- Fleet and Elastic Agent Guide: other versions:
- Fleet and Elastic Agent overview
- Beats and Elastic Agent capabilities
- Quick starts
- Migrate from Beats to Elastic Agent
- Deployment models
- Install Elastic Agents
- Install Fleet-managed Elastic Agents
- Install standalone Elastic Agents
- Install Elastic Agents in a containerized environment
- Run Elastic Agent in a container
- Run Elastic Agent on Kubernetes managed by Fleet
- Install Elastic Agent on Kubernetes using Helm
- Example: Install standalone Elastic Agent on Kubernetes using Helm
- Example: Install Fleet-managed Elastic Agent on Kubernetes using Helm
- Advanced Elastic Agent configuration managed by Fleet
- Configuring Kubernetes metadata enrichment on Elastic Agent
- Run Elastic Agent on GKE managed by Fleet
- Run Elastic Agent on Amazon EKS managed by Fleet
- Run Elastic Agent on Azure AKS managed by Fleet
- Run Elastic Agent Standalone on Kubernetes
- Scaling Elastic Agent on Kubernetes
- Using a custom ingest pipeline with the Kubernetes Integration
- Environment variables
- Run Elastic Agent as an OTel Collector
- Run Elastic Agent without administrative privileges
- Install Elastic Agent from an MSI package
- Installation layout
- Air-gapped environments
- Using a proxy server with Elastic Agent and Fleet
- Uninstall Elastic Agents from edge hosts
- Start and stop Elastic Agents on edge hosts
- Elastic Agent configuration encryption
- Secure connections
- Manage Elastic Agents in Fleet
- Configure standalone Elastic Agents
- Create a standalone Elastic Agent policy
- Structure of a config file
- Inputs
- Providers
- Outputs
- SSL/TLS
- Logging
- Feature flags
- Agent download
- Config file examples
- Grant standalone Elastic Agents access to Elasticsearch
- Example: Use standalone Elastic Agent with Elastic Cloud Serverless to monitor nginx
- Example: Use standalone Elastic Agent with Elasticsearch Service to monitor nginx
- Debug standalone Elastic Agents
- Kubernetes autodiscovery with Elastic Agent
- Monitoring
- Reference YAML
- Manage integrations
- Package signatures
- Add an integration to an Elastic Agent policy
- View integration policies
- Edit or delete an integration policy
- Install and uninstall integration assets
- View integration assets
- Set integration-level outputs
- Upgrade an integration
- Managed integrations content
- Best practices for integration assets
- Data streams
- Define processors
- Processor syntax
- add_cloud_metadata
- add_cloudfoundry_metadata
- add_docker_metadata
- add_fields
- add_host_metadata
- add_id
- add_kubernetes_metadata
- add_labels
- add_locale
- add_network_direction
- add_nomad_metadata
- add_observer_metadata
- add_process_metadata
- add_tags
- community_id
- convert
- copy_fields
- decode_base64_field
- decode_cef
- decode_csv_fields
- decode_duration
- decode_json_fields
- decode_xml
- decode_xml_wineventlog
- decompress_gzip_field
- detect_mime_type
- dissect
- dns
- drop_event
- drop_fields
- extract_array
- fingerprint
- include_fields
- move_fields
- parse_aws_vpc_flow_log
- rate_limit
- registered_domain
- rename
- replace
- script
- syslog
- timestamp
- translate_sid
- truncate_fields
- urldecode
- Command reference
- Troubleshoot
- Release notes
Fleet and Elastic Agent 8.17.0
editFleet and Elastic Agent 8.17.0
editReview important information about the Fleet and Elastic Agent 8.17.0 release.
Breaking changes
editBreaking changes can prevent your application from optimal operation and performance. Before you upgrade, review the breaking changes, then mitigate the impact to your application.
- Elastic Agent
-
- Elastic Agent is now compiled using Debian 11 and linked against glibc 2.31 instead of 2.19. Drops support for Debian 10. #5847
Known Issues
editAn Elastic Agent with the Defend integration may report an Orphaned status and will not be able to be issued an upgrade action through Fleet.
Details
A known issue in the Elastic Agent may prevent it from being targetted with an upgrade action for a future release.
This may occur if the Defend integration is used and the agent is stopped on a running instance for too long.
An agent may be stopped as part of an upgrade process.
Impact
A bug fix is present in the 8.17.1 release of Fleet that will prevent this from occuring.
If you have agents that are affected, the workaround is as follows:
# Get a Token to issue an update_by_query request: curl -XPOST --user elastic:${SUPERUSER_PASS} -H 'x-elastic-product-origin:fleet' -H'content-type:application/json' "https://${ELASTICSEARCH_HOST}/_security/service/elastic/fleet-server/credential/token/fix-unenrolled" # Issue an update_by_query request that targets effected agents: curl -XPOST -H 'Authorization: Bearer ${TOKEN}' -H 'x-elastic-product-origin:fleet' -H 'content-type:application/json' "https://${ELASTICSEARCH_HOST}/.fleet-agents/_update_by_query" -d '{"query": {"bool": {"must": [{ "exists": { "field": "unenrolled_at" } }],"must_not": [{ "term": { "active": "false" } }]}},"script": {"source": "ctx._source.unenrolled_at = null;","lang": "painless"}}'
New features
editThe 8.17.0 release Added the following new and notable features.
- Fleet
-
- Expose advanced file logging configuration in the UI. #200274
- Elastic Agent
-
- Add support for running as a pre-existing user when installing in unprivileged mode, with technical preview support for pre-existing Windows Active Directory users. #5988 #4585
- Add a new custom Filestream logs integration. This will enable migration from the custom log integration which is based on a log input that is planned for deprecation. #11332.
Enhancements
edit- Fleet
- Fleet Server
-
-
Update
elastic-agent-libs
to version0.14.0
. #4042
-
Update
- Elastic Agent
-
- Enable persistence in the configuration provided with our OTel Collector distribution. #5549
- Restrict using the CLI to upgrade for Fleet-managed Elastic Agents. #5864 #4890
-
Add
os_family
,os_platform
andos_version
to the Elastic Agent host provider, enabling differentiating Linux distributions. This is required to support Debian 12 and other distributions that are moving away from traditional log files in favour of Journald. #5941 10797 11618 - Emit Pod data only for Pods that are running in the Kubernetes provider. #6011 #5835 #5991
- Remove Endpoint Security from Linux container images. Endpoint Security cannot run in containers since it has a systemd dependency. #6016 #5495
- Update OTel components to v0.114.0. #6113
-
Redact common secrets like API keys and passwords in the output from
elastic-agent inspect
command. #6224