Uninstall Elastic Agent
editUninstall Elastic Agent
editTo uninstall Elastic Agent from a host, run the uninstall command from the directory where it’s running. Refer to the Fleet and Elastic Agent documentation for more information.
If Agent tamper protection is enabled on the Agent policy for the host, you’ll need to include the uninstall token in the command, using the --uninstall-token flag. You can find the uninstall token on the Agent policy or at Fleet → Uninstall tokens.
For example, to uninstall Elastic Agent on a macOS or Linux host:
sudo elastic-agent uninstall --uninstall-token 12345678901234567890123456789012
Provide multiple uninstall tokens
editIf you have multiple tamper-protected Elastic Agent policies, you may want to provide multiple uninstall tokens in a single command. There are two ways to do this:
-
The
--uninstall-tokencommand can receive multiple uninstall tokens separated by a comma, without spaces.sudo elastic-agent uninstall -f --uninstall-token 7b3d364db8e0deb1cda696ae85e42644,a7336b71e243e7c92d9504b04a774266
-
--uninstall-token's argument can also be a path to a text file with one uninstall token per line.You must use the full file path, otherwise the file may not be found.
sudo elastic-agent uninstall -f --uninstall-token /tmp/tokens.txt
In this example,
tokens.txtwould contain:7b3d364db8e0deb1cda696ae85e42644 a7336b71e243e7c92d9504b04a774266
Uninstall Elastic Endpoint
editUse these commands to uninstall Elastic Endpoint from a host ONLY if uninstalling an Elastic Agent is unsuccessful.
Windows
cd %TEMP% copy "c:\Program Files\Elastic\Endpoint\elastic-endpoint.exe" elastic-endpoint.exe .\elastic-endpoint.exe uninstall del .\elastic-endpoint.exe
macOS
cd /tmp cp /Library/Elastic/Endpoint/elastic-endpoint elastic-endpoint sudo ./elastic-endpoint uninstall rm elastic-endpoint
Linux
cd /tmp cp /opt/Elastic/Endpoint/elastic-endpoint elastic-endpoint sudo ./elastic-endpoint uninstall rm elastic-endpoint