Elastic Agent Builder built-in agents reference
Built-in agents are pre-configured by Elastic with specific instructions and tools to handle common use cases.
Built-in agents cannot be modified or deleted. To customize one, you can clone it and create a custom agent.
The Elastic AI Agent is not a built-in agent in this version. It is a standard persisted default agent that is space-aware and editable. Refer to Elastic AI Agent for details.
You cannot modify or delete built-in agents. To customize one, you can clone it and create a custom agent.
The availability of specific agents depends on your solution view or serverless project type.
Built-in agents are space-agnostic: they are available across all Kibana spaces. The default Elastic AI Agent is an exception: it is created automatically per space and is only available in the space where it was created.
Built-in agents are space-agnostic: they are available across all Kibana spaces.
Elastic Observability and Elastic Security users must opt-in to use Elastic Agent Builder. To learn more, refer to Compare Agent Builder and AI Assistant > Switch between chat experiences.
The Elastic AI Agent is the default general-purpose agent for Elasticsearch. Unlike the other built-in agents, it is a standard persisted agent that is automatically created in each Kibana space when first accessed.
Because the default agent is space-aware, you can customize it independently for each space. You can change its instructions, adjust which tools it has access to, or clone it as a starting point for a new agent.
Default assigned tools:
The Elastic AI Agent is the default general-purpose agent for Elasticsearch. It is designed to help with a wide range of tasks, from writing ES|QL queries to exploring your data indices.
Assigned tools:
A specialized agent for logs, metrics, and traces. It is designed to assist with infrastructure monitoring and application performance troubleshooting.
Assigned tools:
- All Observability tools
- A subset of Platform core tools
A specialized agent for security alert analysis tasks, including alert investigation and Elastic Security documentation. It helps analysts triage alerts and understand complex security events. For more information and example use-cases, refer to Agent Builder for Elastic Security.
Assigned tools:
- All Security tools
- A subset of Platform core tools