Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Linux Integrations] [Auditbeat] Missing Fields causing Mapping conflicts #38989

Closed
Omolola-Akinleye opened this issue Apr 16, 2024 · 2 comments · Fixed by #38994
Closed

[Linux Integrations] [Auditbeat] Missing Fields causing Mapping conflicts #38989

Omolola-Akinleye opened this issue Apr 16, 2024 · 2 comments · Fixed by #38994
Assignees
@mjwolf
Labels
bug Team:Security-Linux Platform Linux Platform Team in Security Solution

Comments

@Omolola-Akinleye
Copy link

Omolola-Akinleye commented Apr 16, 2024
edited
Loading

When looking at the Data View, I see there are some mapping conflicts where host.pid_ns_ino, process.entry_leader.start, process.group_leader.start, and process.session_leader.start.

For confirmed bugs, please report:

  • Version: 8.14.0
  • Operating System: Linux

See Session View Credentials

  1. Go to Stacks Management> Data Views
  2. Select .alerts-security.alerts-default,apm-*-transaction*,auditbeat-*,endgame-*,filebeat-*,logs-*,packetbeat-*,traces-apm*,winlogbeat-*,-*elastic-cloud-logs-* index
  3. Click View Conflicts under Mapping conflicts
  4. Click edit icon and you see field value is not set
image 5. Copy `_id` value and query `_id` in Discover image
@Omolola-Akinleye Omolola-Akinleye added the Team:Security-Linux Platform Linux Platform Team in Security Solution label Apr 16, 2024
@elasticmachine
Copy link
Collaborator

Pinging @elastic/sec-linux-platform (Team:Security-Linux Platform)

@mjwolf mjwolf linked a pull request Apr 22, 2024 that will close this issue
Update ECS in auditbeat sessionmd processor #38994
Merged
6 tasks
@mjwolf
Copy link
Contributor

mjwolf commented Apr 22, 2024

Completed with #38994

@mjwolf mjwolf closed this as completed Apr 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mjwolf mjwolf

Labels
bug Team:Security-Linux Platform Linux Platform Team in Security Solution
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update ECS in auditbeat sessionmd processor mjwolf/beats
4 participants
@mjwolf @elasticmachine @Omolola-Akinleye @norrietaylor