In Elastic Fleet Agent, how are IDs generated for agents and machines? Is there a way to customize or standardize the ID generation to avoid showing duplicate inactive machines with the same names?

Every day, new agents or machines are created and deleted in our Elastic Fleet environment. As shown in the attached image, some agents are active (healthy), while others are inactive (offline). The issue we're encountering is that inactive agents and newly created active agents often have the same names. Additionally, although we might have only 20-30 agents, the list contains many inactive agents with duplicate names.

image

It appears that each new agent or machine has a different ID in the backend, but the names can be duplicated. I'm trying to understand how these IDs are generated. Is there a way to set a certain standard for generating these IDs to help differentiate and manage the agents more effectively, thus avoiding the display of duplicate inactive machines?

Elastic Version: 8.14

1 Like

I don't think this is exposed to the user, there is no control on how the agents will be generated.

Those duplicate agents are the same server or are different server with the same name?

What matters for fleet is the agent id, and each install or enroll of the agent will generated a new agent id.

A proper breakdown of our scenario is that each day, through a script, agents are reinstalled when a machine is created and agents/machines are deleted/uninstalled when machines are terminated. As a result, newly installed agents on newly created machines with the same functionality and name but different IP addresses are created again, leading to the generation of new agent IDs. This causes duplicates of agents. The newly created machines also have the same names but different agent IDs. Is there a way to customize the ID creation process to avoid having duplicate machines with the same names?

Same server.

Unfortunately no, you have no control over the agent id.

Not sure I got it, you said new machines are created with the same name, so they are not the same server.

The same server means that the storage is persisted.

Are you unenrolling the agents? If you unenroll the agents they will not show up as offline, but will be listed as unenrolled.

If I understood correctly you have some ephemeral machines, in this case you would need to unenroll the agents before terminating the machine

But I'm not sure that the uninstall command would also unenroll, I normally do it using the Fleet API/Fleet UI.

We have an AWS environment where we simply terminate the machine, and the agent terminates along with it. We don't perform any additional actions; the termination removes all the machine's configurations. After a scheduled time, when the machine restarts, it installs all the same configurations with the Elastic agent. We do this to save money on AWS.

Are you suggesting that unenrolling the agent before terminating the machine will solve this offline issue?

Thanks, I hope it clears the confusion

Yeah, if you just terminate the machine, then the agent will stop and will appear as offline on Fleet.

You would need to uninstall the agent on the server before terminating the machine or using the Fleet API/Fleet UI to unenroll the agent before terminating the machine.

Another option is to configure a small Inactivity timeout in the fleet policy, this way the agent will be marked as inactive and not offline.

1 Like

Thanks for your response, it clears the confusion. Can you please tell me or provide the source for the Fleet API for unenrolling the agent. I was unable to find anything regarding it.

@Danyal_Danish as mentioned by @leandrojmp the agent-id is uniquely generate identifier and can't be modified by the user. Please configure the "inactivity timeout" in the policy that will make the offline agents Inactive and remove them from view. You can then filter and select all inactive agents and unenroll them. We will be adding an option that would do this automatically if desired.

1 Like