Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Winlogbeat failed to ship data under Discover tab. #42625

Closed
amolnater-qasource opened this issue Feb 7, 2025 · 10 comments
Closed

Winlogbeat failed to ship data under Discover tab. #42625

amolnater-qasource opened this issue Feb 7, 2025 · 10 comments
Assignees
@marc-gr
Labels
bug impact:high Short-term priority; add to current release, or definitely next. QA:Validated Validated by the QA Team Team:Elastic-Agent-Data-Plane Label for the Agent Data Plane team Team:Security-Windows Platform Windows Platform Team in Security Solution

Comments

@amolnater-qasource
Copy link

Kibana Build details:

VERSION: 9.0.0 beta1 BC1
BUILD: 83348
COMMIT: fd1f8b62137f14e93716e298e4e931b576e2ca13

Artifact Link: https://staging.elastic.co/9.0.0-beta1-0bb9ce30/downloads/beats/winlogbeat/winlogbeat-9.0.0-beta1-windows-x86_64.zip

Preconditions:

  1. 9.0.0 beta BC1 Kibana cloud environment should be available.

Steps to reproduce:

  1. Update cloud id and cloud auth for winlogbeat.
  2. Now run: .\winlogbeat.exe setup.
  3. Observe Dashboards are successfully loaded.
  4. Now run: Start-Service winlogbeat.
  5. Observe no data under Discover tab is displayed.

NOTE:

  • 8.18.0 BC1 winlogbeat works with same credentials and data gets generated under Discover tab.

Expected Result:
Winlogbeat should send data under Discover tab on successful setup.

Logs:
winlogbeat-20250207.ndjson.zip

Screenshot:

Image

Image
@amolnater-qasource amolnater-qasource added bug impact:high Short-term priority; add to current release, or definitely next. Team:Elastic-Agent-Data-Plane Label for the Agent Data Plane team labels Feb 7, 2025
@elasticmachine
Copy link
Collaborator

Pinging @elastic/elastic-agent-data-plane (Team:Elastic-Agent-Data-Plane)

@amolnater-qasource
Copy link
Author

@muskangulati-qasource Please review.

@muskangulati-qasource
Copy link

Secondary review is Done for this ticket!

@pierrehilbert
Copy link
Collaborator

@nfritts Could we have someone from your team to have a look here please?

@pierrehilbert pierrehilbert added the Team:Security-Windows Platform Windows Platform Team in Security Solution label Feb 7, 2025
@elasticmachine
Copy link
Collaborator

Pinging @elastic/sec-windows-platform (Team:Security-Windows Platform)

@marc-gr marc-gr self-assigned this Feb 7, 2025
@marc-gr marc-gr mentioned this issue Feb 7, 2025
Merged
6 tasks
@marc-gr
Copy link
Contributor

marc-gr commented Feb 7, 2025

I opened a PR with a fix for this. The fix will be also backported to 8.18 and 8.x since it is also present there as part of the raw api

This was referenced Feb 7, 2025
Merged
Merged
Merged
@marc-gr
Copy link
Contributor

marc-gr commented Feb 7, 2025

all the backports are merged

@pierrehilbert
Copy link
Collaborator

@amolnater-qasource could you please plan to test this again next week?

@amolnater-qasource
Copy link
Author

amolnater-qasource commented Feb 10, 2025
edited
Loading

Sure @pierrehilbert we'll revalidate this once 9.0.0-beta1 BC3 is available.

[Update]: BC2 was built before the PRs are merged,

@amolnater-qasource
Copy link
Author

Hi Team,

We have revalidated this issue on latest 9.0.0-beta1 BC3 environment and found it fixed now.

  • Winlogbeat is successfully able to ship data under Discover tab.

Build details:
VERSION: 9.0.0-beta1 BC3
BUILD: 83575
COMMIT: a9ae718019d3909912f81e5d388ef597929071a1
Artifact: https://staging.elastic.co/9.0.0-beta1-1d59e665/downloads/beats/winlogbeat/winlogbeat-9.0.0-beta1-windows-x86_64.zip

Screenshot:

Image

Hence, we are closing and marking this issue as QA:Validated.

Thanks!!

@amolnater-qasource amolnater-qasource added the QA:Validated Validated by the QA Team label Feb 14, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@marc-gr marc-gr

Labels
bug impact:high Short-term priority; add to current release, or definitely next. QA:Validated Validated by the QA Team Team:Elastic-Agent-Data-Plane Label for the Agent Data Plane team Team:Security-Windows Platform Windows Platform Team in Security Solution
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@pierrehilbert @marc-gr @elasticmachine @muskangulati-qasource @amolnater-qasource