Frequently asked questionsedit
This functionality is in beta and is subject to change. The design and code is less mature than official GA features and is being provided as-is with no warranties. Beta features are not subject to the support SLA of official GA features.
We have collected the most frequently asked questions here. If your question isn’t answered here, contact us in the discuss forum. Your feedback is very valuable to us.
Also read Troubleshoot common problems.
Why doesn’t my enrolled Agent show up in the Ingest Manager app?edit
If Elastic Agent was successfully enrolled, but doesn’t show up in the Fleet list, it might not be started. You need to start Elastic Agent.
Where does Elastic Agent store logs after startup?edit
When started successfully, Metricbeat logs are stored in
data/logs/metricbeat under the folder where Elastic Agent was started. If that log
path does not exist, Elastic Agent was unable to start Metricbeat, which is a
higher level problem to triage.
What configuration is the Elastic Agent running?edit
To find the configuration file, inspect the elastic-agent.yml file in the
folder where you ran Elastic Agent. If you’re running the agent in Fleet mode, this
file contains the following citation:
Management: mode: "fleet"
The action_store.yml contains the entire, unencrypted configuration:
-
To see the Elasticsearch location, look at
outputs:hosts. - To see the Elastic Agent version, look at the download folder and zip filenames.
This file also shows the version of all packages used by the current configuration.
Why can’t I see the data Elastic Agent is sending?edit
If Elastic Agent is set up and running, but you don’t see data in Kibana:
-
Go to Management > Dev Tools in Kibana, and in the Console, search your index for data. For example:
GET metrics-*/_search
Or if you prefer, go to the Discover app.
-
Look at the data that Elastic Agent has sent and see if the
name.hostfield contains your host machine name.
If you don’t see data for your host, it’s possible that the data is blocked in the network, or that a firewall or security problem is preventing the Elastic Agent from sending the data.
Although it’s redundant to install stand-alone Metricbeat, you might want to try installing it to see if it’s able to send data successfully to Elasticsearch. For more information, see Metricbeat quick start.
If Metricbeat is able to send data to Elasticsearch, there is possibly a bug or problem with Elastic Agent, and you should report it.
How do I restore an Elastic Agent that I deleted from Fleet?edit
It’s ok, we’ve got your back! The data is still in Elasticsearch. To add Elastic Agent to Fleet again, Stop Elastic Agent, re-enroll it on the host, then run Elastic Agent.
How do I restart Elastic Agent after rebooting my host?edit
On Windows, if you used PowerShell to install Elastic Agent as a service, the agent should still be running after rebooting the host.
On Linux, if you used the DEB or RPM packages, the agent should still be running after rebooting the host.
On macOS, you need to restart Elastic Agent from the command line after rebooting the host, or follow the steps described in Manually install Elastic Agent as a service on macOS to run the agent as a service.
Support for installing Elastic Agent as a service on all supported systems will be available in a future release.
Does Elastic Agent or Kibana download integration packages?edit
Elastic Agent does not download integration packages. When you add an integration in
Ingest Manager, Kibana connects to the Elastic Package Registry at epr-7-9.elastic.co,
downloads the integration package, and stores its assets in Elasticsearch. This means
that you no longer have to run a manual setup command to load integrations as
you did previously with Beats modules.
Does Elastic Agent download anything from the Internet?edit
In most cases, the data collection software required by Elastic Agent is bundled with the agent. There is one special exception: Elastic Endpoint. When an Elastic Agent configuration is set to include Elastic Endpoint, Elastic Agent must download software from the Elastic download site.
Bundling Elastic Endpoint with Elastic Agent is a known feature request scoped for a future release.
Do I need to set up the Beats managed by Elastic Agent?edit
You might have noticed that Elastic Agent runs Beats under the hood. But note that the Beats managed by Elastic Agent are set up and run differently from standalone Beats.
For example, standalone Beats use modules and require you to run a setup
command on the host to load assets, such as ingest pipelines and dashboards. In
contrast, Beats managed by Elastic Agent use integration packages that Kibana
downloads from the Elastic Package Registry at epr-7-9.elastic.co. This means that
Elastic Agent does not need extra privileges to set up assets because
Ingest Manager manages the assets.
What is the Elastic Endpoint Security integration in Ingest Manager?edit
The Elastic Endpoint Security integration provides protection on your Elastic Agent controlled host. The integration monitors your host for security-related events, allowing for investigation of security data through the Elastic Security application in Kibana. The Elastic Endpoint Security integration is managed by Elastic Agent in in the same way as other integrations. Try it out! For more information, see the Elastic Security solution documentation.