Hello,
Due to the error logging here, on systems running many short living processes, we realized that packetbeat is flooding logs with entries like the following:
{"log.level":"error","@timestamp":"2022-06-09T15:25:57.629+0200","log.origin":{"file.name":"procs/procs_linux.go","file.line":115},"message":"FindSocketsOfPid: open /proc/15404/fd: no such file or directory","service.name":"packetbeat","ecs.version":"1.6.0"}
This happens when packetbeat.procs.enabled: true
. We cannot find any way to disable such log messages (while keeping the level to error to still get useful logs) and believe that this should not be logged as an error, given that the execution is continuing.
Process data is added on best effort, given that packetbeat process info is originating from procfs. In case of short living processes, no process data is added considering that by the time this enrichment takes place, the connected procfs directory may not exist.
This type of log entry should be on level warning
or info, so as to support best-effort enrichment without flooding the logs.