Open buzzdeee opened 1 month ago
Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)
@buzzdeee This is a known issue with the input. It is fixed by elastic/beats#40144 which will be in the next 8.15 release. It is indicative of HTTP retry max-outs, so the work around in the meantime is to increase the max retries and investigate if there are any issues with your network.
Integration Name
CrowdStrike Falcon Intelligence [ti_crowdstrike]
Integration Version
1.1.2
Agent Version
8.14.2
Agent Output Type
elasticsearch
Elasticsearch Version
8.14.2
OS Version and Architecture
Ubuntu 22.04.4 LTS
Software/API Version
No response
Error Message
[failed eval: internal error: runtime error: invalid memory address or nil pointer dereference, Processor json with tag json_event_original in pipeline logs-ti_crowdstrike.ioc-1.1.2 failed with message: field [original] not present as part of path [event.original]]
Event Original
not having "Preserve original event" enabled, have enabled it now, not sure if I'll see it again.
Anything else?
No response