- Fleet and Elastic Agent Guide: other versions:
- Fleet and Elastic Agent overview
- Beats and Elastic Agent capabilities
- Quick starts
- Migrate from Beats to Elastic Agent
- Deployment models
- Install Elastic Agents
- Install Fleet-managed Elastic Agents
- Install standalone Elastic Agents
- Install Elastic Agents in a containerized environment
- Run Elastic Agent in a container
- Run Elastic Agent on Kubernetes managed by Fleet
- Advanced Elastic Agent configuration managed by Fleet
- Configuring Kubernetes metadata enrichment on Elastic Agent
- Run Elastic Agent on GKE managed by Fleet
- Run Elastic Agent on Amazon EKS managed by Fleet
- Run Elastic Agent on Azure AKS managed by Fleet
- Run Elastic Agent Standalone on Kubernetes
- Scaling Elastic Agent on Kubernetes
- Using a custom ingest pipeline with the Kubernetes Integration
- Environment variables
- Run Elastic Agent as an OTel Collector
- Run Elastic Agent without administrative privileges
- Install Elastic Agent from an MSI package
- Installation layout
- Air-gapped environments
- Using a proxy server with Elastic Agent and Fleet
- Uninstall Elastic Agents from edge hosts
- Start and stop Elastic Agents on edge hosts
- Elastic Agent configuration encryption
- Secure connections
- Manage Elastic Agents in Fleet
- Configure standalone Elastic Agents
- Create a standalone Elastic Agent policy
- Structure of a config file
- Inputs
- Providers
- Outputs
- SSL/TLS
- Logging
- Feature flags
- Agent download
- Config file examples
- Grant standalone Elastic Agents access to Elasticsearch
- Example: Use standalone Elastic Agent with Elastic Cloud Serverless to monitor nginx
- Example: Use standalone Elastic Agent with Elasticsearch Service to monitor nginx
- Debug standalone Elastic Agents
- Kubernetes autodiscovery with Elastic Agent
- Monitoring
- Reference YAML
- Manage integrations
- Define processors
- Processor syntax
- add_cloud_metadata
- add_cloudfoundry_metadata
- add_docker_metadata
- add_fields
- add_host_metadata
- add_id
- add_kubernetes_metadata
- add_labels
- add_locale
- add_network_direction
- add_nomad_metadata
- add_observer_metadata
- add_process_metadata
- add_tags
- community_id
- convert
- copy_fields
- decode_base64_field
- decode_cef
- decode_csv_fields
- decode_duration
- decode_json_fields
- decode_xml
- decode_xml_wineventlog
- decompress_gzip_field
- detect_mime_type
- dissect
- dns
- drop_event
- drop_fields
- extract_array
- fingerprint
- include_fields
- move_fields
- parse_aws_vpc_flow_log
- rate_limit
- registered_domain
- rename
- replace
- script
- syslog
- timestamp
- translate_sid
- truncate_fields
- urldecode
- Command reference
- Troubleshoot
- Release notes
Install Elastic Agents
editInstall Elastic Agents
editRestrictions
Note the following restrictions when installing Elastic Agent on your system:
- You can install only a single Elastic Agent per host. Due to the fact that the Elastic Agent may read data sources that are only accessible by a superuser, Elastic Agent will therefore also need to be executed with superuser permissions.
-
You might need to log in as a root user (or Administrator on Windows) to
run the commands described here. After the Elastic Agent service is installed and running,
make sure you run these commands without prepending them with
./
to avoid invoking the wrong binary. - Running Elastic Agent commands using the Windows PowerShell ISE is not supported.
- See also the resource requirements described on this page.
You have a few options for installing and managing an Elastic Agent:
-
Install a Fleet-managed Elastic Agent (recommended)
With this approach, you install Elastic Agent and use Fleet in Kibana to define, configure, and manage your agents in a central location.
We recommend using Fleet management because it makes the management and upgrade of your agents considerably easier.
Refer to Install Fleet-managed Elastic Agents.
-
Install Elastic Agent in standalone mode (advanced users)
With this approach, you install Elastic Agent and manually configure the agent locally on the system where it’s installed. You are responsible for managing and upgrading the agents. This approach is reserved for advanced users only.
Refer to Install standalone Elastic Agents.
-
Install Elastic Agent in a containerized environment
You can run Elastic Agent inside of a container — either with Fleet Server or standalone. Docker images for all versions of Elastic Agent are available from the Elastic Docker registry, and we provide deployment manifests for running on Kubernetes.
Refer to:
Restrictions in Serverless
If you are using Elastic Agent with Elastic Cloud Serverless, note these differences from use with Elasticsearch Service and self-managed Elasticsearch:
- The number of Elastic Agents that may be connected to an Elastic Cloud Serverless project is limited to 10 thousand.
- The minimum supported version of Elastic Agent supported for use with Elastic Cloud Serverless is 8.11.0.
Resource requirements
editThe Elastic Agent resources consumption is influenced by the number of integration and the environment its been running on.
Using our lab environment as an example, we can observe the following resource consumption:
CPU and RSS memory size
editWe tested using an AWS m7i.large
instance type with 2 vCPUs, 8.0 GB of memory, and up to 12.5 Gbps of bandwidth. The tests ingested a single log file using both the throughput and scale preset with self monitoring enabled.
These tests are representative of use cases that attempt to ingest data as fast as possible. This does not represent the resource overhead when using Elastic Defend.
Resource |
Throughput |
Scale |
CPU* |
~67% |
~20% |
RSS memory size* |
~280 MB |
~220 MB |
Write network throughput |
~3.5 MB/s |
480 KB/s |
* including all monitoring processes
Adding integrations will increase the memory used by the agent and its processes.
Size on disk
editThe disk requirements for Elastic Agent vary by operating system and Elastic Stack version. With version 8.14 we have significantly reduced the size of the Elastic Agent binary. Further reductions are planned to be made in future releases.
Operating system | 8.13 | 8.14 | 8.15 |
---|---|---|---|
Linux |
1800 MB |
1018 MB |
1060 MB |
macOS |
1100 MB |
619 MB |
680 MB |
Windows |
891 MB |
504 MB |
500 MB |
During upgrades, double the disk space is required to store the new Elastic Agent binary. After the upgrade completes, the original Elastic Agent is removed from disk to free up the space.