Hi everyone,
I believe I've discovered a bug in the Google Workspace module for Filebeat. Posting here first per the instructions on GitHub.
When using the Google Workspace module, all sub-modules but SAML logging (Admin, User Accounts, Login, Drive, and Groups) work fine, both independently and all at once.
However as soon as I enable the SAML logging functionality, an error is thrown by the module after retrieving and processing the data from the Google API.
Version: filebeat version 7.11.2 (amd64), libbeat 7.11.2 [1d9cced55410003f5d0b4594ff5471d15a4e2900 built 2021-03-06 05:39:42 +0000 UTC]
OS: macOS 10.15.7
Command run: filebeat -e -d '*'
Error output:
2021-03-10T09:51:54.167-0800 DEBUG [esclientleg] eslegclient/connection.go:364 GET https://[REDACTED]/_ingest/pipeline/filebeat-7.11.2-google_workspace-saml-common <nil>
2021-03-10T09:51:54.192-0800 DEBUG [modules] fileset/pipelines.go:120 Pipeline filebeat-7.11.2-google_workspace-saml-common already loaded
2021-03-10T09:51:54.192-0800 INFO [publisher_pipeline_output] pipeline/output.go:151 Connection to backoff(elasticsearch(https://[REDACTED])) established
2021-03-10T09:51:54.192-0800 DEBUG [esclientleg] eslegclient/bulkapi.go:230 Failed to encode message: unsupported float value: NaN
2021-03-10T09:51:54.192-0800 ERROR [elasticsearch] elasticsearch/client.go:224 failed to perform any bulk index operations: unsupported float value: NaN
2021-03-10T09:51:54.192-0800 INFO [publisher] pipeline/retry.go:219 retryer: send unwait signal to consumer
2021-03-10T09:51:54.192-0800 INFO [publisher] pipeline/retry.go:223 done
2021-03-10T09:51:55.966-0800 ERROR [publisher_pipeline_output] pipeline/output.go:180 failed to publish events: unsupported float value: NaN
2021-03-10T09:51:55.966-0800 INFO [publisher_pipeline_output] pipeline/output.go:143 Connecting to backoff(elasticsearch(https://[REDACTED]))
2021-03-10T09:51:55.966-0800 DEBUG [esclientleg] eslegclient/connection.go:290 ES Ping(url=https://[REDACTED])
2021-03-10T09:51:55.966-0800 INFO [publisher] pipeline/retry.go:219 retryer: send unwait signal to consumer
2021-03-10T09:51:55.966-0800 INFO [publisher] pipeline/retry.go:223 done
2021-03-10T09:51:55.982-0800 DEBUG [esclientleg] eslegclient/connection.go:313 Ping status code: 200
2021-03-10T09:51:55.982-0800 INFO [esclientleg] eslegclient/connection.go:314 Attempting to connect to Elasticsearch version 7.10.1
2021-03-10T09:51:55.982-0800 DEBUG [esclientleg] eslegclient/connection.go:364 GET https://[REDACTED]/_license?human=false <nil>
2021-03-10T09:51:56.016-0800 DEBUG [license] licenser/check.go:31 Checking that license covers %sBasic
2021-03-10T09:51:56.016-0800 INFO [license] licenser/es_callback.go:51 Elasticsearch license: Platinum
2021-03-10T09:51:56.016-0800 DEBUG [esclientleg] eslegclient/connection.go:364 GET https://[REDACTED]/ <nil>
2021-03-10T09:51:56.038-0800 DEBUG [modules] fileset/pipelines.go:67 Required processors: [{geoip ingest-geoip}]
2021-03-10T09:51:56.038-0800 DEBUG [esclientleg] eslegclient/connection.go:364 GET https://[REDACTED]/_nodes/ingest <nil>
2021-03-10T09:51:56.067-0800 DEBUG [esclientleg] eslegclient/connection.go:364 GET https://[REDACTED]/_ingest/pipeline/filebeat-7.11.2-google_workspace-saml-common <nil>
2021-03-10T09:51:56.091-0800 DEBUG [modules] fileset/pipelines.go:120 Pipeline filebeat-7.11.2-google_workspace-saml-common already loaded
2021-03-10T09:51:56.091-0800 INFO [publisher_pipeline_output] pipeline/output.go:151 Connection to backoff(elasticsearch(https://[REDACTED])) established
2021-03-10T09:51:56.091-0800 DEBUG [esclientleg] eslegclient/bulkapi.go:230 Failed to encode message: unsupported float value: NaN
2021-03-10T09:51:56.091-0800 ERROR [elasticsearch] elasticsearch/client.go:224 failed to perform any bulk index operations: unsupported float value: NaN
2021-03-10T09:51:56.091-0800 INFO [publisher] pipeline/retry.go:219 retryer: send unwait signal to consumer
2021-03-10T09:51:56.091-0800 INFO [publisher] pipeline/retry.go:223 done
Any thoughts or suggestions would be greatly appreciated 
