Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Datasets system.auth and system.syslog are not available for AL2023 under Data streams tab. #4250

Closed
amolnater-qasource opened this issue Feb 13, 2024 · 9 comments
Closed

Datasets system.auth and system.syslog are not available for AL2023 under Data streams tab. #4250

amolnater-qasource opened this issue Feb 13, 2024 · 9 comments
Labels
bug Something isn't working impact:high Short-term priority; add to current release, or definitely next. QA:Validated Validated by the QA Team Team:Elastic-Agent-Control-Plane Label for the Agent Control Plane team Team:Elastic-Agent-Data-Plane Label for the Agent Data Plane team

Comments

@amolnater-qasource
Copy link

Kibana Build details:

VERSION: 8.13.0 SNAPSHOT
BUILD: 71393
COMMIT: 4f3bc35472dfeb88c02466790bd3c96dcc98f4de
Artifact Link: https://snapshots.elastic.co/8.13.0-e2cda7bd/downloads/beats/elastic-agent/elastic-agent-8.13.0-SNAPSHOT-linux-x86_64.tar.gz

Host OS: Amazon Linux 2023(AL2023)

Preconditions:

  1. 8.13.0 SNAPSHOT Kibana cloud environment should be available.

Steps to reproduce:

  1. Install agent on AL2023 with agent policy having System integration.
  2. Navigate to Data streams tab and observe no data available for system.auth and system.syslog datasets.

Screenshots:
image

Expected Result:
Datasets system.auth and system.syslog should be available for AL2023 under Data streams tab.

Testing Under:
https://github.com/elastic/ingest-dev/issues/2942
@amolnater-qasource amolnater-qasource added bug Something isn't working Team:Elastic-Agent-Control-Plane Label for the Agent Control Plane team impact:high Short-term priority; add to current release, or definitely next. labels Feb 13, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/elastic-agent-control-plane (Team:Elastic-Agent-Control-Plane)

@amolnater-qasource
Copy link
Author

@manishgupta-qasource Please review.

@pierrehilbert
Copy link
Contributor

The issue seems to be the same than #3650, AL2023 is using journald instead of rsyslog

@manishgupta-qasource
Copy link

Secondary review for this ticket is Done

@pierrehilbert
Copy link
Contributor

Will be covered by elastic/beats#37086

@pierrehilbert pierrehilbert added the Team:Elastic-Agent-Data-Plane Label for the Agent Data Plane team label Jun 3, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/elastic-agent-data-plane (Team:Elastic-Agent-Data-Plane)

@jlind23 jlind23 mentioned this issue Jul 2, 2024
Merged
10 tasks
@belimawr
Copy link
Contributor

belimawr commented Aug 8, 2024

While elastic/beats#37086 paves the path to close this issue, it is also needed to update the system integration to use the journald input on hosts that have moved away from traditional log files.

@nimarezainia
Copy link
Contributor

@belimawr is this also resolved by elastic/integrations#11618 ? I would like to get the AL2023 qualified.

@amolnater-qasource
Copy link
Author

Hi Team,
We have revalidated this issue on latest 8.17.0 BC6 kibana cloud environment and found it fixed now.

Observations:

  • Datasets system.auth and system.syslog is available for AL2023 under Data streams tab.

Screenshots:
Image

Build details:
VERSION: 8.17.0 BC6
BUILD: 80521
COMMIT: e8a820624a03a412433584d3e3df951838e4c63c
Artifact Link: https://staging.elastic.co/8.17.0-6b31e673/downloads/beats/elastic-agent/elastic-agent-8.17.0-linux-x86_64.tar.gz

Hence we are closing and marking this issue as QA:Validated.

Thanks!

@amolnater-qasource amolnater-qasource added the QA:Validated Validated by the QA Team label Dec 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working impact:high Short-term priority; add to current release, or definitely next. QA:Validated Validated by the QA Team Team:Elastic-Agent-Control-Plane Label for the Agent Control Plane team Team:Elastic-Agent-Data-Plane Label for the Agent Data Plane team
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@belimawr @pierrehilbert @nimarezainia @elasticmachine @manishgupta-qasource @amolnater-qasource