elastic / elasticsearch

Free and Open Source, Distributed, RESTful Search Engine
https://www.elastic.co/products/elasticsearch
Other
1.12k stars 24.83k forks source link

Missing `.fleet-actions-results` Data Stream in Fleet Feature State for Get Snapshot API in Elasticsearch 8.14.3 #111931

Open naveens01 opened 2 months ago

naveens01 commented 2 months ago

Description

Elasticsearch Version

8.14.3

Problem Description

The Get snapshot API does not include the .fleet-actions-results system data stream in the fleet feature state information. This discrepancy is observed despite the data stream being present in the snapshot's data streams.

Steps to Reproduce

  1. Create a cluster with version 8.14.3 in ESS.
  2. Deploy an Elastic Agent with the Osquery Manager integration.
  3. Run a new live Osquery.
  4. Observe that the .fleet-actions-results data stream is created with the respective backing indices.
  5. Take a snapshot.
  6. Run the Get snapshot API on the same snapshot.
  7. Observe that the .fleet-actions-results system data stream is missing in the fleet feature state reported by the Get snapshot API.

Expected Behavior

The response from the Get snapshot API should include the .fleet-actions-results data stream under the fleet feature state, as shown in the example below:

{
  "indices": [
    ".fleet-agents-7",
    ".fleet-enrollment-api-keys-7",
    ".fleet-actions-7",
    ".fleet-policies-7",
    ".fleet-servers-7",
    ".fleet-policies-leader-7"
  ],
  "data_streams": [".fleet-actions-results"],
  "feature_name": "fleet"
}

JSON response (actual)

{
  "total": 1,
  "remaining": 0,
  "snapshots": [
    {
      "include_global_state": true,
      "uuid": "PSIEWRmOR1m5EzTiCZJANg",
      "repository": "found-snapshots",
      "duration_in_millis": 8821,
      "start_time": "2024-07-22T02:29:59.815Z",
      "shards": {
        "successful": 71,
        "failed": 0,
        "total": 71
      },
      "version_id": 8505000,
      "end_time_in_millis": 1721615408636,
      "state": "SUCCESS",
      "version": "8.14.0-8.14.2",
      "snapshot": "cloud-snapshot-2024.07.22-wpnxv4hmqzqb3vewczcjvq",
      "end_time": "2024-07-22T02:30:08.636Z",
      "feature_states": [
        {
          "indices": [
            ".security-tokens-7",
            ".security-7",
            ".security-profile-8"
          ],
          "feature_name": "security"
        },
        {
          "indices": [
            ".kibana_8.14.3_001",
            ".kibana_security_solution_8.14.3_001",
            ".apm-custom-link",
            ".kibana_ingest_8.14.3_001",
            ".apm-agent-configuration",
            ".kibana_analytics_8.14.3_001",
            ".kibana_security_session_1",
            ".kibana_alerting_cases_8.14.3_001",
            ".kibana_task_manager_8.14.3_001"
          ],
          "feature_name": "kibana"
        },
        {
          "indices": [
            ".geoip_databases"
          ],
          "feature_name": "geoip"
        },
        {
          "indices": [
            ".transform-internal-007"
          ],
          "feature_name": "transform"
        },
        {
          "indices": [
            ".fleet-agents-7",
            ".fleet-enrollment-api-keys-7",
            ".fleet-actions-7",
            ".fleet-policies-7",
            ".fleet-servers-7",
            ".fleet-policies-leader-7"
          ],
          "feature_name": "fleet"
        }
      ],
      "data_streams": [
        ".fleet-actions-results"
      ],
      "start_time_in_millis": 1721615399815,
      "metadata": {
        "policy": "cloud-snapshot-policy"
      }
    }
  ]
}
elasticsearchmachine commented 2 months ago

Pinging @elastic/es-data-management (Team:Data Management)