remove the current_upgrades endpoint

Details
The api/fleet/current_upgrades endpoint has been removed. For more information, refer to #147616.

Impact
When you upgrade to 8.7.0, use the /action_status endpoint.

Remove the preconfiguration API route

Details
The /api/fleet/setup/preconfiguration API, which was released as generally available by error, has been removed. For more information, refer to #147199.

Impact
Do not use /api/fleet/setup/preconfiguration. To manage preconfigured agent policies, use kibana.yml. For more information, check Preconfigured settings.

Known issues

edit
Osquery live query results can take up to five minutes to show up in Kibana.

Details
A known issue in Elastic Agent may prevent live query results from being available in the Kibana UI even though the results have been successfully sent to Elasticsearch. For more information, refer to #2066.

Impact
Be aware that the live query results shown in Kibana may be delayed by up to 5 minutes.

Adding a Fleet Server integration to an agent results in panic if the agent was not bootstrapped with a Fleet Server.

Details

A panic occurs because the Elastic Agent does not have a fleet.server in the fleet.enc configuration file. When this happens, the agent fails with a message like:

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x8 pc=0x557b8eeafc1d]
goroutine 86 [running]:
github.com/elastic/elastic-agent/internal/pkg/agent/application.FleetServerComponentModifier.func1({0xc000652f00, 0xa, 0x10}, 0x557b8fa8eb92?)
...

For more information, refer to #2170.

Impact

To work around this problem, uninstall the Elastic Agent and install it again with Fleet Server enabled during the bootstrap process.

There is a known issue when upgrading Elastic Agents to 8.7.0 that are running Osquery.

Details
Elastic Agents that have the Osquery Manager integration installed can get stuck in an "Updating" state. For more information, refer to #2433.

Impact
Users can do the following work around the issue:

  • Wait for the 8.7.1 release to upgrade Elastic Agents to the 8.7.x line.
  • Remove the Osquery Manager integration before upgrading. After the Elastic Agent has upgraded to 8.7.0, add the Osquery Manager integration back to the Elastic Agent.
  • If you encounter this issue and Elastic Agents are stuck in the "Updating" phase, remove the Osquery Manager integration, upgrade the Elastic Agent, and then add it back.

you may need to use the Elastic Agent upgrade API in this scenario instead of the UI.

New features

edit

The 8.7.0 release adds the following new and notable features.

Fleet
  • Add getStatusSummary query parameter to GET /api/fleet/agents API #149963
  • Enable diagnostics feature flag and change query for files to use upload_id #149575
  • Add experimental toggles for doc-value-only #149131
  • Display agent metrics, CPU and memory in the agent list table and agent details page #149119
  • Add rollout period to upgrade action #148240
  • Add per-policy inactivity timeout and use runtime fields for agent status #147552
  • Show dataset combo box for input packages #147015
  • Implement a new UI form to support an Elastic Agent shipper in Fleet #145755
Elastic Agent
  • Add the Entity Analytics Filebeat input to Elastic Agent #2196
  • Add the ability for the Elastic Agent to receive a diagnostics action #1703 #1883

Enhancements

edit
Elastic Agent
  • Enhance Elastic Agent monitoring configuration to support Filebeat /inputs endpoint #2171 #33953
  • Render Elastic Agent configuration when running elastic-agent inspect --variables-wait #2297 #2206

Bug fixes

edit
Fleet Server
  • Accept raw errors as a fallback to detailed error type. This fixes a bug that enrollment or other operations would fail when an error was returned by Elastic in a raw string instead of JSON format. #2079
Elastic Agent
  • Correctly migrate unencrypted Fleet configuration when upgrading from versions prior to 8.3 #2256 #2249
  • Restore support for memcached/metrics inputs #2298 #2293
  • Fix the log message emitted by the Upgrade Watcher when it detects a crash #2320
  • Fix incorrect, temporary reporting of an agent as unhealthy during installation #2325 #2272
  • Correct the permissions of the state/data/tmp and state/data/logs folders when Elastic Agent is run as a container #2330 #2315
  • Add a timer to periodically check for scheduled actions #2344 #2343
  • Fix a bug that caused Elastic Agent to not start monitoring new Kubernetes pods until it was restarted #2349 #2269
  • Fix possible causes of deadlocks when Elastic Agent shuts down #2352 #2310
  • Fix permission issue on MacOS Ventura and above when enrolling as part of the installation #2314 #2103
« Fleet and Elastic Agent 8.7.1 Appendix A: Install a Fleet-managed Elastic Agent »