Endpoint Filebeat memory 7.13.3 "rare event"


Minor bug with Filebeat and Endpoint. This is a rare event and only happened to 6 "known" machines out of 100.

Filebeat memory utilization consumed the remaining host memory after a policy change. Steps that created the issue. All settings will be in Fleet under the device policies.

  1. Go to policy. Open.
  2. Change to settings tab.
  3. Uncheck File and Metrics for debug.
  4. Save and wait for it to roll out.

The existing Filebeat instance from endpoint did not exit correctly which resulted in the log file backing up in memory waiting to connect to agent to send. Another instance started up with the new settings running concurrently. Force killing the instance of filebeat and the machine returns to normal.

Poking at the dev's for that memory max settings :-). you guys are awesome 7.13.3+ has been very stable so far.

1 Like

Thanks for reporting this, especially for the reproduction steps, which help immensely. I filed a Github issue to track this bug.

I'm glad to hear you're seeing good things with 7.13.3!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.