Functionbeat throwing the error add_cloud_metadata: hosting provider type not detected

Elastic Stack Beats
1

I am trying to connect to the Elasticsearch and Kibana 7.10.2, launched from AWS under open source licence. I am trying to stream the logs from AWS CLoudwatch log group to Kibana, I have finished the set up of functionbeat 7.10.2 in the cloud, the triggers are placed for the cloudwatch log group and the lambda function was created during the functionbeat set up. On invoking the lambda function with a test cloudwatch log input, it throws the following error:

because the kernel does not support seccomp
2021-11-08T19:32:23.747Z    INFO    [beat]  instance/beat.go:981    Beat info   {"system_info": {"beat": {"path": {"config": "/Users/jijojohny/functionbeat-7.10.2-darwin-x86_64", "data": "/tmp", "home": "/Users/jijojohny/functionbeat-7.10.2-darwin-x86_64", "logs": "/tmp/logs"}, "type": "functionbeat", "uuid": "99246201-daf6-4d47-b146-bf368019821c"}}}
2021-11-08T19:32:23.747Z    INFO    [beat]  instance/beat.go:990    Build info  {"system_info": {"build": {"commit": "aacf9ecd9c494aa0908f61fbca82c906b16562a8", "libbeat": "7.10.2", "time": "2021-01-12T22:42:50.000Z", "version": "7.10.2"}}}
2021-11-08T19:32:23.747Z    INFO    [beat]  instance/beat.go:993    Go runtime info {"system_info": {"go": {"os":"linux","arch":"amd64","max_procs":2,"version":"go1.14.12"}}}
2021-11-08T19:32:23.748Z    INFO    [beat]  instance/beat.go:997    Host info   {"system_info": {"host": {"architecture":"x86_64","boot_time":"2021-11-08T19:06:45Z","containerized":true,"name":"169.254.27.65","ip":["127.0.0.1/8","169.254.79.130/30","169.254.76.1/23","169.254.79.1/32"],"kernel_version":"4.14.246-198.474.amzn2.x86_64","mac":["da:2f:77:89:96:3e","c2:b4:bc:1b:71:d0","3a:6a:8e:41:99:1a"],"os":{"family":"redhat","platform":"amzn","name":"Amazon Linux AMI","version":"2018.03","major":2018,"minor":3,"patch":0},"timezone":"UTC","timezone_offset_sec":0}}}
2021-11-08T19:32:23.748Z    INFO    [beat]  instance/beat.go:1026   Process info    {"system_info": {"process": {"capabilities": {"inheritable":null,"permitted":null,"effective":null,"bounding":["chown","dac_override","dac_read_search","fowner","fsetid","kill","setgid","setuid","setpcap","linux_immutable","net_bind_service","net_broadcast","net_admin","net_raw","ipc_lock","ipc_owner","sys_module","sys_rawio","sys_chroot","sys_ptrace","sys_pacct","sys_admin","sys_boot","sys_nice","sys_resource","sys_time","sys_tty_config","mknod","lease","audit_write","audit_control","setfcap","mac_override","mac_admin","syslog","wake_alarm","block_suspend","audit_read"],"ambient":null}, "cwd": "/var/task", "exe": "/var/task/functionbeat-aws", "name": "functionbeat-aw", "pid": 6, "ppid": 1, "seccomp": {"mode":"filter","no_new_privs":true}, "start_time": "2021-11-08T19:32:22.450Z"}}}
2021-11-08T19:32:23.748Z    INFO    instance/beat.go:299    Setup Beat: functionbeat; Version: 7.10.2
2021-11-08T19:32:23.748Z    INFO    [index-management]  idxmgmt/std.go:184  Set output.elasticsearch.index to 'functionbeat-7.10.2' as ILM is enabled.
2021-11-08T19:32:23.750Z    INFO    eslegclient/connection.go:99    elasticsearch url: https://search-********************.us-east-1.es.amazonaws.com:443
2021-11-08T19:32:23.755Z    INFO    [publisher] pipeline/module.go:113  Beat name: 169.254.27.65
2021-11-08T19:32:23.756Z    INFO    instance/beat.go:455    functionbeat start running.
2021-11-08T19:32:23.756Z    INFO    [functionbeat]  beater/functionbeat.go:94   Functionbeat is running
2021-11-08T19:32:23.756Z    INFO    [functionbeat]  beater/functionbeat.go:100  Functionbeat is configuring enabled functions: fn-cloudwatch-logs
2021-11-08T19:32:23.756Z    INFO    [coordinator.Coordinator]   core/coordinator.go:86  The function 'cloudwatch_logs' is starting
2021-11-08T19:32:23.761Z    INFO    [monitoring]    log/log.go:118  Starting metrics logging every 30s
2021-11-08T19:32:24.791Z    INFO    [add_cloud_metadata]    add_cloud_metadata/add_cloud_metadata.go:89 add_cloud_metadata: hosting provider type not detected.
2021-11-08T19:32:24.802Z    INFO    [publisher_pipeline_output] pipeline/output.go:143  Connecting to backoff(elasticsearch(https://search-*****************.us-east-1.es.amazonaws.com:443))
2021-11-08T19:32:24.802Z    INFO    [publisher] pipeline/retry.go:219   retryer: send unwait signal to consumer
2021-11-08T19:32:24.802Z    INFO    [publisher] pipeline/retry.go:223     done
END RequestId: 2ab32dcb-3370-47dd-b729-094de46778c7
REPORT RequestId: 2ab32dcb-3370-47dd-b729-094de46778c7  Duration: 3004.28 ms    Billed Duration: 3000 ms    Memory Size: 128 MB Max Memory Used: 86 MB  Init Duration: 463.51 ms    
2021-11-08T19:32:26.769Z 2ab32dcb-3370-47dd-b729-094de46778c7 Task timed out after 3.00 seconds

As per this document: Add cloud metadata | Filebeat Reference [7.15] | Elastic
I have added the add_cloud_metadata as well for AWS

{
  "cloud": {
    "account.id": "1234567823",
    "availability_zone": "us-east-1c",
    "instance.id": " i-08f58b3079bf0sdf0d",
    "machine.type": "t2.2xlarge",
    "image.id": "ami-083654bd07hj334nsjd",
    "provider": "aws",
    "region": "us-east-1"
  }
}

Any suggestions or help?

2

Did you try to run the functionbeat with additional debug flags: -v -e -d "*"?

See issue: Functionbeat can't find default credentials · Issue #17329 · elastic/beats · GitHub

3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.