search

elastic / integrations

Elastic Integrations
https://www.elastic.co/integrations
Other
38 stars 449 forks source link

[infoblox_nios]: error.messages #10918

Closed zez3 closed 2 months ago

zez3 commented 3 months ago

Integration Name

Infoblox NIOS [infoblox_nios]

Dataset Name

infoblox_nios

Integration Version

1.2.3

Agent Version

8.15.0

Agent Output Type

elasticsearch

Elasticsearch Version

8.15.0

OS Version and Architecture

Ubuntu 22.04 LTS (x86_64)

Software/API Version

No response

Error Message

error.message field [created] not present as part of path [event.created]

Event Original

<46>Aug 25 01:50:36 1.2.3.4 -- MARK -- <46>Aug 24 19:50:09 1.2.3.4 -- MARK -- ### What did you do? Fleet managed agents behind a LB ### What did you see? { "_index": ".ds-logs-infoblox_nios.log-ece_infoblox-2024.08.19-000434", "_id": "97uChZEBkrAyel8jiEBZ", "_version": 1, "_score": 0, "_source": { "input": { "type": "udp" }, "agent": { "name": "some.host", "id": "2557a635-d2ea-4aed-98ba-0fce5f3b82a8", "ephemeral_id": "947c8f1a-76a9-4000-8e62-e9ca4c720878", "type": "filebeat", "version": "8.15.0" }, "@timestamp": "2024-08-24T17:50:09.143Z", "ecs": { "version": "8.11.0" }, "log": { "source": { "address": "1.2.3.4:40845" } }, "data_stream": { "namespace": "ece_infoblox", "type": "logs", "dataset": "infoblox_nios.log" }, "elastic_agent": { "id": "2557a635-d2ea-4aed-98ba-0fce5f3b82a8", "version": "8.15.0", "snapshot": false }, "event": { "agent_id_status": "verified", "ingested": "2024-08-24T17:50:09Z", "original": "<46>Aug 24 19:50:09 1.2.3.4 -- MARK --\n", "dataset": "infoblox_nios.log" }, "message": "<46>Aug 24 19:50:09 1.2.3.4 -- MARK --", "error": { "message": [ "field [created] not present as part of path [event.created]" ] }, "tags": [ "preserve_original_event", "forwarded", "infoblox_nios-log" ] }, "fields": { "event.original": [ "<46>Aug 24 19:50:09 1.2.3.4 -- MARK --\n" ], "elastic_agent.version": [ "8.15.0" ], "elastic_agent.id": [ "2557a635-d2ea-4aed-98ba-0fce5f3b82a8" ], "data_stream.namespace": [ "ece_infoblox" ], "input.type": [ "udp" ], "message": [ "<46>Aug 24 19:50:09 11.22.33.44 -- MARK --" ], "data_stream.type": [ "logs" ], "tags": [ "preserve_original_event", "forwarded", "infoblox_nios-log" ], "agent.type": [ "filebeat" ], "event.ingested": [ "2024-08-24T17:50:09.000Z" ], "@timestamp": [ "2024-08-24T17:50:09.143Z" ], "agent.id": [ "2557a635-d2ea-4aed-98ba-0fce5f3b82a8" ], "agent.name.text": [ "agent.name" ], "ecs.version": [ "8.11.0" ], "error.message": [ "field [created] not present as part of path [event.created]" ], "log.source.address": [ "4.3.2.1:40845" ], "data_stream.dataset": [ "infoblox_nios.log" ], "agent.ephemeral_id": [ "947c8f1a-76a9-4000-8e62-e9ca4c720878" ], "agent.name": [ "some.agent" ], "agent.version": [ "8.15.0" ], "elastic_agent.snapshot": [ false ], "event.agent_id_status": [ "verified" ], "event.dataset": [ "infoblox_nios.log" ] } } ### What did you expect to see? no error ### Anything else? This it probably a split if the log if the outgoing log is to big? Probably not a RFC conform hack We should ignore the error and/or save it to the event.original Please see https://github.com/elastic/elasticsearch/issues/95534
zez3 commented 3 months ago

@Team:Security-Deployment and Devices

elasticmachine commented 3 months ago

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)