Fleet and Elastic Agent 8.15.0

edit

Review important information about the Fleet and Elastic Agent 8.15.0 release.

Security updates

edit
Fleet Server
  • Update Fleet Server Go version to 1.22.5. #3681

Known issues

edit
Azure EventHub input for Elastic Agent fails to start on Windows

Details

The Azure EventHub input fails to start on Elastic Agent version 8.15 running on Windows. The Elastic Agent status will be reported as unhealthy. See Beats issue #40608 for details.

Impact

If you’re using Elastic Agent on Windows with any integration which makes use of the Azure EventHub input, we recommend not upgrading Elastic Agent to version 8.15.0 and instead waiting for a later release. A fix is planned for version 8.15.1.

The memory usage of Beats based integrations is not correctly limited by the number of events actively in the memory queue, but rather the maximum size of the memory queue regardless of usage.

Details

In 8.15, events in the memory queue are not freed when they are acknowledged (as intended), but only when they are overwritten by later events in the queue buffer. This means for example if a configuration has a queue size of 5000, but the input data is low-volume and only 100 events are active at once, then the queue will gradually store more events until reaching 5000 in memory at once, then start replacing those with new events.

See Beats issue #41355.

Impact

Memory usage may be higher than in previous releases depending on the throughput of Elastic Agent. A fix is planned for 8.15.4.

  • The worst memory increase is for low-throughput configs with large queues.
  • For users whose queues were already sized proportionate to their throughput, memory use is increased but only marginally.
  • Affected users can mitigate the higher memory usage by lowering their queue size.

New features

edit

The 8.15.0 release Added the following new and notable features.

Fleet Server
  • When Fleet Server runs in elastic-agent mode, it’s now able to use the enrollment configuration options in output.elasticsearch.bootstrap from its policy, instead of overwriting the matching keys in output.elasticsearch. #3506 #3464
  • As part of making Fleet space aware, Fleet Server now adds a namespaces property to created .fleet-* documents. #3535 #3505
Elastic Agent
  • Enable Elastic Agent to monitor and report usage metrics for Elastic Endpoint. #4789 #4083
  • Add the AWS Asset Inventory input to Cloudbeat. #4804
  • Unhide the --unprivileged option for the elastic-agent install command and mark the usage of the flag as being in a beta technical preview state. #4914
  • To ensure that Elastic Agent starts correctly when run in a container, ensure that the statePath set by the container command generates a Unix socket path that is smaller than 108 characters. #4909
  • Enable Elastic Agent to receive an event logger configuration through Fleet. #4932 #4874

Enhancements

edit
Fleet
  • Use API key for standalone agent onboarding. (#187133)
  • Make Fleet & Integrations layouts full width. (#186056)
  • Add support for setting add_fields processors on all agents under an agent policy. (#184693)
  • Add force flag to delete agent_policies API. (#184419)
  • Surface option to delete diagnostics files. (#183690)
  • Add data tags to agent policy APIs. (#183563)
  • Allow to reset log level for agents >= 8.15.0. (#183434)
  • Add support for mappings with store: true. (#183390)
  • Add warning if need root integrations trying to be used with unprivileged agents. (#183283)
  • Add unprivileged vs privileged agent count to Fleet UI. (#183077)
  • Show all integration assets on detail page. (#182180)
  • Add overrides to package policies update endpoint. (#181453)
  • Enable agent.monitoring.http settings on agent policy UI. (#180922)
  • Share Modal redesign, clean up, and tests. (#180406)
  • UI for the custom integration creation with AI. (#186304)
Fleet Server
  • Elastic Agent diagnostic bundles now provide additional TLS information for Fleet Server. #3587
Elastic Agent
  • Add commands to switch between Elastic Agent unprivileged and privileged modes. #4621 #2790
  • Implement reading and applying TLS configuration for a Fleet client using the CA, certificate, and key included in a Fleet policy. #4770 #2247 #2248
  • Add Filebeat benchmark input to Elastic Agent. #4849
  • Add a conn param and a conn-skip flag to the Elastic Agent diagnostics command. #4946 #4880
  • Add the ability for a variable to not be expanded and replaced in Elastic Agent inputs. #5035 #2177
  • Inject the proxy_url value into {endpoint}'s Elasticsearch output configuration, and {endpoint} or {apm}'s Fleet configuration if the attribute is missing and either the HTTPS_PROXY or HTTP_PROXY environment variable is set. #5044 #2602

Bug fixes

edit
Fleet
  • Fix navigating back to Agent policy integration list. (#189165)
  • Fix copy agent policy, missed bump revision. (#188935)
  • Force field enabled=false on inputs that have all their streams disabled. (#188919)
  • Fill in empty values for constant_keyword fields from existing mappings. (#188145)
  • Enrollment token table may show an empty last page. (#188049)
  • Separate showInactive from unenrolled status filter. (#187960)
  • Missing policy filter in Fleet Server check to enable secrets. (#187935)
  • Allow preconfigured agent policy only with name and ID. (#187542)
  • Show warning callout in configs tab when an error occurs. (#187487)
  • Enable rollover in custom integrations install when getting mapper_exception error. (#186991)
  • Add concurrency limit to EPM bulk install API and fix duplicate installations. (#185900)
  • Include inactive agents in agent policy agent count. (#184517)
  • Fix KQL filtering. (#183757)
  • Prevent concurrent runs of Fleet setup. (#183636)
Fleet Server
  • Support receiving the download rate sent by Elastic Agent in string format. #3677 #3446
Elastic Agent
  • When Elastic Agent starts, wait for Watcher to start before releasing resources associated with it. #4834 #2190
  • For the Kubernetes provider, fix the namespace filter on watchers started by a pod and service eventer. #4975
  • Adjust the Elastic Agent container subcommand to write the container-paths.yml configuration into the STATE_PATH on startup. #4995
  • Apply setting capabilities to the correct binary. #5070
  • Reduce Elastic Agent image size by setting capabilities in the builder Docker image instead of the final image. #5073
  • Fix an issue where installation can fail on Windows systems in the case that the user doesn’t have a home directory. #5118 #5019