Upgrade Fleet-managed Elastic Agentsedit

This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.

Starting with version 7.10, Fleet provides upgrade capabilities. You can view and select agents that are out of date, and trigger selected agents to download, install, and run the new version.

This approach simplifies the process of keeping your agents up to date. It also saves you time because you don’t need third-party tools or processes to manage upgrades.

Elastic Agents require internet access to perform binary upgrades from Fleet.

The upgrade feature is not supported for upgrading DEB/RPM packages or Docker images.

To upgrade Elastic Agent to a new version:

  1. In Fleet, select Agents.
  2. Under Agents, click Upgrade available to see a list of agents that you can upgrade.
  3. To upgrade a single agent, choose Upgrade agent from the Actions menu next to the agent you want to upgrade.

    The Upgrade agent option is grayed out when an upgrade is unavailable, or the Kibana version is lower than the agent version.

  4. To upgrade multiple agents, bulk select the agents and click Upgrade agents.

    Upgrade menu for bulk upgrade in Fleet

    Unable to select multiple agents? Confirm that your subscription level supports selective agent binary updates in Fleet. For more information, refer to Elastic Stack subscriptions.

Want to upgrade a standalone agent instead? See Upgrade standalone Elastic Agents.

Upgrade from 7.12 or loweredit

As part of the 7.13 release, we introduce Fleet Server, a mechanism to connect your Elastic Agents to Fleet.

When you upgrade to 7.13 from 7.12 or lower, please note the following:

  • All of your existing Elastic Agents will be automatically unenrolled from Fleet and will stop sending data.
  • Before you can add your Elastic Agents again to Fleet, you must have Fleet Server running.
  • All of your policies will be migrated.

You must upgrade your deployment to 7.13. If your deployment is running in our hosted Elasticsearch Service on Elastic Cloud, see Upgrade versions. If you are running a self-managed deployment, see Upgrading the Elastic Stack.

Step 1: Set up Fleet Serveredit

Here’s what you need to set up Fleet Server for each deployment type:

Elastic Cloud runs a hosted version of Fleet Server.

To confirm that Fleet Server is available in your deployment:

  1. Log in to Kibana and go to Management > Fleet, and click the Agents tab.
  2. The following message is displayed. Please note that your Elastic Agents have now been unenrolled and have stopped sending data.

    Select Do not show this message again, and then click Close and get started.

    Add Fleet Server prompt

    If your previous deployment did not include an APM node, you are prompted to enable APM & Fleet, required for using Fleet Server.

    Click Edit deployment and add an APM & Fleet node to your deployment.

    Add APM & Fleet node prompt
  3. To confirm that Fleet Server is available in your deployment, click the Agents tab.
  4. Under Policies, select the Elastic Cloud agent policy to confirm that Fleet Server is listed. This policy is managed by Elastic Cloud and can not be modified.

    You are now able to install and enroll subsequent Elastic Agents with Fleet Server.

Step 2: Install and enroll Elastic Agent on more hostsedit

When you upgrade to 7.13 from 7.12 or lower, you may see the following error message in the Elasticsearch logs:

Authentication using apikey failed - api key has been invalidated

Before installing and enrolling your Elastic Agents, make sure to uninstall your previous Elastic Agents. See Uninstall Elastic Agents from edge hosts.

From the perspective of a host, Fleet Server will be running with the version of the installed Elastic Agent that started it. Any other Elastic Agents enrolling with Fleet Server must have an equal or lower version than that of the Fleet Server.

Starting from version 7.13.0 Fleet Server is required.

  1. On the machine where you’ll run Elastic Agent, download and extract the installation package.

    curl -L -O https://artifacts.elastic.co/downloads/beats/elastic-agent/elastic-agent-7.17.21-darwin-x86_64.tar.gz
    tar xzvf elastic-agent-7.17.21-darwin-x86_64.tar.gz

    See the download page for other installation options.

  2. On the Agents tab in Fleet, click Add agent.
  3. Under Enroll in Fleet, follow the in-product installation steps (skip the download step if you’ve already done it).

    add agent

    See the download page for other installation options.


  • Use the default agent policy to get started quickly. This policy includes a system integration for collecting logs and metrics from the host system. You can change the policy later.
  • On macOS, Linux (tar package), and Windows, run the install command to install Elastic Agent as a managed service, enroll it in Fleet, and start the service. The DEB and RPM packages include a service unit for Linux systems with systemd, so use the enroll command instead of install.

    You must run this command as the root user because some integrations require root privileges to collect sensitive data.

    cd elastic-agent-7.17.21-darwin-x86_64
    sudo ./elastic-agent install -f --url=<fleet_server_url> --enrollment-token=<enrollment_token>  

    fleet_server_url is the host and IP where Fleet Server is running, and enrollment_token is the enrollment token acquired from Fleet.

    Omit -f to run an interactive installation.

    If you see an "x509: certificate signed by unknown authority" error, you might be trying to enroll in a Fleet Server that uses self-signed certs. To fix this problem in a non-production environment, pass the --insecure flag. For more information, refer to the troubleshooting guide.

    Refer to Installation layout for the location of installed Elastic Agent files.

Because Elastic Agent is installed as an auto-starting service, it will restart automatically if the system is rebooted.

To confirm that Elastic Agent is installed and running, go to the Agents tab in Fleet. Notice that the Default policy is assigned to the agent.

Fleet showing enrolled agents

If the status hangs at Enrolling, make sure the elastic-agent process is running.

If you run into problems:

For information about managing Elastic Agent in Fleet, refer to Centrally manage Elastic Agents in Fleet.