Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Agent Health Dashboards] Zero Integrations Enabled #7912

Closed
jamiehynds opened this issue Sep 21, 2023 · 7 comments
Closed

[Agent Health Dashboards] Zero Integrations Enabled #7912

jamiehynds opened this issue Sep 21, 2023 · 7 comments
Labels
bug Something isn't working, use only for issues

Comments

@jamiehynds
Copy link

A bug has been identified, whereby the Overview page on the agent health dashboards is incorrectly reporting 0 integrations enabled, even if several integrations are enabled and ingesting data. Need to determine the root cause and update the dashboard to ensure the integrations enabled count is accurate.

Capture d’écran 2023-09-21 à 09 18 13
@elasticmachine
Copy link

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@jamiehynds jamiehynds added the bug Something isn't working, use only for issues label Sep 21, 2023
@ebeahan
Copy link
Member

ebeahan commented Sep 21, 2023

I took a look, and it appears this visualization started only reporting zero in 8.9.

I noticed differences in running a cardinality agg in 8.8.2 vs 8.10.1. When I dug in a bit more, it seemed specific to constant_keyword fields. Note the aggregations.0.value of 0 on 8.10.1:

8.8.2

GET logs-*,metrics-*/_search
{
  "aggs": {
    "0": {
      "cardinality": {
        "field": "data_stream.dataset"
      }
    }
  },
  "size": 0
}

{
  "took": 2384,
  "timed_out": false,
  "_shards": {
    "total": 18,
    "successful": 18,
    "skipped": 0,
    "failed": 0
  },
  "hits": {
    "total": {
      "value": 3314,
      "relation": "eq"
    },
    "max_score": null,
    "hits": []
  },
  "aggregations": {
    "0": {
      "value": 15 <= expected
    }
  }
}

8.10.1

GET logs-*,metrics-*/_search
{
  "aggs": {
    "0": {
      "cardinality": {
        "field": "data_stream.dataset"
      }
    }
  },
  "size": 0
}

{
  "took": 34,
  "timed_out": false,
  "_shards": {
    "total": 166,
    "successful": 166,
    "skipped": 0,
    "failed": 0
  },
  "hits": {
    "total": {
      "value": 10000,
      "relation": "gte"
    },
    "max_score": null,
    "hits": []
  },
  "aggregations": {
    "0": {
      "value": 0 <= not expected
    }
  }
}

@ebeahan
Copy link
Member

ebeahan commented Sep 21, 2023

Unrelated observation: does the value for Integrations Enabled need the decimal?

@ebeahan
Copy link
Member

ebeahan commented Sep 21, 2023

Opened ES issue with above finding: elastic/elasticsearch#99776

@jamiehynds
Copy link
Author

Thanks for taking a look @ebeahan. With regards to the decimals, this is a known bug which @P1llus has raised with Kibana and they are working on a fix.

@ebeahan
Copy link
Member

ebeahan commented Sep 25, 2023

ES team added a fix for the cardinality agg issue: elastic/elasticsearch#99814. The fix ships in 8.10.3 and 8.11.0.

@jamiehynds
Copy link
Author

Closing as a fix has been available since 8.10.3.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working, use only for issues
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ebeahan @elasticmachine @jamiehynds