Error Message in Elastic Agent Logs #12968
-
Version2.4.60 Installation MethodSecurity Onion ISO image Descriptionconfiguration Installation TypeDistributed Locationon-prem with Internet access Hardware SpecsMeets minimum requirements CPU4 RAM24 Storage for /100 Storage for /nsm60 Network Traffic Collectionspan port Network Traffic Speeds1Gbps to 10Gbps StatusYes, all services on all nodes are running OK Salt StatusNo, there are no failures LogsNo, there are no additional clues DetailWorking on getting 2.4 up and running. I am noticing that my initial Elastic Agent logs seem to have an error message included in all of the logs. Here are two fields included in the ingested logs: Field: error.message Field: event.agent_id_status The logs otherwise appear to be fairly normal. I can query them, the data appears to be complete. It is possible that I am missing something, but I can't see whether there is anything else wrong with them. Therefore, I wanted to confirm - Are these error messages expected? I have toyed with a few custom pipelines but currently those changes are removed, so this should be a pretty box-standard implementation at the moment. Is there anything that can be done to prevent these fields on all of the ingested logs? Guidelines
|
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
That error message is known and should be fixed in the next release of Security Onion #12881. The error won't affect your grids log ingest. It's just because that event.created field doesn't exist for certain logs and there is a failure pipeline to surface these types of issues by appending it to the log. |
Beta Was this translation helpful? Give feedback.
That error message is known and should be fixed in the next release of Security Onion #12881.
The error won't affect your grids log ingest. It's just because that event.created field doesn't exist for certain logs and there is a failure pipeline to surface these types of issues by appending it to the log.