Open hungnguyen-elastic opened 3 years ago
Pinging @elastic/ingest-management (Team:Ingest Management)
Pinging @elastic/integrations (Team:Integrations)
Does this still need to be worked?
maybe, I dfon't have understanding of what it means, but came here due to what appears the same issue. One thing I can hint: I had been trying to reduce the event volume by turning off some events, so maybe the index is missing. I would have the assumption that if I'm offered (luckily) that option then it should not result in such error messages under the hood.
kibana | [2023-06-06T19:00:05.674+00:00][WARN ][plugins.securitySolution.ruleExecution] Changing rule status to "partial failure". This rule is attempting to query data from Elasticsearch indices listed in the "Index pattern" section of the rule definition, however no index matching: ["winlogbeat-*","logs-system.*","logs-windows.*"] was found. This warning will continue to appear until a matching index is created or this rule is disabled. [siem.eqlRule][Potential Credential Access via DCSync][rule id 3310ccf0-e9a8-11ed-bad0-51b565f4b15e][rule uuid 9f962927-1a4f-45f3-a57b-287f2c7029c1][exec id 04e550af-60a1-478d-8799-233b0db6aa7e][space default]
Please post all questions and issues on https://discuss.elastic.co/c/beats before opening a Github Issue. Your questions will reach a wider audience there, and if we confirm that there is a bug, then you can open a new issue.
For security vulnerabilities please only send reports to security@elastic.co. See https://www.elastic.co/community/security for more information.
Please include configurations and logs if available. FIlebeat kibana pipeline filebeat-%{agent.version}-kibana-audit-pipeline not parsing data correctly. Some of the if statements miss null-safe operators causing the pipeline to not finish
Log sample:
For confirmed bugs, please report: