Elastic agents not showing up data for custom UDP integration

Elastic Stack Elastic Agent
,
1

Hi

I have a Fleet of Elastic Agents running on a fresh k8s cluster (running ECK 8.5.0). I added Custom UDP log integration (default namespace ,Listen port 9512 and Listen address 0.0.0.0,Dataset name: udp.generic) via Kibana but nothing shows up in Logs related to UDP)

agents
agents1255×314 41.1 KB

integrations
integrations1243×108 6.98 KB 

lab@master:~$ kubectl get nodes
NAME      STATUS   ROLES           AGE     VERSION
master    Ready    control-plane   2d15h   v1.25.4
worker1   Ready    <none>          2d15h   v1.25.4
worker2   Ready    <none>          2d15h   v1.25.4


lab@master:~$ kubectl get pods 
NAME                                             READY   STATUS    RESTARTS        AGE
elastic-agent-quickstart-agent-4x4c4             1/1     Running   1 (2d15h ago)   2d15h
elastic-agent-quickstart-agent-qcqxb             1/1     Running   0               2d15h
elastic-agent-quickstart-agent-zzjgc             1/1     Running   0               2d15h
elasticsearch-quickstart-es-default-0            1/1     Running   0               2d15h
fleet-server-quickstart-agent-559586c896-glcds   1/1     Running   0               2d15h
kibana-quickstart-kb-775cb74f6d-7xhpj            1/1     Running   0               2d15h
kibana-quickstart-kb-775cb74f6d-g8s6p            1/1     Running   0               2d15h
kibana-quickstart-kb-775cb74f6d-prsft            1/1     Running   0               2d15h



lab@master:~$ kubectl get svc
NAME                                        TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)    AGE
elasticsearch-quickstart-es-default         ClusterIP   None             <none>        9200/TCP   2d15h
elasticsearch-quickstart-es-http            ClusterIP   10.108.37.239    <none>        9200/TCP   2d15h
elasticsearch-quickstart-es-internal-http   ClusterIP   10.111.29.125    <none>        9200/TCP   2d15h
elasticsearch-quickstart-es-transport       ClusterIP   None             <none>        9300/TCP   2d15h
fleet-server-quickstart-agent-http          ClusterIP   10.106.49.142    <none>        8220/TCP   2d15h
kibana-quickstart-kb-http                   ClusterIP   10.107.172.205   <none>        5601/TCP   2d15h
kubernetes                                  ClusterIP   10.96.0.1        <none>        443/TCP    2d15h

UDP traffic is coming in the master server as see below

lab@master:~$ sudo tcpdump -i eth0 port 9512 -v -n

tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
10:17:54.957485 IP (tos 0x0, ttl 64, id 57405, offset 0, flags [none], proto **UDP** (17), length 82)
    10.54.13.224.514 > 10.54.18.16.9512: **9512**, length: 54
	Facility local7 (23), Severity info (6)
	Msg: Nov 14 02:17:36 CE1 last message repeated 5 times
10:17:54.957485 IP (tos 0x0, ttl 64, id 57406, offset 0, flags [none], proto UDP (17), length 154)
    10.54.13.224.514 > 10.54.18.16.9512: **9512**, length: 126
	Facility local7 (23), Severity info (6)
	Msg: Nov 14 02:17:52 CE1 mgd[68478]: %INTERACT-6-UI_CMDLINE_READ_LINE: User 'psagrera', command 'show pfe statistics traffic '
[....]

Looking on the logs from one of the PODs, I see only that :

root@elastic-agent-quickstart-agent-zzjgc:/usr/share/elastic-agent# cat /usr/share/elastic-agent/state/data/logs/default/filebeat-20221114-4.ndjson


{"log.level":"info","@timestamp":"2022-11-14T09:40:57.820Z","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":186},"message":"Non-zero metrics in the last 30s","service.name":"filebeat","monitoring":{"metrics":{"beat":{"cpu":{"system":{"ticks":11880,"time":{"ms":40}},"total":{"ticks":36160,"time":{"ms":100},"value":36160},"user":{"ticks":24280,"time":{"ms":60}}},"handles":{"limit":{"hard":1048576,"soft":1048576},"open":17},"info":{"ephemeral_id":"5ed109d9-4d7c-4ca8-b1ce-b207143bd8eb","uptime":{"ms":10956697},"version":"8.5.0"},"memstats":{"gc_next":20487144,"memory_alloc":15909752,"memory_total":813465336,"rss":124211200},"runtime":{"goroutines":71}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"output":{"events":{"active":0}},"pipeline":{"clients":1,"events":{"active":0}}},"registrar":{"states":{"current":0}},"system":{"load":{"1":0.79,"15":0.32,"5":0.46,"norm":{"1":0.0988,"15":0.04,"5":0.0575}}}},"ecs.version":"1.6.0"}}

I'm not able of seeing / finding nor indexes neither dataset related to UDP
I'm new on that topic so perhaps I'm doing something wrong here ...

Thanks in advance

2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.