Open VihasMakwana opened 3 weeks ago
Pinging @elastic/elastic-agent-data-plane (Team:Elastic-Agent-Data-Plane)
Best option is probably to handle this type of error by having:
WDYT?
Best option is probably to handle this type of error by having:
- Debug logs mentioning that this requires Agent to be run as privileged to get access to the volume
- The input reporting as degraded (as we are planning to do with those issues [Elastic Agent] Allow Metricbeat metricsets to report their status to the Elastic Agent beats#39736 & [Elastic Agent] The system/metrics input should report itself as degraded when it encounters a permissions error beats#39737)
- Our doc mentioning clearly this won't work on Windows in unprivileged mode
WDYT?
I agree with you and this would also help with excessive error logging
Could you try to add the elastic-agent-user
to the Performance Monitor Users
group and see if fixes the issue?
The datastream also needs to be marked as requiring root in the integration: https://github.com/elastic/integrations/blob/main/packages/system/data_stream/diskio/manifest.yml
I think this is missing from a few data streams in that package.
The datastream also needs to be marked as requiring root in the integration: https://github.com/elastic/integrations/blob/main/packages/system/data_stream/diskio/manifest.yml
I think this is missing from a few data streams in that package.
Thanks for finding this out. I'll raise a PR.
There's one particular error showing up after giving all necessary privileges in unprivileged mode.
Could not return any performance counter values for \\.\C: .Error: Access is denied.
DeviceIoControl
call.It tries to open a volume (not the filesystem) to fetch performance counters. As per this microsoft doc,
We can fix this error by giving administrative privileges to our unprivileged user. But isn't it the very thing we're trying to avoid?
Originally posted by @VihasMakwana in https://github.com/elastic/elastic-agent/issues/4705#issuecomment-2180956979