Few questions about Elastic Agent 7.10.2

  1. The Windows agent installation is a little confusing. You download the zip and extract it to Program Files\elastic-agent. When you run the command to install the agent service and get it talking with Fleet, a new but nearly identical directory structure is created under Program Files\Elastic\Agent. The service runs from this directory. What about Program Files\elastic-agent--can the original download be deleted?

  2. In the new directory structure, the current elastic-agent.yml can't be read, but a backup copy (.bak) can. Is this by design--to keep people out b/c it is something downloaded by Fleet?

  3. With Azure Log Analytics (formerly OMS), Microsoft Monitoring Agents can home to multiple workspaces. Will Elastic Agent be able to do something similar, i.e. report to multiple Fleets? Would be great for testing.

If there's advanced documentation for Fleet/Elastic Agent, please point me to it. I will need to know this as well as SCOM and Azure Monitor/Log Analytics

Thank you!

2 Likes

I think the Elastic Stack / Beats category would be a better place to ask this question. Unless there is something specific to Kibana being asked, which I'm not seeing.

Thanks for moving this. My only defense is being very new to Elastic and trying to figure things out w/o a signed support agreement. I had hoped there would be a dedicated section for Fleet/Elastic Agent as existing Beats customers move to a policy based architecture.

We're putting together a monitoring POC using Fleet/Elastic Agent for a large client w/thousands of endpoints.

Hi @dvo thanks for trying out fleet, and for your feedback! Have you seen the documentation in Fleet User Guide [7.11] | Elastic ?
I'll try and find out more about your other questions and get back to you.

@dvo Can you point me to the documentation that states for it to be extracted to C:\Program Files\elastic-agent? There is no requirement that it be extracted to that directory. I would expected it to just be extracted into the Downloads directory and run from there. Once installed then the directory in Downloads can be deleted.

The elastic-agent.yml should only be able to be ran by an Administrator. This is do to the fact that in contains credentials for communication back to Fleet and elasticsearch.

There is currently no future plans to have Elastic Agent talk to multiple Fleet's.

The steps are covered here: Quick start: Get logs and metrics into the Elastic Stack | Fleet User Guide [7.11] | Elastic

The instructions were written before we added the install command. I'll create an issue to get the instructions properly updated. Thanks!

1 Like