Run Elastic Agent standalone (advanced users)

edit

Run Elastic Agent standalone (advanced users)

edit

This functionality is in beta and is subject to change. The design and code is less mature than official GA features and is being provided as-is with no warranties. Beta features are not subject to the support SLA of official GA features.

Instead of using Fleet to manage your Elastic Agents, you can run agents standalone. With standalone mode, you manually configure and manage the agents locally on the systems where they are installed.

Standalone agents are unable to update to new integration package versions automatically. When you update the package version in Kibana, you’ll need to update the standalone policy manually.

To install and run Elastic Agent standalone:

  1. On your host, download and extract the installation package.

    curl -L -O https://artifacts.elastic.co/downloads/beats/elastic-agent/elastic-agent-7.13.4-darwin-x86_64.tar.gz
    tar xzvf elastic-agent-7.13.4-darwin-x86_64.tar.gz

    See the download page for other installation options.

  2. Modify settings in the elastic-agent.yml as required.

    If you’ve already set up Fleet in Kibana, you can use it to generate a standalone configuration.

    Learn how
    1. Log in to Kibana and go to Management > Fleet.
    2. On the Agents tab, click Add agent and click Run standalone.
    3. Follow the in-product instructions.

      Fleet showing default agent policy in YAML format

    The policy generated by Fleet already contains the correct Elasticsearch address and port for your setup. If you run everything locally, the address is 127.0.0.1:9200. If you use our hosted Elasticsearch Service on Elastic Cloud, you can see the Elasticsearch endpoint URL by copying it from the overview page of your deployment.

  3. In the elastic-agent.yml policy file, under outputs, modify the ES_USERNAME and ES_PASSWORD settings for Elasticsearch. For example:

    [...]
    outputs:
      default:
        type: elasticsearch
        hosts:
          - 'http://localhost:9200'
        username: ES_USERNAME 
        password: ES_PASSWORD
    [...]

    This user must have the privileges shown in the following example.

    To create a role that has the privileges needed by the Elastic Agent user, go to Management > Dev Tools in Kibana and run:

    POST /_security/role/standalone_agent
    {
      "cluster": ["monitor"],
      "indices": [
        {
          "names": ["logs-*", "metrics-*", "events-*", ".ds-logs-*", ".ds-metrics-*", ".ds-events-*"],
          "privileges": ["write", "create_index", "indices:admin/auto_create"]
        }
      ]
    }

    Make sure you assign this role to the user in Kibana.

  4. From the agent directory, run the following commands to install Elastic Agent and start it as a service.

    On macOS, Linux (tar package), and Windows, run the install command to install Elastic Agent as a managed service and start the service. The DEB and RPM packages include a service unit for Linux systems with systemd, so just enable then start the service.

    You must run this command as the root user because some integrations require root privileges to collect sensitive data.

    sudo ./elastic-agent install

Refer to Installation layout for the location of installed Elastic Agent files.

Because Elastic Agent is installed as an auto-starting service, it will restart automatically if the system is rebooted.

For additional configuration options, see Policy settings.

If you run into problems, see Troubleshoot common problems.