Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[network_traffic] Redis fails with missing required field accessing 'hosts' #3525

Closed
belimawr opened this issue Jun 17, 2022 · 4 comments
Closed

[network_traffic] Redis fails with missing required field accessing 'hosts' #3525

belimawr opened this issue Jun 17, 2022 · 4 comments
Labels
bug Something isn't working, use only for issues Integration:network_traffic Network Packet Capture release-pending Team:Elastic-Agent-Data-Plane Label for the Agent Data Plane team [elastic/elastic-agent-data-plane]

Comments

@belimawr
Copy link
Contributor

  • Version: 8.2.3
  • OS: Win and Mac.

When enabling the "Capture network traffic" Filebeat will fail to start with the error: Error creating runner from config: missing required field accessing 'hosts'. See the Elastic-Agent status output.

Status: FAILED
Message: (no message)
Applications:
  * osquerybeat        (HEALTHY)
                       Running
  * packetbeat         (HEALTHY)
                       Running
  * endpoint-security  (HEALTHY)
                       Protecting with policy {4e3326b6-237c-4ba7-9f65-b30f646605f3}
  * filebeat           (FAILED)
                       1 error occurred:
                       * 1 error: Error creating runner from config: missing required field accessing 'hosts'


  * filebeat_monitoring    (HEALTHY)
                           Running
  * metricbeat_monitoring  (HEALTHY)
                           Running
  * metricbeat             (HEALTHY)
                           Running

This was originally posted on our Discuss, I tested on Windows and can confirm the issue. https://discuss.elastic.co/t/8-2-3-agent-unhealthy-when-network-packet-capture-integration-is-enabled-in-agent-policy/307396

I managed to narrow it down to the Redis input, the hosts setting is misting. Here is the configuration for this input generated by the integration:

  - id: packet-network_traffic.redis-6d7ac86a-30a8-4766-b14d-9e7e1359a5fe
    index: logs-network_traffic.redis-default
    meta:
      package:
        name: network_traffic
        version: 1.3.0
    name: network_traffic-1
    ports:
    - 6379
    processors:
    - add_fields:
        fields:
          dataset: network_traffic.redis
          namespace: default
          type: logs
        target: data_stream
    - add_fields:
        fields:
          dataset: network_traffic.redis
        target: event
    - add_fields:
        fields:
          id: c959e182-7a24-481c-bd32-0066c57530fd
          snapshot: false
          version: 8.2.3
        target: elastic_agent
    - add_fields:
        fields:
          id: c959e182-7a24-481c-bd32-0066c57530fd
        target: agent
    revision: 1
    type: redis
@belimawr belimawr added release-pending bug Something isn't working, use only for issues labels Jun 17, 2022
@elasticmachine
Copy link

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@jamiehynds jamiehynds added the Integration:network_traffic Network Packet Capture label Jun 17, 2022
@efd6
Copy link
Contributor

efd6 commented Jun 17, 2022

See elastic/elastic-agent#427

@efd6 efd6 added Team:Elastic-Agent-Data-Plane Label for the Agent Data Plane team [elastic/elastic-agent-data-plane] and removed Team:Security-External Integrations labels Jun 17, 2022
@elasticmachine
Copy link

Pinging @elastic/elastic-agent-data-plane (Team:Elastic-Agent-Data-Plane)

@cmacknz
Copy link
Member

cmacknz commented Jul 7, 2022

Duplicate of elastic/elastic-agent#427

@cmacknz cmacknz marked this as a duplicate of elastic/elastic-agent#427 Jul 7, 2022
@cmacknz cmacknz closed this as completed Jul 7, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working, use only for issues Integration:network_traffic Network Packet Capture release-pending Team:Elastic-Agent-Data-Plane Label for the Agent Data Plane team [elastic/elastic-agent-data-plane]
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@belimawr @cmacknz @elasticmachine @jamiehynds @efd6