- Fleet and Elastic Agent Guide: other versions:
- Fleet and Elastic Agent overview
- Beats and Elastic Agent capabilities
- Quick starts
- Migrate from Beats to Elastic Agent
- Deployment models
- Install Elastic Agents
- Install Fleet-managed Elastic Agents
- Install standalone Elastic Agents
- Install Elastic Agents in a containerized environment
- Run Elastic Agent in a container
- Run Elastic Agent on Kubernetes managed by Fleet
- Install Elastic Agent on Kubernetes using Helm
- Example: Install standalone Elastic Agent on Kubernetes using Helm
- Example: Install Fleet-managed Elastic Agent on Kubernetes using Helm
- Advanced Elastic Agent configuration managed by Fleet
- Configuring Kubernetes metadata enrichment on Elastic Agent
- Run Elastic Agent on GKE managed by Fleet
- Run Elastic Agent on Amazon EKS managed by Fleet
- Run Elastic Agent on Azure AKS managed by Fleet
- Run Elastic Agent Standalone on Kubernetes
- Scaling Elastic Agent on Kubernetes
- Using a custom ingest pipeline with the Kubernetes Integration
- Environment variables
- Run Elastic Agent as an OTel Collector
- Run Elastic Agent without administrative privileges
- Install Elastic Agent from an MSI package
- Installation layout
- Air-gapped environments
- Using a proxy server with Elastic Agent and Fleet
- Uninstall Elastic Agents from edge hosts
- Start and stop Elastic Agents on edge hosts
- Elastic Agent configuration encryption
- Secure connections
- Manage Elastic Agents in Fleet
- Configure standalone Elastic Agents
- Create a standalone Elastic Agent policy
- Structure of a config file
- Inputs
- Providers
- Outputs
- SSL/TLS
- Logging
- Feature flags
- Agent download
- Config file examples
- Grant standalone Elastic Agents access to Elasticsearch
- Example: Use standalone Elastic Agent with Elastic Cloud Serverless to monitor nginx
- Example: Use standalone Elastic Agent with Elasticsearch Service to monitor nginx
- Debug standalone Elastic Agents
- Kubernetes autodiscovery with Elastic Agent
- Monitoring
- Reference YAML
- Manage integrations
- Package signatures
- Add an integration to an Elastic Agent policy
- View integration policies
- Edit or delete an integration policy
- Install and uninstall integration assets
- View integration assets
- Set integration-level outputs
- Upgrade an integration
- Managed integrations content
- Best practices for integration assets
- Data streams
- Define processors
- Processor syntax
- add_cloud_metadata
- add_cloudfoundry_metadata
- add_docker_metadata
- add_fields
- add_host_metadata
- add_id
- add_kubernetes_metadata
- add_labels
- add_locale
- add_network_direction
- add_nomad_metadata
- add_observer_metadata
- add_process_metadata
- add_tags
- community_id
- convert
- copy_fields
- decode_base64_field
- decode_cef
- decode_csv_fields
- decode_duration
- decode_json_fields
- decode_xml
- decode_xml_wineventlog
- decompress_gzip_field
- detect_mime_type
- dissect
- dns
- drop_event
- drop_fields
- extract_array
- fingerprint
- include_fields
- move_fields
- parse_aws_vpc_flow_log
- rate_limit
- registered_domain
- rename
- replace
- script
- syslog
- timestamp
- translate_sid
- truncate_fields
- urldecode
- Command reference
- Troubleshoot
- Release notes
Upgrade standalone Elastic Agents
editUpgrade standalone Elastic Agents
editTo upgrade a standalone agent running on an edge node:
-
Make sure the
elastic-agent
service is running. -
From the directory where Elastic Agent is installed, run the
upgrade
command to upgrade to a new version. Not sure where the agent is installed? Refer to Installation layout.For example, on macOS, to upgrade the agent from version 8.8.0 to 8.8.1, you would run:
cd /Library/Elastic/Agent/ sudo elastic-agent upgrade 8.8.1
This command upgrades the binary. Your agent policy should continue to work, but you might need to upgrade it to use new features and capabilities.
For more command-line options, see the help for the
upgrade
command.
Upgrading standalone Elastic Agent in an air-gapped environmment
editThe basic upgrade scenario should work for most use cases. However, in an air-gapped environment Elastic Agent is not able to access the Elastic Artifact Registry at artifacts.elastic.co
directly.
As an alterative, you can do one of the following:
- Configure a proxy server for standalone Elastic Agent to access the Elastic Artifact Registry.
- Host your own artifact registry for standalone Elastic Agent to access binary downloads.
Refer to Air-gapped environments for more details.
Verifying Elastic Agent package signatures
editStandalone Elastic Agent verifies each package that it downloads using publically available SHA hash and .asc PGP signature files. The SHA file is used to verify that the package has not been modified, and the .asc file is used to verify that the package was released by Elastic. For this purpose, the Elastic public GPG key is embedded in Elastic Agent itself.
At times, the Elastic private GPG key may need to be rotated, either due to the key expiry or due to the private key having been exposed. In this case, standalone Elastic Agent upgrades can fail because the embedded public key no longer works.
In the event of a private GPG key rotation, you can use the following options with the upgrade
command to either skip the verification process (not recommended) or force Elastic Agent to use a new public key for verification:
-
--skip-verify
-
Skip the package verification process. This option is not recommended as it is insecure.
Example:
./elastic-agent upgrade 8.8.0 --skip-verify
-
--pgp-path <string>
-
Use a locally stored copy of the PGP key to verify the upgrade package.
Example:
./elastic-agent upgrade 8.8.0 --pgp-path /home/elastic-agent/GPG-KEY-elasticsearch
-
--pgp-uri <string>
-
Use the specified online PGP key to verify the upgrade package.
Example:
./elastic-agent upgrade 8.7.0-SNAPSHOT --pgp-uri "https://artifacts.elastic.co/GPG-KEY-elasticsearch"
Under the basic upgrade scenario standalone Elastic Agent will automatically fetch the most current public key, however in an air-gapped environment or in the event that the Elastic Artifact Registry is otherwise inaccessible, these commands can be used instead.
On this page