Elastic Agent stopped sending certain data streams

The1WhoPrtNocks · March 12, 2021, 4:30pm

Hi,

I have deployed the agent along with the windows intergration. As part of this I wanted to collect Powershell logs.
This was working fine however at 20:31:49.750 yestarday I received my last powershell log on the "windows.powershell" data.stream.

No changes were made on the host side or for the elastic agent or policy. I can not find any explanation or error codes around this.

I have also taken a look at a seperate instance and it seems that the same has occured there i.e. the data stream was up and functioning and after a certain point no more powershell logs have been shipped.

Can anyone advise on where to look for an explanation for this and a potential fix ?

Thanks in advance.

finbarr996 · March 15, 2021, 11:30am

Hi there,
Is it just this one stream that has stopped shipping, or has everything from that particular host also stopping coming in?

The1WhoPrtNocks · March 16, 2021, 12:07pm

Hi @finbarr996 ,

The I am still getting other streams from the device, the local Powershell logs are also still being crated on the host.

Luke

finbarr996 · March 18, 2021, 12:48am

Okay - sorry, in that case I can't assist, it's beyond my skill level.
If you do figure out the answer, do please post it here.

Cheers,
John.

The1WhoPrtNocks · April 1, 2021, 8:31am

Hi @finbarr996 ,

no need to apologies, i appreciate you taking the time to ask the questions .

The1WhoPrtNocks · April 6, 2021, 2:44pm

For anyone who stumbles across this the issue seems to have been fixed by upgrading from 7.10.1 to 7.12.0 .

system · May 4, 2021, 2:45pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.