ryan-carroll-graylog
commented
2 months ago Closing as duplicate to https://github.com/Graylog2/graylog2-server/issues/19384
Closed ryan-carroll-graylog closed 2 months ago
ryan-carroll-graylog
commented
2 months ago Closing as duplicate to https://github.com/Graylog2/graylog2-server/issues/19384
From support issue: https://github.com/Graylog2/support/issues/50
Expected Behavior
Our current sidecar bundle 1.5.0 should include winlogbeat version 8.6.2, 8.8.2, 8.10.2 or the latest 8.12.2 to make sure there are no issues with Get-CimInstance Win32_Service being unresponcsif
Current Behavior
We ship our sidecare bundle with winlogbeat version 8.9.0 that is a problem because Get-Ciminstance Win_32Service is hanging if another source like a monitoring agent is required to use this Powershell command.
Possible Solution
Update our Sidecare bundle 1.5.0 to include Winlogbeat version 8.12.2 and the issue does not exist anymore
Context
Customer uses Get-CimInstance Win32_Service command for their monitoring agents. However, if they start the winlogbeat collector process, this command takes 5 minutes+ to run. They also mentioned the collector process takes a long time to start. One thing I noticed that can also be seen in the recording, after the Get-CimInstance Win32_Service eventually runs, the collector process it has status Degraded. Sidecar and Collector are running fine, did not see anything wrong in the logs. The sidecar configuration is default.
Slack conversation: https://graylog.slack.com/archives/C036LC4K744/p1714646739633159
Customer Environment
Graylog Version: Graylog 5.2.6+5296b15 Sidecar Version: 1.5.0 WinlogBeat Version: 8.9.0
(created from Zendesk ticket #417)
gz#417