Hi - the macOS agent is a huge CPU and RAM hog on macOS 11.2.3.
I'm trying to uninstall following these instructions:
When I browse to the folder where the endpoint is installed (/Library/Elastic/Endpoint/), I get the following error when I run "sudo elastic-agent uninstall":
sudo: elastic-agent: command not found
I also tried running "sudo elastic-endpoint uninstall" and got the following error:
sudo elastic-endpoint uninstall
I've also tried deleting the Elastic app from Applications. However, the app keeps restarting even after I Force Quit.
Are you having problems with elastic-agent? or elastic-endpoint?
For elastic-agent, it is strange to see that the system couldn't find elastic-agent command. It's normally installed under /usr/local/bin/elastic-agent. If you type following command on terminal, it will show if the command is available.
ls -l /usr/local/bin/elastic-agent
If it is available, to remove the agent, you need to browse to the folder, /Library/Elastic/Agent, and then run sudo /usr/local/bin/elastic-agent uninstall.
If you are having problem with elastic-endpoint and would like to remove it, you need to either remove the security integration or assign a new policy without security integration from Kibana.
Let me know if your concerns is with elastic-agent or elastic-endpoint.
If you don't mind though, we would like to get some insight on your observation on high system resource utilization. Can you share the output of the tool you used to measure the usage of memory and CPU?
I was having problems with elastic-endpoint, but could only find instructions to uninstall elastic-agent. I contacted Elastic support, and they also seemed confused by this.
Here are the instructions that they gave me to remove elastic-endpoint that actually ended up working:
cd /tmp
cp /Library/Elastic/Endpoint/elastic-endpoint elastic-endpoint
sudo ./elastic-endpoint uninstall
rm elastic-endpoint
Great to hear that you were able to get elastic-endpoint uninstalled.
I would really appreciate it if you could share your observation on the performance. It would further help us to make improvement in the future so that you don't run into the same problem.
Hi Chan - I didn't capture any screenshots, but my observation is that my computer was often sluggish, and when I'd check Activity Monitor, Elastic Endpoint was always using gigabytes of memory and over 100% of CPU. When I'd kill the process, the computer would stop being sluggish, though the process would automatically restart. I'd have to do this every day or two.
I'm sorry that you had the issue. If you are willing to install the endpoint again briefly to help us diagnose the cause, we would love to work with you on that. Let me know if you are okay with the idea.
It could be also very helpful to have a general idea what's your environment in case it would be hard to reproduce the problem.
I would be nice if you could drop a line about what do you do on your macOS. Is it a typical office-workload without any specific apps, just the browser. Do you do software development, having many toolchains, etc. Is your mac Intel based or M1?
Hi, I guess you don't want to leave the information on a publicly visible page. In such case you can just click on my profile and message me directly, or is it not available for every user on this forum?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
