I'm receiving an error message on all of my endpoints utilizing the filebeat agent spawned by the System integration for Windows. I was wondering if it is based on the Java installation of my windows machines or the filebeat implementation.
Version: 7.14.0
data_stream.dataset: system.security
// Cannot invoke "java.util.Map.size()" because "m" is null
@mikemitchell thanks for using Endpoint. Apologies for the late reply.
Can you give some more information here? Are you seeing side effects of this error? For instance, are Endpoints not installing correctly at all? Are you able to get Agents/Endpoints enrolled and visible in the UI?
Or is this an error you're seeing in the Endpoint logs, but otherwise your Agents/Endpoints are running?
The only side effects of this error is the amount of logging it is causing. We are seeing about 20,000 logs per endpoint in the span of 6 minutes.
The endpoint agents and filebeat are running properly so we are unsure why we are getting these java errors. We are seeing the errors in the actual endpoint logs in Kibana and Elastic.
"error.message": [
"Cannot invoke \\\"java.util.Map.size()\\\" because \\\"m\\\" is null"
],This log is coming from the filebeat implementation of the endpoint policies for Windows Event logging
Could you share the full JSON event for one of these with the error.message to get more context on where and possibly why this is happening?
What version of the system integration are you running?
We are seeing the same error for Elastic Agent 7.14.1.
Agent type: filebeat
Windows Event ID: 5156
Message:
The Windows Filtering Platform has permitted a connection.
Application Information:
Process ID: 1132
Application Name: \device\harddiskvolume2\windows\system32\svchost.exeNetwork Information:
Direction: Inbound
Source Address: 224.0.0.252
Source Port: 5355
Destination Address: 172.16.0.205
Destination Port: 57972
Protocol: 17Filter Information:
Filter Run-Time ID: 0
Layer Name: Receive/Accept
Layer Run-Time ID: 44
I hope this helps something to fix this issue.
@acamro Could you please check what version of the system integration you have installed. The versioning of the integrations is independent of the Agent version.
I am seeing the same logs in my system as well. I am currently running Elastic Agent 7.15, and my system integration version is 1.4
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
