Has anyone tried the CSPM function for AWS?
I'm playing around with it but can't get the integration to work. There are some logs coming in from cloudbeat, but still no results in CSPM dashboard.
Didn't want to touch the cloudformation stuffs, so I'm using "direct access keys" for integration.
Any idea what I'm missing here? Or where to start troubleshooting?
Hello,
I would like to get more context in order to diagnose the problem.
If you can please provide the following:
cloudbeat logs (can be collected via agent diagnostics - Troubleshoot common problems | Fleet and Elastic Agent Guide [8.13] | Elastic or directly from the logs index)..ds-logs-cloud_security_posture.findings-* index.cloud_security_posture.findings_latest transform.Thank you.
Diagostic logs:
{"log.level":"debug","@timestamp":"2024-04-30T20:09:13.494Z","message":"Error reading from connection: read tcp 172.31.43.129:46452->103.164.234.235:9201: use of closed network connection","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"system/metrics-default","type":"system/metrics"},"log":{"source":"system/metrics-default"},"address":"103.164.234.235:9201","log.origin":{"file.line":50,"file.name":"transport/logging.go","function":"github.com/elastic/elastic-agent-libs/transport.(*loggingConn).Read"},"log.logger":"esclientleg","service.name":"metricbeat","network":"tcp","ecs.version":"1.6.0","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-04-30T20:09:14.045Z","message":"Non-zero metrics in the last 30s","component":{"binary":"cloudbeat","dataset":"elastic_agent.cloudbeat","id":"cloudbeat/cis_aws-default","type":"cloudbeat/cis_aws"},"log":{"source":"cloudbeat/cis_aws-default"},"log.origin":{"file.line":187,"file.name":"log/log.go","function":"github.com/elastic/beats/v7/libbeat/monitoring/report/log.(*reporter).logSnapshot"},"service.name":"cloudbeat","monitoring":{"ecs.version":"1.6.0","metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":659963904}}}},"cpu":{"system":{"ticks":1040},"total":{"ticks":70660,"time":{"ms":90},"value":70660},"user":{"ticks":69620,"time":{"ms":90}}},"handles":{"limit":{"hard":65535,"soft":65535},"open":12},"info":{"ephemeral_id":"b5cec782-8584-4540-982c-79405b679e76","uptime":{"ms":72122731},"version":"8.13.2"},"memstats":{"gc_next":117301864,"memory_alloc":58297960,"memory_total":2209799072,"rss":163725312},"runtime":{"goroutines":38}},"libbeat":{"config":{"module":{"running":0}},"output":{"events":{"active":0},"write":{"latency":{"histogram":{"count":0,"max":0,"mean":0,"median":0,"min":0,"p75":0,"p95":0,"p99":0,"p999":0,"stddev":0}}}},"pipeline":{"clients":1,"events":{"active":0}}},"system":{"load":{"1":0,"15":0,"5":0,"norm":{"1":0,"15":0,"5":0}}}}},"log.logger":"monitoring","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-04-30T20:09:15.203Z","message":"End of file reached: /opt/Elastic/Agent/data/elastic-agent-8.13.2-6d53d8/logs/elastic-agent-20240430-53.ndjson; Backoff now.","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"filestream-monitoring","type":"filestream"},"log":{"source":"filestream-monitoring"},"source_file":"filestream::filestream-monitoring-agent::native::9313817-51713","path":"/opt/Elastic/Agent/data/elastic-agent-8.13.2-6d53d8/logs/elastic-agent-20240430-53.ndjson","ecs.version":"1.6.0","service.name":"filebeat","id":"filestream-monitoring-agent","state-id":"native::9313817-51713","log.logger":"input.filestream","log.origin":{"file.line":131,"file.name":"filestream/filestream.go","function":"github.com/elastic/beats/v7/filebeat/input/filestream.(*logFile).Read"},"ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-04-30T20:09:17.156Z","message":"End of file reached: /opt/Elastic/Agent/data/elastic-agent-8.13.2-6d53d8/logs/elastic-agent-20240430-52.ndjson; Backoff now.","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"filestream-monitoring","type":"filestream"},"log":{"source":"filestream-monitoring"},"log.logger":"input.filestream","log.origin":{"file.line":131,"file.name":"filestream/filestream.go","function":"github.com/elastic/beats/v7/filebeat/input/filestream.(*logFile).Read"},"id":"filestream-monitoring-agent","source_file":"filestream::filestream-monitoring-agent::native::9698241-51713","path":"/opt/Elastic/Agent/data/elastic-agent-8.13.2-6d53d8/logs/elastic-agent-20240430-52.ndjson","service.name":"filebeat","state-id":"native::9698241-51713","ecs.version":"1.6.0","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-04-30T20:09:17.203Z","message":"End of file reached: /opt/Elastic/Agent/data/elastic-agent-8.13.2-6d53d8/logs/elastic-agent-20240430-53.ndjson; Backoff now.","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"filestream-monitoring","type":"filestream"},"log":{"source":"filestream-monitoring"},"service.name":"filebeat","id":"filestream-monitoring-agent","state-id":"native::9313817-51713","ecs.version":"1.6.0","log.logger":"input.filestream","log.origin":{"file.line":131,"file.name":"filestream/filestream.go","function":"github.com/elastic/beats/v7/filebeat/input/filestream.(*logFile).Read"},"source_file":"filestream::filestream-monitoring-agent::native::9313817-51713","path":"/opt/Elastic/Agent/data/elastic-agent-8.13.2-6d53d8/logs/elastic-agent-20240430-53.ndjson","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-04-30T20:09:17.456Z","message":"Run input","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"log-default","type":"log"},"log":{"source":"log-default"},"log.logger":"input","log.origin":{"file.line":137,"file.name":"input/input.go","function":"github.com/elastic/beats/v7/filebeat/input.(*Runner).Run"},"service.name":"filebeat","ecs.version":"1.6.0","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-04-30T20:09:17.456Z","message":"Start next scan","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"log-default","type":"log"},"log":{"source":"log-default"},"log.logger":"input","log.origin":{"file.line":228,"file.name":"log/input.go","function":"github.com/elastic/beats/v7/filebeat/input/log.(*Input).Run"},"service.name":"filebeat","input_id":"9a331626-ed4d-4762-866a-39cf3737637b","ecs.version":"1.6.0","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-04-30T20:09:17.456Z","message":"input states cleaned up. Before: 0, After: 0, Pending: 0","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"log-default","type":"log"},"log":{"source":"log-default"},"input_id":"9a331626-ed4d-4762-866a-39cf3737637b","ecs.version":"1.6.0","log.logger":"input","log.origin":{"file.line":292,"file.name":"log/input.go","function":"github.com/elastic/beats/v7/filebeat/input/log.(*Input).cleanupStates"},"service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-04-30T20:09:17.746Z","message":"Run input","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"log-default","type":"log"},"log":{"source":"log-default"},"ecs.version":"1.6.0","log.logger":"input","log.origin":{"file.line":137,"file.name":"input/input.go","function":"github.com/elastic/beats/v7/filebeat/input.(*Runner).Run"},"service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-04-30T20:09:17.746Z","message":"Start next scan","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"log-default","type":"log"},"log":{"source":"log-default"},"ecs.version":"1.6.0","log.logger":"input","log.origin":{"file.line":228,"file.name":"log/input.go","function":"github.com/elastic/beats/v7/filebeat/input/log.(*Input).Run"},"service.name":"filebeat","input_id":"1ee1bf89-ae05-4fa5-92e0-eecaf088ccee","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-04-30T20:09:17.746Z","message":"input states cleaned up. Before: 0, After: 0, Pending: 0","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"log-default","type":"log"},"log":{"source":"log-default"},"log.origin":{"file.line":292,"file.name":"log/input.go","function":"github.com/elastic/beats/v7/filebeat/input/log.(*Input).cleanupStates"},"service.name":"filebeat","input_id":"1ee1bf89-ae05-4fa5-92e0-eecaf088ccee","ecs.version":"1.6.0","log.logger":"input","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-04-30T20:09:19.200Z","message":"Completed dialing successfully","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"filestream-monitoring","type":"filestream"},"log":{"source":"filestream-monitoring"},"address":"103.164.234.235:9201","ecs.version":"1.6.0","log.logger":"esclientleg","log.origin":{"file.line":42,"file.name":"transport/logging.go","function":"github.com/elastic/elastic-agent-libs/transport/httpcommon.(*HTTPTransportSettings).RoundTripper.LoggingDialer.func2"},"service.name":"filebeat","network":"tcp","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-04-30T20:09:19.205Z","message":"End of file reached: /opt/Elastic/Agent/data/elastic-agent-8.13.2-6d53d8/logs/elastic-agent-20240430-53.ndjson; Backoff now.","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"filestream-monitoring","type":"filestream"},"log":{"source":"filestream-monitoring"},"log.logger":"input.filestream","log.origin":{"file.line":131,"file.name":"filestream/filestream.go","function":"github.com/elastic/beats/v7/filebeat/input/filestream.(*logFile).Read"},"source_file":"filestream::filestream-monitoring-agent::native::9313817-51713","service.name":"filebeat","id":"filestream-monitoring-agent","path":"/opt/Elastic/Agent/data/elastic-agent-8.13.2-6d53d8/logs/elastic-agent-20240430-53.ndjson","state-id":"native::9313817-51713","ecs.version":"1.6.0","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-04-30T20:09:19.258Z","message":"PublishEvents: 92 events have been published to elasticsearch in 110.026348ms.","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"filestream-monitoring","type":"filestream"},"log":{"source":"filestream-monitoring"},"service.name":"filebeat","ecs.version":"1.6.0","log.logger":"elasticsearch","log.origin":{"file.line":268,"file.name":"elasticsearch/client.go","function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).publishEvents"},"ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-04-30T20:09:19.258Z","message":"stateless ack","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"filestream-monitoring","type":"filestream"},"log":{"source":"filestream-monitoring"},"ecs.version":"1.6.0","log.logger":"acker","log.origin":{"file.line":64,"file.name":"beater/acker.go","function":"github.com/elastic/beats/v7/filebeat/beater.eventACKer.func1"},"service.name":"filebeat","count":30,"ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-04-30T20:09:19.258Z","message":"stateless ack","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"filestream-monitoring","type":"filestream"},"log":{"source":"filestream-monitoring"},"log.origin":{"file.line":64,"file.name":"beater/acker.go","function":"github.com/elastic/beats/v7/filebeat/beater.eventACKer.func1"},"service.name":"filebeat","count":91,"ecs.version":"1.6.0","log.logger":"acker","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-04-30T20:09:19.258Z","message":"ackloop: return ack to broker loop:92","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"filestream-monitoring","type":"filestream"},"log":{"source":"filestream-monitoring"},"log.origin":{"file.line":84,"file.name":"memqueue/ackloop.go","function":"github.com/elastic/beats/v7/libbeat/publisher/queue/memqueue.(*ackLoop).handleBatchSig"},"service.name":"filebeat","ecs.version":"1.6.0","log.logger":"publisher","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-04-30T20:09:19.258Z","message":"ackloop: done send ack","component":{"binary":"filebeat","dataset":"elastic_agent.filebeat","id":"filestream-monitoring","type":"filestream"},"log":{"source":"filestream-monitoring"},"log.logger":"publisher","log.origin":{"file.line":86,"file.name":"memqueue/ackloop.go","function":"github.com/elastic/beats/v7/libbeat/publisher/queue/memqueue.(*ackLoop).handleBatchSig"},"service.name":"filebeat","ecs.version":"1.6.0","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-04-30T20:09:20.459Z","message":"Completed dialing successfully","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"system/metrics-default","type":"system/metrics"},"log":{"source":"system/metrics-default"},"service.name":"metricbeat","network":"tcp","address":"103.164.234.235:9201","ecs.version":"1.6.0","log.logger":"esclientleg","log.origin":{"file.line":42,"file.name":"transport/logging.go","function":"github.com/elastic/elastic-agent-libs/transport/httpcommon.(*HTTPTransportSettings).RoundTripper.LoggingDialer.func2"},"ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-04-30T20:09:20.485Z","message":"PublishEvents: 26 events have been published to elasticsearch in 73.666254ms.","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"system/metrics-default","type":"system/metrics"},"log":{"source":"system/metrics-default"},"ecs.version":"1.6.0","log.logger":"elasticsearch","log.origin":{"file.line":268,"file.name":"elasticsearch/client.go","function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.(*Client).publishEvents"},"service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-04-30T20:09:20.485Z","message":"ackloop: return ack to broker loop:26","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"system/metrics-default","type":"system/metrics"},"log":{"source":"system/metrics-default"},"log.origin":{"file.line":84,"file.name":"memqueue/ackloop.go","function":"github.com/elastic/beats/v7/libbeat/publisher/queue/memqueue.(*ackLoop).handleBatchSig"},"service.name":"metricbeat","ecs.version":"1.6.0","log.logger":"publisher","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-04-30T20:09:20.485Z","message":"ackloop: done send ack","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"system/metrics-default","type":"system/metrics"},"log":{"source":"system/metrics-default"},"service.name":"metricbeat","ecs.version":"1.6.0","log.logger":"publisher","log.origin":{"file.line":86,"file.name":"memqueue/ackloop.go","function":"github.com/elastic/beats/v7/libbeat/publisher/queue/memqueue.(*ackLoop).handleBatchSig"},"ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-04-30T20:09:20.497Z","message":"Error fetching PID info for 2, skipping: FillPidMetrics: error getting metadata for pid 2: error fetching exe from pid 2: readlink /proc/2/exe: no such file or directory","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"system/metrics-default","type":"system/metrics"},"log":{"source":"system/metrics-default"},"log.logger":"processes","log.origin":{"file.line":173,"file.name":"process/process.go","function":"github.com/elastic/elastic-agent-system-metrics/metric/system/process.(*Stats).pidIter"},"service.name":"metricbeat","ecs.version":"1.6.0","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-04-30T20:09:20.497Z","message":"Error fetching PID info for 3, skipping: FillPidMetrics: error getting metadata for pid 3: error fetching exe from pid 3: readlink /proc/3/exe: no such file or directory","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"system/metrics-default","type":"system/metrics"},"log":{"source":"system/metrics-default"},"service.name":"metricbeat","ecs.version":"1.6.0","log.logger":"processes","log.origin":{"file.line":173,"file.name":"process/process.go","function":"github.com/elastic/elastic-agent-system-metrics/metric/system/process.(*Stats).pidIter"},"ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-04-30T20:09:20.497Z","message":"Error fetching PID info for 4, skipping: FillPidMetrics: error getting metadata for pid 4: error fetching exe from pid 4: readlink /proc/4/exe: no such file or directory","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"system/metrics-default","type":"system/metrics"},"log":{"source":"system/metrics-default"},"log.logger":"processes","log.origin":{"file.line":173,"file.name":"process/process.go","function":"github.com/elastic/elastic-agent-system-metrics/metric/system/process.(*Stats).pidIter"},"service.name":"metricbeat","ecs.version":"1.6.0","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-04-30T20:09:20.497Z","message":"Error fetching PID info for 5, skipping: FillPidMetrics: error getting metadata for pid 5: error fetching exe from pid 5: readlink /proc/5/exe: no such file or directory","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"system/metrics-default","type":"system/metrics"},"log":{"source":"system/metrics-default"},"log.logger":"processes","log.origin":{"file.line":173,"file.name":"process/process.go","function":"github.com/elastic/elastic-agent-system-metrics/metric/system/process.(*Stats).pidIter"},"service.name":"metricbeat","ecs.version":"1.6.0","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-04-30T20:09:20.498Z","message":"Error fetching PID info for 6, skipping: FillPidMetrics: error getting metadata for pid 6: error fetching exe from pid 6: readlink /proc/6/exe: no such file or directory","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"system/metrics-default","type":"system/metrics"},"log":{"source":"system/metrics-default"},"log.logger":"processes","log.origin":{"file.line":173,"file.name":"process/process.go","function":"github.com/elastic/elastic-agent-system-metrics/metric/system/process.(*Stats).pidIter"},"service.name":"metricbeat","ecs.version":"1.6.0","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-04-30T20:09:20.498Z","message":"Error fetching PID info for 8, skipping: FillPidMetrics: error getting metadata for pid 8: error fetching exe from pid 8: readlink /proc/8/exe: no such file or directory","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"system/metrics-default","type":"system/metrics"},"log":{"source":"system/metrics-default"},"ecs.version":"1.6.0","log.logger":"processes","log.origin":{"file.line":173,"file.name":"process/process.go","function":"github.com/elastic/elastic-agent-system-metrics/metric/system/process.(*Stats).pidIter"},"service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-04-30T20:09:20.498Z","message":"Error fetching PID info for 10, skipping: FillPidMetrics: error getting metadata for pid 10: error fetching exe from pid 10: readlink /proc/10/exe: no such file or directory","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"system/metrics-default","type":"system/metrics"},"log":{"source":"system/metrics-default"},"log.logger":"processes","log.origin":{"file.line":173,"file.name":"process/process.go","function":"github.com/elastic/elastic-agent-system-metrics/metric/system/process.(*Stats).pidIter"},"service.name":"metricbeat","ecs.version":"1.6.0","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-04-30T20:09:20.499Z","message":"Error fetching PID info for 11, skipping: FillPidMetrics: error getting metadata for pid 11: error fetching exe from pid 11: readlink /proc/11/exe: no such file or directory","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"system/metrics-default","type":"system/metrics"},"log":{"source":"system/metrics-default"},"log.origin":{"file.line":173,"file.name":"process/process.go","function":"github.com/elastic/elastic-agent-system-metrics/metric/system/process.(*Stats).pidIter"},"service.name":"metricbeat","ecs.version":"1.6.0","log.logger":"processes","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-04-30T20:09:20.499Z","message":"Error fetching PID info for 12, skipping: FillPidMetrics: error getting metadata for pid 12: error fetching exe from pid 12: readlink /proc/12/exe: no such file or directory","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"system/metrics-default","type":"system/metrics"},"log":{"source":"system/metrics-default"},"log.logger":"processes","log.origin":{"file.line":173,"file.name":"process/process.go","function":"github.com/elastic/elastic-agent-system-metrics/metric/system/process.(*Stats).pidIter"},"service.name":"metricbeat","ecs.version":"1.6.0","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-04-30T20:09:20.499Z","message":"Error fetching PID info for 13, skipping: FillPidMetrics: error getting metadata for pid 13: error fetching exe from pid 13: readlink /proc/13/exe: no such file or directory","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"system/metrics-default","type":"system/metrics"},"log":{"source":"system/metrics-default"},"log.logger":"processes","log.origin":{"file.line":173,"file.name":"process/process.go","function":"github.com/elastic/elastic-agent-system-metrics/metric/system/process.(*Stats).pidIter"},"service.name":"metricbeat","ecs.version":"1.6.0","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-04-30T20:09:20.500Z","message":"Error fetching PID info for 14, skipping: FillPidMetrics: error getting metadata for pid 14: error fetching exe from pid 14: readlink /proc/14/exe: no such file or directory","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"system/metrics-default","type":"system/metrics"},"log":{"source":"system/metrics-default"},"log.origin":{"file.line":173,"file.name":"process/process.go","function":"github.com/elastic/elastic-agent-system-metrics/metric/system/process.(*Stats).pidIter"},"service.name":"metricbeat","ecs.version":"1.6.0","log.logger":"processes","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-04-30T20:09:20.500Z","message":"Error fetching PID info for 15, skipping: FillPidMetrics: error getting metadata for pid 15: error fetching exe from pid 15: readlink /proc/15/exe: no such file or directory","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"system/metrics-default","type":"system/metrics"},"log":{"source":"system/metrics-default"},"ecs.version":"1.6.0","log.logger":"processes","log.origin":{"file.line":173,"file.name":"process/process.go","function":"github.com/elastic/elastic-agent-system-metrics/metric/system/process.(*Stats).pidIter"},"service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-04-30T20:09:20.500Z","message":"Error fetching PID info for 16, skipping: FillPidMetrics: error getting metadata for pid 16: error fetching exe from pid 16: readlink /proc/16/exe: no such file or directory","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"system/metrics-default","type":"system/metrics"},"log":{"source":"system/metrics-default"},"log.logger":"processes","log.origin":{"file.line":173,"file.name":"process/process.go","function":"github.com/elastic/elastic-agent-system-metrics/metric/system/process.(*Stats).pidIter"},"service.name":"metricbeat","ecs.version":"1.6.0","ecs.version":"1.6.0"}
{"log.level":"debug","@timestamp":"2024-04-30T20:09:20.501Z","message":"Error fetching PID info for 18, skipping: FillPidMetrics: error getting metadata for pid 18: error fetching exe from pid 18: readlink /proc/18/exe: no such file or directory","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"system/metrics-default","type":"system/metrics"},"log":{"source":"system/metrics-default"},"service.name":"metricbeat","ecs.version":"1.6.0","log.logger":"processes","log.origin":{"file.line":173,"file.name":"process/process.go","function":"github.com/elastic/elastic-agent-system-metrics/metric/system/process.(*Stats).pidIter"},"ecs.version":"1.6.0"}
There's no index for .ds-logs-cloud_security_posture.findings-*.
On cloud_security_posture.findings_latest, this is the state. Note that it is showing "Warning", most likely because I don't have a replica shard setup (this is a single node elastic for testing):
I've noticed that the provided logs are presumably partial (about 7 seconds):
2024-04-30T20:09:13.494Z - 2024-04-30T20:09:20.501Z
This is not enough in order to understand what is the problem and the only log from cloudbeat that I see is:
{"log.level":"info","@timestamp":"2024-04-30T20:09:14.045Z","message":"Non-zero metrics in the last 30s","component":{"binary":"cloudbeat","dataset":"elastic_agent.cloudbeat","id":"cloudbeat/cis_aws-default","type":"cloudbeat/cis_aws"},"log":{"source":"cloudbeat/cis_aws-default"},"log.origin":{"file.line":187,"file.name":"log/log.go","function":"github.com/elastic/beats/v7/libbeat/monitoring/report/log.(*reporter).logSnapshot"},"service.name":"cloudbeat","monitoring":{"ecs.version":"1.6.0","metrics":{"beat":{"cgroup":{"memory":{"mem":{"usage":{"bytes":659963904}}}},"cpu":{"system":{"ticks":1040},"total":{"ticks":70660,"time":{"ms":90},"value":70660},"user":{"ticks":69620,"time":{"ms":90}}},"handles":{"limit":{"hard":65535,"soft":65535},"open":12},"info":{"ephemeral_id":"b5cec782-8584-4540-982c-79405b679e76","uptime":{"ms":72122731},"version":"8.13.2"},"memstats":{"gc_next":117301864,"memory_alloc":58297960,"memory_total":2209799072,"rss":163725312},"runtime":{"goroutines":38}},"libbeat":{"config":{"module":{"running":0}},"output":{"events":{"active":0},"write":{"latency":{"histogram":{"count":0,"max":0,"mean":0,"median":0,"min":0,"p75":0,"p95":0,"p99":0,"p999":0,"stddev":0}}}},"pipeline":{"clients":1,"events":{"active":0}}},"system":{"load":{"1":0,"15":0,"5":0,"norm":{"1":0,"15":0,"5":0}}}}},"log.logger":"monitoring","ecs.version":"1.6.0"}
Is it possible to get the full diagnostics archive or the logs folder? I assume that what you've provided is a partial snippet of the logs that are available there?
Just to clarify about the findings index. If you search the indexes (including the hidden indexes), you do not see the .ds-logs-cloud_security_posture.findings-* pattern index?
Thank you.
Yes, it is just a snippet. I've send you through DM to download the entire folder.
At the same time, I've just restarted the agent, might be able to see more things when the agent is initializing.
And yes, searched both the visible and hidden indexes, there's no .ds-logs-cloud_security_posture.findings-*
Thanks again for helping.
I noticed that you get an AccessDenied error when attempting to AssumeRole via STS. This is needed in order to trigger the ListAccounts API.
This flow happens when you deploy with the Organization option.
You've stated in your initial message:
Didn't want to touch the cloudformation stuffs, so I'm using "direct access keys" for integration.
In order to use the manual approach you need to make sure that you configure the necessary permissions and policies.
You can follow this documentation:
It should resolve your issue.
Thank you.
Alright. Thanks for the help!
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
