IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.
« Fleet and Elastic Agent 8.18.1 Appendix A: Install a Fleet-managed Elastic Agent »
Elastic Docs Fleet and Elastic Agent Guide [8.18] Release notes

Fleet and Elastic Agent 8.18.0

edit
A newer version is available. Check out the latest documentation.

Fleet and Elastic Agent 8.18.0

edit

Review important information about the Fleet and Elastic Agent 8.18.0 release.

Known issues

edit
Inaccurate option to upgrade across major releases appears in Fleet UI

Details

In late 8.x releases, there’s a bug in the Fleet UI that causes 9.0.0 to appear as an option for Elastic Agent upgrades. This option results in an error when selected, as upgrades across major releases are not supported for Elastic Agent. For example, an agent can’t be upgraded to version 9.0 while Kibana and Fleet Server are on version 8.x.

The Elastic Agent upgrade is not selectable:

Elastic Agent upgrade is not selectable

The Fleet Server upgrade is selectable, with an inconsistent UI state and error on submit:

Fleet Server inconsistent UI state

Impact

In the 9.x releases, the option that appears in the UI for an upgrade across a major release should be ignored.

On Windows, Elastic Agent is unable to re-enroll into Fleet

Details
There is a known issue where an Elastic Agent installed on Windows and previously enrolled into Fleet is unable to re-enroll. Attempting to enroll the Elastic Agent fails with the following error:

Error: the command is executed as root but the program files are not owned by the root user.

Impact
The issue affects Elastic Agent installed on Windows. Until a bug fix is available in a later release, you can temporarily resolve the issue by changing the ownership of the Elastic Agent directory:

icacls "C:\Program Files\Elastic\Agent" /setowner "NT AUTHORITY\SYSTEM" /t /l

After the output confirms all files were successfully processed, run the enroll command again.

Elastic Agents remain in an "Upgrade scheduled" state

Details

There is a known issue where Elastic Agent remains in an Upgrade scheduled state when a scheduled Elastic Agent upgrade is cancelled. Attempting to restart the upgrade on the UI returns an error: The selected agent is not upgradeable: agent is already being upgraded..

Impact

Until this issue is fixed in a later patch version, you can call the Upgrade an agent endpoint of the Kibana Fleet API with the force parameter set to true to force-upgrade the Elastic Agent:

curl --request POST \
  --url https://<KIBANA_HOST>/api/fleet/agents/<AGENT_ID>/upgrade \
  --user "<SUPERUSER_NAME>:<SUPERUSER_PASSWORD>" \
  --header 'Content-Type: application/json' \
  --header 'kbn-xsrf: true' \
  --data '{"version": "<VERSION>","force": true}'

To force-upgrade multiple Elastic Agents, call the Bulk upgrade agents endpoint of the Kibana Fleet API with the force parameter set to true:

curl --request POST \
  --url https://<KIBANA_HOST>/api/fleet/agents/bulk_upgrade \
  --user "<SUPERUSER_NAME>:<SUPERUSER_PASSWORD>" \
  --header 'Content-Type: application/json' \
  --header 'kbn-xsrf: true' \
  --data '{"version": "<VERSION>","force": true,"agents":["<AGENT_IDS>"]}'
fleet-agents template is missing mappings

Details

On May 2, 2025 a known issue was discovered that the .fleet-agents index template was missing a mapping for the local_metadata.complete attribute. This may cause agent checkins to be rejected and the agents to appear as offline.

In this Fleet’s logs this will appear as:

elastic fail 400: document_parsing_exception: [1:209] object mapping for [local_metadata] tried to parse field [local_metadata] as object, but found a concrete value
Eat bulk checkin error; Keep on truckin'

And in the Elastic Agent logs it will appear as:

"log.level":"error","@timestamp":"2025-04-22:12:35:25.295Z","message":"Eat bulk checkin error; Keep on truckin'","component":{"binary":"fleet-server","dataset":"elastic_agent.fleet_server","id":"fleet-server-es-containerhost","type":"fleet-server"},"log":{"source":"fleet-server-es-containerhost"},"service.type":"fleet-server","error.message":"elastic fail 400: document_parsing_exception: [1:209] object mapping for [local_metadata] tried to parse field [local_metadata] as object, but found a concrete value","ecs.version":"1.6.0","service.name":"fleet-server","ecs.version":"1.6.0"

This attribute was added to the template in versions: 8.17.11 8.18.3, and 8.19.3.

Further investigation revealed that the .fleet-agents index template was not correctly applied due to an unchanged _meta.managed_index_mappings_version number. This change also affects other attributes as well, such as upgrade_attempts, namespaces, unprivileged, and unhealthy_reason. If there is an error related to any of these attributes, there will be a similar error message in the logs.

Impact

Updating to a version with a fixed _meta.managed_index_mappings_version will correctly apply the new index template. The fixed versions are 8.18.8, 8.19.4, 9.0.8, 9.1.4.

New features

edit

The 8.18.0 release Added the following new and notable features.

Fleet
  • Add next steps and actions to the agentless integrations flyout. (#203824)
  • Add support for selecting columns when exporting agents to CSV. (#203103)
  • Add status tracking for agentless integrations. (#199567)
Elastic Agent
  • Add ability to run the Elastic Distribution of OTel Collector at the same time as other inputs. This feature is in technical preview. #5767 #5796
  • Add a sample configuration to be used when deploying the OpenTelemetry Kube Stack Helm Chart. #5822
  • Add the GeoIP OpenTelemetry processor to Elastic Agent. #6134
  • Add the OpenTelemetry routing connector to the Elastic Distribution of OTel Collector. #6210
  • Add support for the OTel loadbalancing exporter to Elastic Agent. #6315
  • Add a new Kubernetes deployment of the Elastic Distribution of OTel Collector named "gateway", to simplify the daemonset collector configuration and unify managed/self-managed scenarios. #6444
  • Add the components command for Elastic Agent in OTel mode, to list the supported components the the Elastic Distribution of OTel Collector includes. #6539
  • Add the receivercreator and k8sobserver components to the Elastic Distribution of OTel Collector to help cover autodiscovery scenarios in Kubernetes. #6561
  • Add the kafkaexporter and kafkareceiver the Elastic Distribution of OTel Collector to help prepare support for a Kafka output. #6593 #6562
  • Add the nopreceiver to the Elastic Distribution of OTel Collector. #6603
  • Change the default gRPC port to 0 when Elastic Agent is run in a container. #6585

Enhancements

edit
Fleet
  • Enable sub-feature privileges for Fleet. (#203182)
Fleet Server
  • Validate user pbkdf2 settings for FIPS compliance. #4542
  • Update Fleet Server Go version to 1.24.0. #4543
Elastic Agent
  • Re-enable the OTel subcommand on Windows. #6068 #4976 #5710
  • Update the Elastic Agent to only run composable providers if they are referenced in the agent policy. #6169 #3609 #4648
  • Add a flag to skip Fleet audit or unenroll when uninstalling Elastic Agent. #6206 #5757
  • Embed hints-based inputs in the Elastic Agent Kubernetes container image. #6381 #5661
  • Add an error to the Windows Application Event Log if the install, uninstall, or enroll commands fail. #6410 #6338
  • Add a logger to print the status and code when an Elastic Agent enrollment call to Fleet fails. #6477 #6287
  • Update Elastic Agent Go version to 1.24.0. #6932
  • Update OTel components to v0.120.x. #7443

Bug fixes

edit
Fleet
  • Support is_default on integration deployment modes. (#208284)
  • Fix a UI error caused when an agent becomes orphaned. (#207746)
  • Restrict non-local Elasticsearch output types for agentless integrations and policies. (#207296)
  • Fix API code to prevent bulk actions from timing out. (#205735)
  • Fix generation of dynamic mapping for objects with specific subfields. (#204104)
  • Fix logic to ensure that agents are only considered stuck in updating when an upgrade fails. (#202126)
Fleet Server
  • Return a 429 error when the Fleet Server connection limit is reached instead of silently closing connections. #4402
Elastic Agent
  • Prevent installation of Elastic Defend in emulated environment, in which it’s not supported. #6095 #6082
  • Re-enable notifying Fleet when [agent] is uninstalled on Windows. #6257 #5952
  • Log a warning on same version upgrade attempts and prevent the agent from reporting a failed upgrade state. #6273 #6186
  • Add retries for requesting download verifiers when upgrading an agent. #6276 #5163
  • Replace list with items from from kibanaFetchToken as list is deprecated in the API response and will be removed. #6437 #6023
  • Restore cloud-defend as an expected binary after it was accidentally removed from containers in 8.17.0 and later versions. #6470 #6469
  • Restore the maintainer label for container images rather than the default inherited from a base image. #6512
  • Fix enrollment for containerized Elastic Agent when the enrollment token changes or the agent is unenrolled. #6568 #3586
  • Change how Windows process handles are obtained when assigning sub-processes to Job objects. #6825
« Fleet and Elastic Agent 8.18.1 Appendix A: Install a Fleet-managed Elastic Agent »