Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Metricbeat] Missing process information on Windows #29741

Open
breml opened this issue Jan 7, 2022 · 6 comments
Open

[Metricbeat] Missing process information on Windows #29741

breml opened this issue Jan 7, 2022 · 6 comments
Labels
Stalled Team:Elastic-Agent Label for the Agent team

Comments

@breml
Copy link
Contributor

breml commented Jan 7, 2022
edited
Loading

We use Metricbeat on Linux as well as on Windows to monitor processes with the process metricset of the system module. For one of our use cases, we would like to evaluate the fields process.working_directory and process.executable, which are available for the Linux hosts, but are missing for the Windows hosts.

On Windows (Microsoft Windows Server 2019 Datacenter), metricbeat is executed as service with "Local System account" privileges.

I did some research in the source code and it looks like https://github.com/elastic/gosigar is used to collect the process information (https://github.com/elastic/beats/blob/master/libbeat/metric/system/process/process.go#L124-L127), but this is not implemented for Windows (https://github.com/elastic/gosigar/blob/master/sigar_windows.go#L47-L49).

On the other hand, there is code to collect e.g. the working directory in https://github.com/elastic/go-sysinfo (https://github.com/elastic/go-sysinfo/blob/main/providers/windows/process_windows.go#L127-L147) so the question is, if this can be used instead or if gosigar can be updated accordingly.
@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Jan 7, 2022
@ChrsMark ChrsMark added the Team:Elastic-Agent Label for the Agent team label Jan 10, 2022
@elasticmachine
Copy link
Collaborator

Pinging @elastic/elastic-agent (Team:Elastic-Agent)

@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label Jan 10, 2022
@botelastic
Copy link

botelastic bot commented Jan 10, 2023

Hi!
We just realized that we haven't looked into this issue in a while. We're sorry!

We're labeling this issue as Stale to make it hit our filters and make sure we get back to it as soon as possible. In the meantime, it'd be extremely helpful if you could take a look at it as well and confirm its relevance. A simple comment with a nice emoji will be enough :+1.
Thank you for your contribution!

@botelastic botelastic bot added the Stalled label Jan 10, 2023
@breml
Copy link
Contributor Author

breml commented Jan 10, 2023

👍🏻

@botelastic botelastic bot removed the Stalled label Jan 10, 2023
@botelastic
Copy link

botelastic bot commented Jan 10, 2024

Hi!
We just realized that we haven't looked into this issue in a while. We're sorry!

We're labeling this issue as Stale to make it hit our filters and make sure we get back to it as soon as possible. In the meantime, it'd be extremely helpful if you could take a look at it as well and confirm its relevance. A simple comment with a nice emoji will be enough :+1.
Thank you for your contribution!

@botelastic botelastic bot added the Stalled label Jan 10, 2024
@breml
Copy link
Contributor Author

breml commented Jan 10, 2024

👍🏻

@botelastic botelastic bot removed the Stalled label Jan 10, 2024
@botelastic
Copy link

botelastic bot commented Jan 9, 2025

Hi!
We just realized that we haven't looked into this issue in a while. We're sorry!

We're labeling this issue as Stale to make it hit our filters and make sure we get back to it as soon as possible. In the meantime, it'd be extremely helpful if you could take a look at it as well and confirm its relevance. A simple comment with a nice emoji will be enough :+1.
Thank you for your contribution!

@botelastic botelastic bot added the Stalled label Jan 9, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Stalled Team:Elastic-Agent Label for the Agent team
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@breml @ChrsMark @elasticmachine