Fleet AWS Integration Error - CloudTrail logs not searchable

matt_t1 · December 17, 2020, 12:28pm

AWS integration version 0.3.12 uses an ingestion node pipeline to set the event.ingested field to the ingestion timestamp. There is no mapping for this field in the index template so it defaults to keyword type, which breaks searching on the affected shards. No events are returned using a filter of data_stream.dataset:aws.cloudtrail.

Adding an explicit mapping for event.ingested to Date type in the index template fixes the issue.

skh · December 18, 2020, 12:06pm

Good catch, this looks odd. I'm getting help from someone who knows more about this integration.

skh · December 18, 2020, 2:41pm

This is being tracked in https://github.com/elastic/integrations/issues/473 now.

Thanks for spotting it!

Topic		Replies	Views
AWS Integrations Mapping Error Beats fleet	5	357	October 5, 2021
Pipeline not found for AWS integration on Agent managed by Fleet Elastic Agent fleet	3	62	February 27, 2025
AWS fleet integration fails with API key error on ingest Logs fleet	11	1121	July 6, 2022
Fleet AWS Integration Error - API keys not configured for metricbeat Elasticsearch fleet	2	530	January 14, 2021
Elastic Agent : AWS CloudWatch Fleet Integration Fail with RequestCanceledError Beats fleet	3	1007	August 19, 2022

Fleet AWS Integration Error - CloudTrail logs not searchable

Related topics