Install Elastic Agents
editInstall Elastic Agents
editRestrictions
Note the following restrictions when installing Elastic Agent on your system:
- You can install only a single Elastic Agent per host. Due to the fact that the Elastic Agent may read data sources that are only accessible by a superuser, Elastic Agent will therefore also need to be executed with superuser permissions.
-
You might need to log in as a root user (or Administrator on Windows) to
run the commands described here. After the Elastic Agent service is installed and running,
make sure you run these commands without prepending them with
./to avoid invoking the wrong binary. - Running Elastic Agent commands using the Windows PowerShell ISE is not supported.
- See also the resource requirements described on this page.
You have a few options for installing and managing an Elastic Agent:
-
Install a Fleet-managed Elastic Agent (recommended)
With this approach, you install Elastic Agent and use Fleet in Kibana to define, configure, and manage your agents in a central location.
We recommend using Fleet management because it makes the management and upgrade of your agents considerably easier.
Refer to Install Fleet-managed Elastic Agents.
-
Install Elastic Agent in standalone mode (advanced users)
With this approach, you install Elastic Agent and manually configure the agent locally on the system where it’s installed. You are responsible for managing and upgrading the agents. This approach is reserved for advanced users only.
Refer to Install standalone Elastic Agents.
-
Install Elastic Agent in a containerized environment
You can run Elastic Agent inside of a container — either with Fleet Server or standalone. Docker images for all versions of Elastic Agent are available from the Elastic Docker registry, and we provide deployment manifests for running on Kubernetes.
Refer to:
Restrictions in Serverless
If you are using Elastic Agent with Elastic Cloud Serverless, note these differences from use with Elasticsearch Service and self-managed Elasticsearch:
- The number of Elastic Agents that may be connected to an Elastic Cloud Serverless project is limited to 10 thousand.
- The minimum supported version of Elastic Agent supported for use with Elastic Cloud Serverless is 8.11.0.
Resource requirements
editThe Elastic Agent resources consumption is influenced by the number of integration and the environment its been running on.
Using our lab environment as an example, we can observe the following resource consumption:
CPU and RSS memory size
editWe tested using an AWS m7i.large instance type with 2 vCPUs, 8.0 GB of memory, and up to 12.5 Gbps of bandwidth. The tests ingested a single log file using both the throughput and scale preset with self monitoring enabled.
These tests are representative of use cases that attempt to ingest data as fast as possible. This does not represent the resource overhead when using Elastic Defend.
Resource |
Throughput |
Scale |
CPU* |
~67% |
~20% |
RSS memory size* |
~280 MB |
~220 MB |
Write network throughput |
~3.5 MB/s |
480 KB/s |
* including all monitoring processes
Adding integrations will increase the memory used by the agent and its processes.
Size on disk
editThe disk requirements for Elastic Agent vary by operating system and Elastic Stack version. With version 8.14 we have significantly reduced the size of the Elastic Agent binary. Further reductions are planned to be made in future releases.
| Operating system | 8.13 | 8.14 |
|---|---|---|
Linux |
1800 MB |
1018 MB |
macOS |
1100 MB |
619 MB |
Windows |
891 MB |
504 MB |
During upgrades, double the disk space is required to store the new Elastic Agent binary. After the upgrade completes, the original Elastic Agent is removed from disk to free up the space.