Thanks for the clarification, @marclop.
Just out of curiosity, I removed experimental: true
in Fleet Settings and all the out-of-date policy issues went away. If I added it back, they come back again. Removed again and policies updated instantly again. Not sure why this would happen.
Thanks @joshdover, I removed the MongoDB integration from both policies and tried out what you suggested. I added the debug logger for fleet plugin in kibana.yml but don't seem to see anything special in the logs after restarting kibana. Could you give an example of a log point? I'll grep that and send the file here.
Also tried the API call you suggested:
curl -XPOST --url <kibana domain>/api/fleet/epm/packages/mongodb-1.3.1 -H 'content-type: application/json' -H 'kbn-xsrf: 123' -d'{"force":true}' -u elastic:<password>
Response
{"statusCode":503,"error":"Service Unavailable","message":"Request timed out"}
When loading Fleet UI, that same API as a GET gets made and it completes instantly:
Although, if I try the same thing by clicking "Install MongoDB Assets", I get the following response:
{"statusCode":500,"error":"Internal Server Error","message":"Cannot find asset mongodb-1.3.1/kibana/dashboard/mongodb-Metrics-MongoDB.json"}
Tried something different, increased the timeout configs in kibana.yml drastically and was able to get it to install the assets as well as add the plugin in the required policy.
Took 4.5 mins to install MongoDB.
There's a new problem though, unable to get any of the Mongo logs or metrics into ES, getting this in logs-* when I filter for mongo:
Cannot index event publisher.Event{Content:beat.Event{Timestamp:time.Time{wall:0xc089246eb1873026, ext:873610542553, loc:(*time.Location)(0x56435c979100)}, Meta:{"raw_index":"logs-mongodb.log-mongodb_servers"}, Fields:{"agent":{"ephemeral_id":"bd68227e-9f51-4745-9a21-bab39e0135f0","hostname":"x.x.x.com","id":"46f0d193-0e17-4388-a18f-4c525a0d650f","name":"x.x.x.com","type":"filebeat","version":"7.15.2"},"data_stream":{"dataset":"mongodb.log","namespace":"mongodb_servers","type":"logs"},"ecs":{"version":"1.11.0"},"elastic_agent":{"id":"46f0d193-0e17-4388-a18f-4c525a0d650f","snapshot":false,"version":"7.15.2"},"event":{"dataset":"mongodb.log"},"host":{"architecture":"x86_64","containerized":false,"hostname":"x.x.x.com","id":"b2b676aeef00467186bfc275f8b20d2b","ip":["x.x.x.x","..."],"mac":["..."],"name":"x.x.x.com","os":{"codename":"focal","family":"debian","kernel":"5.4.0-80-generic","name":"Ubuntu","platform":"ubuntu","type":"linux","version":"20.04.2 LTS (Focal Fossa)"}},"input":{"type":"log"},"log":{"file":{"path":"/var/log/mongodb/mongod.log"},"offset":270444},"message":"{\"t\":{\"$date\":\"2021-06-22T06:57:20.217Z\"},\"s\":\"I\", \"c\":\"NETWORK\", \"id\":51800, \"ctx\":\"conn66\",\"msg\":\"client metadata\",\"attr\":{\"remote\":\"x.x.x.x:56972\",\"client\":\"conn66\",\"doc\":{\"driver\":{\"name\":\"mongo-java-driver|legacy\",\"version\":\"3.10.2\"},\"os\":{\"type\":\"Linux\",\"name\":\"Linux\",\"architecture\":\"amd64\",\"version\":\"5.4.0-74-generic\"},\"platform\":\"Java/AdoptOpenJDK/11.0.11+9\"}}}","tags":["mongodb-logs"]}, Private:file.State{Id:"native::46792787-2306", PrevId:"", Finished:false, Fileinfo:(*os.fileStat)(0xc0008c5d40), Source:"/var/log/mongodb/mongod.log", Offset:270825, Timestamp:time.Time{wall:0xc089246eaace0488, ext:873497744001, loc:(*time.Location)(0x56435c979100)}, TTL:-1, Type:"log", Meta:map[string]string(nil), FileStateOS:file.StateOS{Inode:0x2ca0053, Device:0x902}, IdentifierName:"native"}, TimeSeries:false}, Flags:0x1, Cache:publisher.EventCache{m:common.MapStr(nil)}} (status=403): {"type":"security_exception","reason":"action [indices:data/write/bulk[s]] is unauthorized for API key id [x] of user [elastic/fleet-server] on indices [logs-mongodb.log-mongodb_servers,.ds-logs-mongodb.log-mongodb_servers-2022.03.30-000001], this action is granted by the index privileges [create_doc,create,delete,index,write,all]"}, dropping event!
Not sure why I'd get
action [indices:data/write/bulk[s]] is unauthorized for API key id of user [elastic/fleet-server] on indices [logs-mongodb.log-mongodb_servers,.ds-logs-mongodb.log-mongodb_servers-2022.03.30-000001], this action is granted by the index privileges [create_doc,create,delete,index,write,all
I installed the integration as recommended, all the necessary assets (index templates, data streams, indices, etc.) are present in ES.
Any idea what could be wrong?