Elastic Agent command line options | Fleet User Guide [7.10]

IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.

› ›

« Unenroll Elastic Agent Policy settings »

Elastic Agent command line optionsedit

This functionality is in beta and is subject to change. The design and code is less mature than official GA features and is being provided as-is with no warranties. Beta features are not subject to the support SLA of official GA features.

Elastic Agent provides commands for running the agent and doing common tasks:

You might need to log in as a root user to run these commands.

elastic-agent enrolledit

Enroll the Elastic Agent in Fleet.

We recommend that you run this command as the root user because some integrations require root privileges to collect sensitive data. This command overwrites the elastic-agent.yml file in the agent directory.

Synopsisedit

elastic-agent enroll <kibana_url> <enrollment_token> [--ca-sha256 <string>]
                     [--certificate-authorities <string>] [--force] [--help]
                     [--insecure] [global-flags]

Optionsedit

kibana_url: Required. URL of the Kibana endpoint where Fleet is running.
enrollment_token: Required. Enrollment token generated by Fleet. You can use the same enrollment token for multiple agents.
--ca-sha256 <string>: Comma-separated list of certificate authority hash pins used for certificate verification.
--certificate-authorities <string>: Comma-separated list of root certificates used for server verification.
--force: Force overwrite of current configuration without prompting for confirmation. This flag is helpful when using automation software or scripted deployments.
--help: Show help for the enroll command.
--insecure: Allow an insecure connection to Kibana. When this flag is specified, API keys are sent in clear text. We strongly recommend that you use a secure connection.

For more flags, see Global flags.

Exampleedit

elastic-agent enroll http://localhost:5601 ZnmNIdzVITUJua2QIdU5FTWROVjY6dHY2N1EybWNTMUdPejg5ODbYcVpNUQ==

elastic-agent helpedit

Show help for a specific command.

Synopsisedit

elastic-agent help <command> [--help] [global-flags]

Optionsedit

command: The name of the command.
--help: Show help for the help command.

For more flags, see Global flags.

Exampleedit

elastic-agent help enroll

elastic-agent inspectedit

Show the current Elastic Agent configuration.

If no parameters are specified, shows the full Elastic Agent configuration.

Synopsisedit

elastic-agent inspect [--help] [global-flags]
elastic-agent inspect output [--output <string>] [--program <string>]
                             [--help] [global-flags]

Optionsedit

output

Display the current configuration for the output. This command accepts additional flags:

--output <string>: The name of the output to inspect.
--program <string>: The type of program to inspect. For example, filebeat. This option must be combined with --output.

--help

Show help for the inspect command.

For more flags, see Global flags.

Examplesedit

elastic-agent inspect
elastic-agent inspect output --output default
elastic-agent inspect output --output default --program filebeat

elastic-agent installedit

Install Elastic Agent permanently on the system and manage it by using the system’s service manager. The agent will start automatically after installation is complete. On Linux, this command requires a system and service manager like systemd.

You must run this command as the root user (or Administrator on Windows) to write files to the correct locations. This command overwrites the elastic-agent.yml file in the agent directory.

Synopsisedit

elastic-agent install [--ca-sha256 <string>] [--certificate-authorities <string>]
                      [--enrollment-token <string>] [--force] [--help]
                      [--insecure] [--kibana-url <string>]
                      [global-flags]

Optionsedit

--ca-sha256 <string>: Comma-separated list of certificate authority hash pins used for certificate verification.
--certificate-authorities <string>: Comma-separated list of root certificates used for server verification.
--enrollment-token <string>: Enrollment token generated by Fleet. You can use the same enrollment token for multiple agents.
--force: Force overwrite of current configuration without prompting for confirmation. This flag is helpful when using automation software or scripted deployments.
--help: Show help for the install command.
--insecure: Allow an insecure connection to Kibana. When this flag is specified, API keys are sent in clear text. We strongly recommend that you use a secure connection.
--kibana-url <string>: URL of the Kibana endpoint where Fleet is running.

For more flags, see Global flags.

Examplesedit

elastic-agent install -f --kibana-url=https://yourhost:5601 \
  --enrollment-token=OEV0bmauVUI0a3dmdWc1T3Bad1o6VGxCa3U4UEFTQ0NycbBSUFwoazVBdx==

elastic-agent restartedit

Restart the currently running Elastic Agent daemon.

Synopsisedit

elastic-agent restart [--help] [global-flags]

Optionsedit

--help: Show help for the restart command.

For more flags, see Global flags.

Examplesedit

elastic-agent restart

elastic-agent runedit

Start the elastic-agent process.

Synopsisedit

elastic-agent run [global-flags]

Global flagsedit

These flags are valid whenever you run elastic-agent on the command line.

-c <string>

The configuration file to use. If not specified, Elastic Agent uses {path.config}/elastic-agent.yml.

--e

Log to stderr and disable syslog/file output.

--environment <environmentVar>

The environment in which the agent will run.

--path.config <string>

The directory where Elastic Agent looks for its configuration file. The default varies by platform.

--path.home <string>

The root directory of Elastic Agent. path.home determines the location of the configuration files and data directory.

If not specified, Elastic Agent uses the current working directory.

--path.logs <string>

Path to the log output for Elastic Agent. The default varies by platform.

--v

Set log level to INFO.

Exampleedit

elastic-agent run -c myagentconfig.yml

elastic-agent uninstalledit

Permanently uninstall Elastic Agent from the system.

You must run this command as the root user (or Administrator on Windows) to remove files.

Synopsisedit

elastic-agent uninstall [--force] [--help] [global-flags]

Optionsedit

--force: Uninstall Elastic Agent and do not prompt for confirmation. This flag is helpful when using automation software or scripted deployments.
--help: Show help for the uninstall command.

For more flags, see Global flags.

Examplesedit

elastic-agent uninstall

elastic-agent upgradeedit

Upgrade the currently running Elastic Agent to the specified version.

Synopsisedit

elastic-agent upgrade <version> [--source-uri <string>] [--help] [flags]

Optionsedit

version: The version of Elastic Agent to upgrade to.
--source-uri <string>: The source URI to download the new version from. By default, Elastic Agent uses the Elastic Artifacts URL.
--help: Show help for the upgrade command.

For more flags, see Global flags.

Examplesedit

elastic-agent upgrade 7.10.1

elastic-agent versionedit

Show the version of Elastic Agent.

Synopsisedit

elastic-agent version [--help] [global-flags]

Optionsedit

--help: Show help for the version command.

For more flags, see Global flags.

Exampleedit

elastic-agent version

« Unenroll Elastic Agent Policy settings »