Hi,
I did see the following question: Is it possible to remove Inactive Agents from Fleet?
And actually there is an undocumented (and potentially dangerous) way to remove unenrolled agents. Because I couldn't add my answer there (the thread is closed) I created a new post for people looking for a solution.
POST /_security/service/elastic/fleet-server/credential/token/delete-agents
Search the .fleet-agents index for the entry you want to delete and get the document _id.
Delete the fleet entry document (set/replace the ES_URL, DOC_ID, and SERVICE_TOKEN, with the elasticsearch url, the document id to delete, and the in the first step created service token):
curl --request DELETE \
--url ${ES_URL}/.fleet-agents-7/_doc/${DOC_ID} \
--header 'Authorization: Bearer ${SERVICE_TOKEN}' \
--header 'Content-Type: application/json' \
--header 'kbn-xsrf: kibana' \
--header 'x-elastic-product-origin: fleet'
DELETE /_security/service/elastic/fleet-server/credential/token/delete-agents
This answer can be merged into the other thread by admins if they want to. Because unfortunately it is no longer possible to answer there. However, I wanted to document my solution for others to find.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.