Skip to content

Latest commit

 

History

History
57 lines (40 loc) · 2.46 KB

uninstall-elastic-agent.asciidoc

File metadata and controls

57 lines (40 loc) · 2.46 KB

Uninstall {agent}s from edge hosts

Uninstall on macOS, Linux, and Windows

To uninstall {agent}, run the uninstall command from the directory where {agent} is running.

Important
 Be sure to run the uninstall command from the directory where {agent} is running, as shown in the example below, and not from the directory where you previously ran the install command. Running the command from the wrong directory can leave the agent in an inconsistent state.

Follow the prompts to confirm that you want to uninstall {agent}. The command stops and uninstalls any managed programs, such as {beats} and {elastic-endpoint}, before it stops and uninstalls {agent}.

If you run into problems, refer to [fleet-troubleshooting].

If you are using DEB or RPM, you can use the package manager to remove the installed package.

Note
 For hosts enrolled in the {elastic-defend} integration with Agent tamper protection enabled, you’ll need to include the uninstall token in the command, using the --uninstall-token flag. Refer to the {security-guide}/agent-tamper-protection.html[Agent tamper protection docs] for more information.

Remove {agent} files manually

You might need to remove {agent} files manually if there’s a failure during installation.

To remove {agent} manually from your system:

  1. Unenroll the agent if it’s managed by {fleet}.

  2. For standalone agents, back up any configuration files you want to preserve.

  3. On your host, stop the agent. If any {agent}-related processes are still running, stop them too.

    Tip
    		 Search for these processes and stop them if they’re still running: filebeat, metricbeat, fleet-server, and elastic-endpoint.

  4. Manually remove the {agent} files from your system. For example, if you’re running {agent} on macOS, delete /Library/Elastic/Agent/*. Not sure where the files are installed? Refer to [installation-layout].

  5. If you’ve configured the {elastic-defend} integration, also remove the files installed for endpoint protection. The directory structure is similar to {agent}, for example, /Library/Elastic/Endpoint/*.

    Note
    		 When you remove the {elastic-defend} integration from a macOS host (10.13, 10.14, or 10.15), the Endpoint System Extension is left on disk intentionally. If you want to remove the extension, refer to the documentation for your operating system.