/app/fleet/agents shows no agents in Kibana, but API does

Hi,

I use elastic stack in version 9.4.3.

I have one fleet instance running, but it's not visible in the Kibana UI:

An API call via curl shows otherwise:
{
"items": [
{
"id": "3b28b7af-6b94-4a08-8105-5ba0b25afd3e",
"type": "PERMANENT",
"namespaces": [
"default"
],
"active": true,
"enrolled_at": "2026-07-15T14:07:48Z",
"access_api_key_id": "xxx",
"policy_id": "fleet-server-policy#9.4",
"last_checkin": "2026-07-15T14:29:22Z",
"last_checkin_status": "online",
"last_checkin_message": "Running",
"policy_revision": 4,
"sequence_num": 0,
"status": "online"
}

I see two errors in the browser console:

  1. Content Security Policy blocks inline execution of scripts and stylesheets
    1. The Content Security Policy (CSP) prevents cross-site scripting attacks by blocking inline execution of scripts and style sheets.

      To solve this, move all inline scripts (e.g. onclick=[JS code]) and styles into external files.

      :warning: Allowing inline execution comes at the risk of script injection via injection of HTML script elements. If you absolutely must, you can allow inline script and styles by:

      • adding unsafe-inline as a source to the CSP header
      • adding the hash or nonce of the inline script to your CSP header.
      1. 2 directives
        1.
        Directive Element Source location Status
        script-src-elem agents:187 blocked
        script-src-elem agents:187 report-only
    • Learn more: Content Security Policy - Inline Code
  1. Content Security Policy of your site blocks the use of 'eval' in JavaScript`
    1. The Content Security Policy (CSP) prevents the evaluation of arbitrary strings as JavaScript to make it more difficult for an attacker to inject unathorized code on your site.

      To solve this issue, avoid using eval(), new Function(), setTimeout([string], ...) and setInterval([string], ...) for evaluating strings.

      If you absolutely must: you can enable string evaluation by adding unsafe-eval as an allowed source in a script-src directive.

      :warning: Allowing string evaluation comes at the risk of inline script injection.

      1. 2 directives
        1.
        Source location Directive Status
        kbn-ui-shared-deps-npm.dll.js:456 script-src blocked
        kbn-ui-shared-deps-npm.dll.js:456 script-src report-only

What can I do?

Best regards,

Robert

What integrations do you have in the policy: fleet-server-policy ?

Hi Leandro,

I have

auditd-6 Auditd Logs v3.23.0
fleet_server-1 Fleet Server v1.6.1
system-logs-metrics-fleet System v2.21.0

Hi Leandro,

After I deleted the fleet server policy and uninstalled the corresponding agent, I reinstalled the agent and could see the agent in the fleet agent overview. Then I edited the policy and added an auditd integration, which made the agent disappear from the overview.

Was this Github issue created by you?

This is the problem, there is a current issue in Kibana related to version-specific agent policies, if an Agent Policy has an integration that will lead to the creation of version-specific policies, this may have some impact in some places.

The Auditd integration is one of the integrations that will lead to the creation of version-specific policies.

Until this is fixed in Kibana you need to remove the Auditd integration for things work well.

Hi Leandro,

I didn't create the github issue.

Can you tell which exact version of Kibana introduced this behavior?

No problem, but it seems to be exactly the same issue.

Version specific agent policies were introduced in version 9.4

This is a known Kibana UI bug. If your Fleet Server is online via the API, it's working correctly. The CSP warnings are likely unrelated. If your agent policy includes the Auditd integration, try removing it—it's known to trigger this issue with version-specific policies. The agent should reappear until Elastic releases a fix.