- Fleet and Elastic Agent Guide: other versions:
- Fleet and Elastic Agent overview
- Beats and Elastic Agent capabilities
- Quick starts
- Migrate from Beats to Elastic Agent
- Deployment models
- Install Elastic Agents
- Install Fleet-managed Elastic Agents
- Install standalone Elastic Agents
- Install Elastic Agents in a containerized environment
- Run Elastic Agent in a container
- Run Elastic Agent on Kubernetes managed by Fleet
- Install Elastic Agent on Kubernetes using Helm
- Example: Install standalone Elastic Agent on Kubernetes using Helm
- Example: Install Fleet-managed Elastic Agent on Kubernetes using Helm
- Advanced Elastic Agent configuration managed by Fleet
- Configuring Kubernetes metadata enrichment on Elastic Agent
- Run Elastic Agent on GKE managed by Fleet
- Run Elastic Agent on Amazon EKS managed by Fleet
- Run Elastic Agent on Azure AKS managed by Fleet
- Run Elastic Agent Standalone on Kubernetes
- Scaling Elastic Agent on Kubernetes
- Using a custom ingest pipeline with the Kubernetes Integration
- Environment variables
- Run Elastic Agent as an OTel Collector
- Run Elastic Agent without administrative privileges
- Install Elastic Agent from an MSI package
- Installation layout
- Air-gapped environments
- Using a proxy server with Elastic Agent and Fleet
- Uninstall Elastic Agents from edge hosts
- Start and stop Elastic Agents on edge hosts
- Elastic Agent configuration encryption
- Secure connections
- Manage Elastic Agents in Fleet
- Configure standalone Elastic Agents
- Create a standalone Elastic Agent policy
- Structure of a config file
- Inputs
- Providers
- Outputs
- SSL/TLS
- Logging
- Feature flags
- Agent download
- Config file examples
- Grant standalone Elastic Agents access to Elasticsearch
- Example: Use standalone Elastic Agent with Elastic Cloud Serverless to monitor nginx
- Example: Use standalone Elastic Agent with Elasticsearch Service to monitor nginx
- Debug standalone Elastic Agents
- Kubernetes autodiscovery with Elastic Agent
- Monitoring
- Reference YAML
- Manage integrations
- Package signatures
- Add an integration to an Elastic Agent policy
- View integration policies
- Edit or delete an integration policy
- Install and uninstall integration assets
- View integration assets
- Set integration-level outputs
- Upgrade an integration
- Managed integrations content
- Best practices for integration assets
- Data streams
- Define processors
- Processor syntax
- add_cloud_metadata
- add_cloudfoundry_metadata
- add_docker_metadata
- add_fields
- add_host_metadata
- add_id
- add_kubernetes_metadata
- add_labels
- add_locale
- add_network_direction
- add_nomad_metadata
- add_observer_metadata
- add_process_metadata
- add_tags
- community_id
- convert
- copy_fields
- decode_base64_field
- decode_cef
- decode_csv_fields
- decode_duration
- decode_json_fields
- decode_xml
- decode_xml_wineventlog
- decompress_gzip_field
- detect_mime_type
- dissect
- dns
- drop_event
- drop_fields
- extract_array
- fingerprint
- include_fields
- move_fields
- parse_aws_vpc_flow_log
- rate_limit
- registered_domain
- rename
- replace
- script
- syslog
- timestamp
- translate_sid
- truncate_fields
- urldecode
- Command reference
- Troubleshoot
- Release notes
Create a standalone Elastic Agent policy
editCreate a standalone Elastic Agent policy
editTo get started quickly, use Kibana to add integrations to an agent policy, then download the policy to use as a starting point for your standalone Elastic Agent policy. This approach saves time, is less error prone, and populates the policy with a lot of details that are tedious to add manually. Also, adding integrations in Kibana loads required assets, such as index templates, and ingest pipelines, before you start your Elastic Agents.
If you’re a Fleet user and already have an agent policy you want to use in standalone mode, go to Fleet > Agents and click Add agent. Follow the steps under Run standalone to download the policy file.
You don’t need Fleet to perform the following steps, but on self-managed
clusters, API keys must be enabled in the Elasticsearch configuration (set
xpack.security.authc.api_key.enabled: true
).
- From the main menu in Kibana, click Add integrations, and search for the Elastic Agent integration you want to use. Read the description to make sure the integration works with Elastic Agent.
-
Click the integration to see more details about it, then click Add <Integration>.
If you’re adding your first integration and no Elastic Agents are installed, Kibana may display a page that walks you through configuring the integration and installing Elastic Agent. If you see this page, click Install Elastic Agent, then click the standalone mode link. Follow the in-product instructions instead of the steps described here.
- Under Configure integration, enter a name and description for the integration.
- Click the down arrow next to enabled streams and make sure the settings are correct for your host.
- Under Apply to agent policy, select an existing policy, or click Create agent policy and create a new one.
-
When you’re done, save and continue.
A popup window gives you the option to add Elastic Agent to your hosts.
- (Optional) To add more integrations to the agent policy, click Add Elastic Agent later and go back to the Integrations page. Repeat the previous steps for each integration.
- When you’re done adding integrations, in the popup window, click Add Elastic Agent to your hosts to open the Add agent flyout.
- Click Run standalone and follow the in-product instructions to download Elastic Agent (if you haven’t already).
-
Click Download Policy to download the policy file.
The downloaded policy already contains a default Elasticsearch address and port for your setup. You may need to change them if you use a proxy or load balancer. Modify the policy, as required, making sure that you provide credentials for connecting to Elasticsearch
If you need to add integrations to the policy after deploying it, you’ll need to run through these steps again and re-deploy the updated policy to the host where Elastic Agent is running.
For detailed information about starting the agent, including the permissions needed for the Elasticsearch user, refer to Install standalone Elastic Agents.
Upgrade standalone agent policies after upgrading an integration
editBecause standalone agents are not managed by Fleet, they are unable to upgrade to new integration package versions automatically. When you upgrade an integration in Kibana (or it gets upgraded automatically), you’ll need to update the standalone policy to use new features and capabilities.
You’ll also need to update the standalone policy if you want to add new integrations.
To update your standalone policy, use the same steps you used to create and download the original policy file:
- Follow the steps under Create a standalone Elastic Agent policy to create and download a new policy, then compare the new policy file to the old one.
- Either use the new policy and apply your customizations to it, or update your old policy to include changes, such as field changes, added by the upgrade.
Make sure you update the standalone agent policy in the directory where Elastic Agent is running, not the directory where you downloaded the installation package. Refer to Installation layout for the location of installed Elastic Agent files.
ElasticON events are back!
Learn about the Elastic Search AI Platform from the experts at our live events.
Register now