Okta filebeat module ingest pipeline not running

LiamSennitt · August 19, 2021, 7:42am

The Okta filebeat module doesn't appear to be executing the ingest pipeline as expected and returns events in the structure below.

{
    "@timestamp": "",
    "@metadata": {
      "beat": "filebeat",
      "type": "_doc",
      "version": "7.14.0",
      "pipeline": "filebeat-7.14.0-okta-system-pipeline"
    },
    "json": {},
    "agent": {
      "type": "filebeat",
      "version": "7.14.0",
      "hostname": "",
      "ephemeral_id": "",
      "id": "",
      "name": ""
    },
    "event": {
      "dataset": "okta.system",
      "original": "",
      "created": "",
      "module": "okta"
    },
    "ecs": {
      "version": "1.10.0"
    },
    "tags": [
      "forwarded"
    ],
    "input": {
      "type": "httpjson"
    },
    "fileset": {
      "name": "system"
    },
    "service": {
      "type": "okta"
    }
}

legoguy1000 · August 19, 2021, 11:14am

This is an event coming out of filebeat? Or from elasticsearch?

LiamSennitt · August 19, 2021, 1:32pm

Directly out of filebeat with a console output.

LiamSennitt · August 19, 2021, 1:39pm

I've realised my mistake I'm using filebeat with a logstash output and I havn't manually loaded the ingest pipline

system · September 16, 2021, 3:39pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Ingest Pipeline is not updated on Module Changes Beats filebeat	2	974	July 27, 2018
Filebeat not uploading lastest ingest grok pattern to elasticsearch Beats filebeat	6	740	May 31, 2019
Filebeat Pipeline debug output Publish event Beats filebeat	4	1398	May 28, 2021
Filebeat custom module pipeline failed Beats filebeat	5	511	October 20, 2020
Filebeat module ingest pipeline not working in logstash Logstash	5	196	August 14, 2023

Okta filebeat module ingest pipeline not running

Related topics