1 x3 node cluster 2 stand alone nodes all showing the same signs.
Elastic+ Java process is running at 100% CPU. CentOS 8.
Anyone else running into the issue. The same machines have been fine with the CPU and memory since version 7.0 and updated to 7.12. Only in 7.12 has it been problematic. It's causing SIEM rules to fail to run and it's the same subset that has been used in for the past 2 versions.
Edit:
Disabled all SIEM rules and it's normal.
Cannot use field [event.category] due to ambiguities being mapped as [2] incompatible types: [text] in [winlogbeat-7.12.0], [keyword] in [.ds-logs-endpoint.events.file-default-000001
I have 1 stand alone machine that is still higher then 7.11 CPU but haven't looked into that one as it's a dev box.
One thing I've noticed is with winlogbeat/metricbeat the last few minor version of kibana if your agents are not matching they really eat your server alive. Have to be in lock step sense version 7.11.1 or it becomes unusable in any meaningful way. This isn't all that easy to accomplish at times.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
