Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Metricbeat Windows Module invalid windows.yml in modules.d #23027

Closed
jeffpatton1971 opened this issue Dec 9, 2020 · 4 comments · Fixed by #23327
Closed

Metricbeat Windows Module invalid windows.yml in modules.d #23027

jeffpatton1971 opened this issue Dec 9, 2020 · 4 comments · Fixed by #23327
Assignees
@narph
Labels
Team:Platforms Label for the Integrations - Platforms team

Comments

@jeffpatton1971
Copy link

jeffpatton1971 commented Dec 9, 2020
edited
Loading

The default windows.yml located in modules.d contains an invalid query that when enabled prevents the metricbeat service from starting.

PS C:\Program Files\metricbeat> cat .\modules.d\windows.yml
# Module: windows
# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.10/metricbeat-module-windows.html

- module: windows
  metricsets:
    - service
  period: 1m

- module: windows
  metricsets:
  - perfmon
  period: 10s
  perfmon.queries:
   - object: 'Process'
     instance: ["*"]
     counters:
     - name: 'Disk Writes/sec'
       field: physical_disk.write.per_sec
       format: "float"
     - name: "% Disk Write Time"
PS C:\Program Files\metricbeat> Start-Service metricbeat
Start-Service : Failed to start service 'metricbeat (metricbeat)'.
At line:1 char:1
+ Start-Service metricbeat
+ ~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : OpenError: (System.ServiceProcess.ServiceController:ServiceController) [Start-Service], ServiceCommandException
    + FullyQualifiedErrorId : StartServiceFailed,Microsoft.PowerShell.Commands.StartServiceCommand

Note the query object is process, yet the counters are all disk related. After changing these to the sample shown on the following page https://www.elastic.co/guide/en/beats/metricbeat/7.10/metricbeat-module-windows.html and uncommenting the process queries, the service was able to successfully start.

It would be helpful if we could get this fixed as it took me longer than it should have to run this down as the error message coming back from windows was less than helpful.

metricbeat.modules:
- module: windows
  metricsets: ["perfmon"]
  enabled: true
  period: 10s
  perfmon.ignore_non_existent_counters: false
  perfmon.group_measurements_by_instance: false
  perfmon.queries:
#  - object: 'Process'
#    instance: ["*"]
#    counters:
#    - name: '% Processor Time'
#      field: cpu_usage
#      format: "float"
#    - name: "Thread Count"

- module: windows
  metricsets: ["service"]
  enabled: true
  period: 60s
@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Dec 9, 2020
@jsoriano jsoriano added the Team:Platforms Label for the Integrations - Platforms team label Dec 11, 2020
@elasticmachine
Copy link
Collaborator

Pinging @elastic/integrations-platforms (Team:Platforms)

@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label Dec 11, 2020
@jeffpatton1971
Copy link
Author

FWIW there may be a similar issue with the Azure module as well, but I wasn't entirely certain I was passing in the SPN creds properly or not and I've not had time to get back to it this week.

@narph narph self-assigned this Dec 15, 2020
@narph narph mentioned this issue Dec 30, 2020
Merged
6 tasks
@narph
Copy link
Contributor

narph commented Dec 30, 2020

@jeffpatton1971 we had some legacy code we mistakenly ignored, all updated now with #23327.
Not sure what do you mean by the same case with the azure module, can you expand on that.

This was referenced Jan 13, 2021
Merged
Merged
@leandroscardua
Copy link

Hi Elastic Team,

Does anyone has roadmap and timeline to fix it?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@narph narph

Labels
Team:Platforms Label for the Integrations - Platforms team
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update default config in windows.yml narph/beats
5 participants
@jsoriano @jeffpatton1971 @narph @elasticmachine @leandroscardua