Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Stack Monitoring] fix failing functional tests node detail page #115435

Closed
wants to merge 2 commits into from
Closed

[Stack Monitoring] fix failing functional tests node detail page #115435

wants to merge 2 commits into from

Conversation

neptunian
Copy link
Contributor

@neptunian neptunian commented Oct 18, 2021
edited
Loading

@neptunian neptunian added v8.0.0 Team:Infra Monitoring UI - DEPRECATED DEPRECATED - Label for the Infra Monitoring UI team. Use Team:obs-ux-infra_services v7.16.0 Epic: Stack Monitoring de-angularization labels Oct 18, 2021
@neptunian neptunian self-assigned this Oct 18, 2021
@neptunian
Copy link
Contributor Author

https://kibana-ci.elastic.co/job/kibana+flaky-test-suite-runner/2059/

@kibanamachine
Copy link
Contributor

kibanamachine commented Oct 19, 2021
edited
Loading

💔 Build Failed

Failed CI Steps

Test Failures

Kibana Pipeline / general / X-Pack Detection Engine API Integration Tests.x-pack/test/detection_engine_api_integration/security_and_spaces/tests/generating_signals·ts.detection engine api security and spaces enabled Generating signals from source indexes Signals generated from events with name override field should generate signals with name_override field

Link to Jenkins

Standard Out

Failed Tests Reporter:
  - Test has not failed recently on tracked branches

[00:00:00]     │
[00:00:00]       └-: detection engine api security and spaces enabled
[00:00:00]         └-> "before all" hook in "detection engine api security and spaces enabled"
[00:00:00]         └-: 
[00:00:00]           └-> "before all" hook in ""
[00:18:27]           └-: Generating signals from source indexes
[00:18:27]             └-> "before all" hook in "Generating signals from source indexes"
[00:23:36]             └-: Signals generated from events with name override field
[00:23:36]               └-> "before all" hook for "should generate signals with name_override field"
[00:23:36]               └-> "before all" hook for "should generate signals with name_override field"
[00:23:36]                 │ info [x-pack/test/functional/es_archives/auditbeat/hosts] Loading "mappings.json"
[00:23:36]                 │ info [x-pack/test/functional/es_archives/auditbeat/hosts] Loading "data.json.gz"
[00:23:36]                 │ info [o.e.c.m.MetadataCreateIndexService] [node-01] [auditbeat-8.0.0-2019.02.19-000001] creating index, cause [api], templates [], shards [1]/[1]
[00:23:36]                 │ info [x-pack/test/functional/es_archives/auditbeat/hosts] Created index "auditbeat-8.0.0-2019.02.19-000001"
[00:23:36]                 │ debg [x-pack/test/functional/es_archives/auditbeat/hosts] "auditbeat-8.0.0-2019.02.19-000001" settings {"index":{"lifecycle":{"name":"auditbeat-8.0.0","rollover_alias":"auditbeat-8.0.0"},"mapping":{"total_fields":{"limit":"10000"}},"number_of_replicas":"1","number_of_shards":"1","query":{"default_field":["tags","message","agent.version","agent.name","agent.type","agent.id","agent.ephemeral_id","client.address","client.mac","client.domain","client.geo.continent_name","client.geo.country_name","client.geo.region_name","client.geo.city_name","client.geo.country_iso_code","client.geo.region_iso_code","client.geo.name","cloud.provider","cloud.availability_zone","cloud.region","cloud.instance.id","cloud.instance.name","cloud.machine.type","cloud.account.id","container.runtime","container.id","container.image.name","container.image.tag","container.name","destination.address","destination.mac","destination.domain","destination.geo.continent_name","destination.geo.country_name","destination.geo.region_name","destination.geo.city_name","destination.geo.country_iso_code","destination.geo.region_iso_code","destination.geo.name","ecs.version","error.id","error.message","error.code","event.id","event.kind","event.category","event.action","event.outcome","event.type","event.module","event.dataset","event.hash","event.timezone","file.path","file.target_path","file.extension","file.type","file.device","file.inode","file.uid","file.owner","file.gid","file.group","file.mode","group.id","group.name","host.hostname","host.name","host.id","host.mac","host.type","host.architecture","host.os.platform","host.os.name","host.os.full","host.os.family","host.os.version","host.os.kernel","host.geo.continent_name","host.geo.country_name","host.geo.region_name","host.geo.city_name","host.geo.country_iso_code","host.geo.region_iso_code","host.geo.name","http.request.method","http.request.body.content","http.request.referrer","http.response.body.content","http.version","log.level","network.name","network.type","network.iana_number","network.transport","network.application","network.protocol","network.direction","network.community_id","observer.mac","observer.hostname","observer.vendor","observer.version","observer.serial_number","observer.type","observer.os.platform","observer.os.name","observer.os.full","observer.os.family","observer.os.version","observer.os.kernel","observer.geo.continent_name","observer.geo.country_name","observer.geo.region_name","observer.geo.city_name","observer.geo.country_iso_code","observer.geo.region_iso_code","observer.geo.name","organization.name","organization.id","os.platform","os.name","os.full","os.family","os.version","os.kernel","process.name","process.args","process.executable","process.title","process.working_directory","server.address","server.mac","server.domain","server.geo.continent_name","server.geo.country_name","server.geo.region_name","server.geo.city_name","server.geo.country_iso_code","server.geo.region_iso_code","server.geo.name","service.id","service.name","service.type","service.state","service.version","service.ephemeral_id","source.address","source.mac","source.domain","source.geo.continent_name","source.geo.country_name","source.geo.region_name","source.geo.city_name","source.geo.country_iso_code","source.geo.region_iso_code","source.geo.name","url.original","url.full","url.scheme","url.domain","url.path","url.query","url.fragment","url.username","url.password","user.id","user.name","user.full_name","user.email","user.hash","user.group.id","user.group.name","user_agent.original","user_agent.name","user_agent.version","user_agent.device.name","user_agent.os.platform","user_agent.os.name","user_agent.os.full","user_agent.os.family","user_agent.os.version","user_agent.os.kernel","agent.hostname","error.type","cloud.project.id","kubernetes.pod.name","kubernetes.pod.uid","kubernetes.namespace","kubernetes.node.name","kubernetes.container.name","kubernetes.container.image","file.origin","raw","file.selinux.user","file.selinux.role","file.selinux.domain","file.selinux.level","user.audit.id","user.audit.name","user.effective.id","user.effective.name","user.effective.group.id","user.effective.group.name","user.filesystem.id","user.filesystem.name","user.filesystem.group.id","user.filesystem.group.name","user.saved.id","user.saved.name","user.saved.group.id","user.saved.group.name","user.selinux.user","user.selinux.role","user.selinux.domain","user.selinux.level","user.selinux.category","source.path","destination.path","auditd.message_type","auditd.session","auditd.result","auditd.summary.actor.primary","auditd.summary.actor.secondary","auditd.summary.object.type","auditd.summary.object.primary","auditd.summary.object.secondary","auditd.summary.how","auditd.paths.inode","auditd.paths.dev","auditd.paths.obj_user","auditd.paths.obj_role","auditd.paths.obj_domain","auditd.paths.obj_level","auditd.paths.objtype","auditd.paths.ouid","auditd.paths.rdev","auditd.paths.nametype","auditd.paths.ogid","auditd.paths.item","auditd.paths.mode","auditd.paths.name","auditd.data.action","auditd.data.minor","auditd.data.acct","auditd.data.addr","auditd.data.cipher","auditd.data.id","auditd.data.entries","auditd.data.kind","auditd.data.ksize","auditd.data.spid","auditd.data.arch","auditd.data.argc","auditd.data.major","auditd.data.unit","auditd.data.table","auditd.data.terminal","auditd.data.grantors","auditd.data.direction","auditd.data.op","auditd.data.tty","auditd.data.syscall","auditd.data.data","auditd.data.family","auditd.data.mac","auditd.data.pfs","auditd.data.items","auditd.data.a0","auditd.data.a1","auditd.data.a2","auditd.data.a3","auditd.data.hostname","auditd.data.lport","auditd.data.rport","auditd.data.exit","auditd.data.fp","auditd.data.laddr","auditd.data.sport","auditd.data.capability","auditd.data.nargs","auditd.data.new-enabled","auditd.data.audit_backlog_limit","auditd.data.dir","auditd.data.cap_pe","auditd.data.model","auditd.data.new_pp","auditd.data.old-enabled","auditd.data.oauid","auditd.data.old","auditd.data.banners","auditd.data.feature","auditd.data.vm-ctx","auditd.data.opid","auditd.data.seperms","auditd.data.seresult","auditd.data.new-rng","auditd.data.old-net","auditd.data.sigev_signo","auditd.data.ino","auditd.data.old_enforcing","auditd.data.old-vcpu","auditd.data.range","auditd.data.res","auditd.data.added","auditd.data.fam","auditd.data.nlnk-pid","auditd.data.subj","auditd.data.a[0-3]","auditd.data.cgroup","auditd.data.kernel","auditd.data.ocomm","auditd.data.new-net","auditd.data.permissive","auditd.data.class","auditd.data.compat","auditd.data.fi","auditd.data.changed","auditd.data.msg","auditd.data.dport","auditd.data.new-seuser","auditd.data.invalid_context","auditd.data.dmac","auditd.data.ipx-net","auditd.data.iuid","auditd.data.macproto","auditd.data.obj","auditd.data.ipid","auditd.data.new-fs","auditd.data.vm-pid","auditd.data.cap_pi","auditd.data.old-auid","auditd.data.oses","auditd.data.fd","auditd.data.igid","auditd.data.new-disk","auditd.data.parent","auditd.data.len","auditd.data.oflag","auditd.data.uuid","auditd.data.code","auditd.data.nlnk-grp","auditd.data.cap_fp","auditd.data.new-mem","auditd.data.seperm","auditd.data.enforcing","auditd.data.new-chardev","auditd.data.old-rng","auditd.data.outif","auditd.data.cmd","auditd.data.hook","auditd.data.new-level","auditd.data.sauid","auditd.data.sig","auditd.data.audit_backlog_wait_time","auditd.data.printer","auditd.data.old-mem","auditd.data.perm","auditd.data.old_pi","auditd.data.state","auditd.data.format","auditd.data.new_gid","auditd.data.tcontext","auditd.data.maj","auditd.data.watch","auditd.data.device","auditd.data.grp","auditd.data.bool","auditd.data.icmp_type","auditd.data.new_lock","auditd.data.old_prom","auditd.data.acl","auditd.data.ip","auditd.data.new_pi","auditd.data.default-context","auditd.data.inode_gid","auditd.data.new-log_passwd","auditd.data.new_pe","auditd.data.selected-context","auditd.data.cap_fver","auditd.data.file","auditd.data.net","auditd.data.virt","auditd.data.cap_pp","auditd.data.old-range","auditd.data.resrc","auditd.data.new-range","auditd.data.obj_gid","auditd.data.proto","auditd.data.old-disk","auditd.data.audit_failure","auditd.data.inif","auditd.data.vm","auditd.data.flags","auditd.data.nlnk-fam","auditd.data.old-fs","auditd.data.old-ses","auditd.data.seqno","auditd.data.fver","auditd.data.qbytes","auditd.data.seuser","auditd.data.cap_fe","auditd.data.new-vcpu","auditd.data.old-level","auditd.data.old_pp","auditd.data.daddr","auditd.data.old-role","auditd.data.ioctlcmd","auditd.data.smac","auditd.data.apparmor","auditd.data.fe","auditd.data.perm_mask","auditd.data.ses","auditd.data.cap_fi","auditd.data.obj_uid","auditd.data.reason","auditd.data.list","auditd.data.old_lock","auditd.data.bus","auditd.data.old_pe","auditd.data.new-role","auditd.data.prom","auditd.data.uri","auditd.data.audit_enabled","auditd.data.old-log_passwd","auditd.data.old-seuser","auditd.data.per","auditd.data.scontext","auditd.data.tclass","auditd.data.ver","auditd.data.new","auditd.data.val","auditd.data.img-ctx","auditd.data.old-chardev","auditd.data.old_val","auditd.data.success","auditd.data.inode_uid","auditd.data.removed","auditd.data.socket.port","auditd.data.socket.saddr","auditd.data.socket.addr","auditd.data.socket.family","auditd.data.socket.path","geoip.continent_name","geoip.city_name","geoip.region_name","geoip.country_iso_code","hash.blake2b_256","hash.blake2b_384","hash.blake2b_512","hash.md5","hash.sha1","hash.sha224","hash.sha256","hash.sha384","hash.sha3_224","hash.sha3_256","hash.sha3_384","hash.sha3_512","hash.sha512","hash.sha512_224","hash.sha512_256","hash.xxh64","event.origin","user.entity_id","user.terminal","process.entity_id","socket.entity_id","system.audit.host.timezone.name","system.audit.host.hostname","system.audit.host.id","system.audit.host.architecture","system.audit.host.mac","system.audit.host.os.platform","system.audit.host.os.name","system.audit.host.os.family","system.audit.host.os.version","system.audit.host.os.kernel","system.audit.package.entity_id","system.audit.package.name","system.audit.package.version","system.audit.package.release","system.audit.package.arch","system.audit.package.license","system.audit.package.summary","system.audit.package.url","system.audit.user.name","system.audit.user.uid","system.audit.user.gid","system.audit.user.dir","system.audit.user.shell","system.audit.user.user_information","system.audit.user.password.type","fields.*"]},"refresh_interval":"5s"}}
[00:23:37]                 │ info [x-pack/test/functional/es_archives/auditbeat/hosts] Indexed 1751 docs into "auditbeat-8.0.0-2019.02.19-000001"
[00:23:37]                 │ info [x-pack/test/functional/es_archives/auditbeat/hosts] Indexed 1 docs into "winlogbeat-8.0.0-2019.02.19-000001"
[00:23:37]               └-> should generate signals with name_override field
[00:23:37]                 └-> "before each" hook: global before each for "should generate signals with name_override field"
[00:23:37]                 └-> "before each" hook for "should generate signals with name_override field"
[00:23:37]                   │ info [o.e.x.i.a.TransportPutLifecycleAction] [node-01] adding index lifecycle policy [.siem-signals-default]
[00:23:37]                   │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [.siem-signals-default] for index patterns [.siem-signals-default-*]
[00:23:37]                   │ info [o.e.c.m.MetadataCreateIndexService] [node-01] [.siem-signals-default-000001] creating index, cause [api], templates [.siem-signals-default], shards [1]/[1]
[00:23:37]                   │ info [o.e.x.i.IndexLifecycleTransition] [node-01] moving index [.siem-signals-default-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [.siem-signals-default]
[00:23:37]                 └-> "before each" hook for "should generate signals with name_override field"
[00:23:37]                   │ info [o.e.c.m.MetadataDeleteIndexService] [node-01] [.siem-signals-default-000001/dOMycpvITGmUEMpoavLLQw] deleting index
[00:23:37]                   │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] removing index template [.siem-signals-default]
[00:23:37]                   │ info [o.e.x.i.a.TransportPutLifecycleAction] [node-01] adding index lifecycle policy [.siem-signals-default]
[00:23:37]                   │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [.siem-signals-default] for index patterns [.siem-signals-default-*]
[00:23:37]                   │ info [o.e.c.m.MetadataCreateIndexService] [node-01] [.siem-signals-default-000001] creating index, cause [api], templates [.siem-signals-default], shards [1]/[1]
[00:23:37]                   │ info [o.e.x.i.IndexLifecycleTransition] [node-01] moving index [.siem-signals-default-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [.siem-signals-default]
[00:23:37]                 │ info [o.e.x.i.IndexLifecycleTransition] [node-01] moving index [.siem-signals-default-000001] from [{"phase":"new","action":"complete","name":"complete"}] to [{"phase":"hot","action":"unfollow","name":"branch-check-unfollow-prerequisites"}] in policy [.siem-signals-default]
[00:23:37]                 │ info [o.e.x.i.IndexLifecycleTransition] [node-01] moving index [.siem-signals-default-000001] from [{"phase":"hot","action":"unfollow","name":"branch-check-unfollow-prerequisites"}] to [{"phase":"hot","action":"rollover","name":"check-rollover-ready"}] in policy [.siem-signals-default]
[00:23:39]                 │ proc [kibana] [2021-10-19T01:33:05.986+00:00][INFO ][plugins.eventLog] event logged: {"@timestamp":"2021-10-19T01:33:05.985Z","event":{"provider":"alerting","action":"execute-start","kind":"alert","category":["siem"],"start":"2021-10-19T01:33:05.985Z"},"kibana":{"saved_objects":[{"rel":"primary","type":"alert","id":"811e0930-307c-11ec-914b-b7a7d49e2a76","type_id":"siem.signals"}],"task":{"scheduled":"2021-10-19T01:33:04.898Z","schedule_delay":1087000000},"server_uuid":"5b2de169-2785-441b-ae8c-186a1936b17d","version":"8.0.0"},"rule":{"id":"811e0930-307c-11ec-914b-b7a7d49e2a76","license":"basic","category":"siem.signals","ruleset":"siem"},"message":"alert execution start: \"811e0930-307c-11ec-914b-b7a7d49e2a76\"","ecs":{"version":"1.8.0"}}
[00:23:43]                 │ proc [kibana] [2021-10-19T01:33:09.955+00:00][INFO ][plugins.securitySolution] [+] Finished indexing 100  signals searched between date ranges [
[00:23:43]                 │ proc [kibana]   {
[00:23:43]                 │ proc [kibana]     "to": "2021-10-19T01:33:07.933Z",
[00:23:43]                 │ proc [kibana]     "from": "1900-01-01T00:00:00.000Z",
[00:23:43]                 │ proc [kibana]     "maxSignals": 100
[00:23:43]                 │ proc [kibana]   }
[00:23:43]                 │ proc [kibana] ] name: "Signal Testing Query" id: "811e0930-307c-11ec-914b-b7a7d49e2a76" rule id: "rule-1" signals index: ".siem-signals-default"
[00:23:43]                 │ proc [kibana] [2021-10-19T01:33:09.966+00:00][INFO ][plugins.eventLog] event logged: {"@timestamp":"2021-10-19T01:33:05.985Z","event":{"provider":"alerting","action":"execute","kind":"alert","category":["siem"],"start":"2021-10-19T01:33:05.985Z","outcome":"success","end":"2021-10-19T01:33:09.965Z","duration":3980000000},"kibana":{"saved_objects":[{"rel":"primary","type":"alert","id":"811e0930-307c-11ec-914b-b7a7d49e2a76","type_id":"siem.signals"}],"task":{"scheduled":"2021-10-19T01:33:04.898Z","schedule_delay":1087000000},"alerting":{"status":"ok"},"server_uuid":"5b2de169-2785-441b-ae8c-186a1936b17d","version":"8.0.0"},"rule":{"id":"811e0930-307c-11ec-914b-b7a7d49e2a76","license":"basic","category":"siem.signals","ruleset":"siem","name":"Signal Testing Query"},"message":"alert executed: siem.signals:811e0930-307c-11ec-914b-b7a7d49e2a76: 'Signal Testing Query'","ecs":{"version":"1.8.0"}}
[00:23:43]                 └- ✖ fail: detection engine api security and spaces enabled  Generating signals from source indexes Signals generated from events with name override field should generate signals with name_override field
[00:23:43]                 │       Error: expected { '@timestamp': '2021-10-19T01:33:08.007Z',
[00:23:43]                 │   agent: 
[00:23:43]                 │    { ephemeral_id: '1b4978a0-48be-49b1-ac96-323425b389ab',
[00:23:43]                 │      hostname: 'zeek-sensor-amsterdam',
[00:23:43]                 │      id: 'e52588e6-7aa3-4c89-a2c4-d6bc5c286db1',
[00:23:43]                 │      type: 'auditbeat',
[00:23:43]                 │      version: '8.0.0' },
[00:23:43]                 │   cloud: 
[00:23:43]                 │    { instance: { id: '133551048' },
[00:23:43]                 │      provider: 'digitalocean',
[00:23:43]                 │      region: 'ams3' },
[00:23:43]                 │   destination: { ip: '127.0.0.53', port: 53 },
[00:23:43]                 │   ecs: { version: '1.0.0-beta2' },
[00:23:43]                 │   event: 
[00:23:43]                 │    { action: 'existing_socket',
[00:23:43]                 │      dataset: 'socket',
[00:23:43]                 │      id: '69225608-2d5f-45a1-b3d1-6ff193d18c2b',
[00:23:43]                 │      kind: 'signal',
[00:23:43]                 │      module: 'system' },
[00:23:43]                 │   host: 
[00:23:43]                 │    { architecture: 'x86_64',
[00:23:43]                 │      containerized: false,
[00:23:43]                 │      hostname: 'zeek-sensor-amsterdam',
[00:23:43]                 │      id: '2ce8b1e7d69e4a1d9c6bcddc473da9d9',
[00:23:43]                 │      name: 'zeek-sensor-amsterdam',
[00:23:43]                 │      os: 
[00:23:43]                 │       { codename: 'bionic',
[00:23:43]                 │         family: 'debian',
[00:23:43]                 │         kernel: '4.15.0-45-generic',
[00:23:43]                 │         name: 'Ubuntu',
[00:23:43]                 │         platform: 'ubuntu',
[00:23:43]                 │         version: '18.04.2 LTS (Bionic Beaver)' } },
[00:23:43]                 │   message: 'Listening socket (127.0.0.53:53) OPEN by process systemd-resolve (PID: 1880) and user systemd-resolve (UID: 101)',
[00:23:43]                 │   network: { direction: 'listening', type: 'ipv4' },
[00:23:43]                 │   process: { name: 'systemd-resolve', pid: 1880 },
[00:23:43]                 │   service: { type: 'system' },
[00:23:43]                 │   socket: { entity_id: 'c508a858ff77716f07fd5bfdb1e88f4d0063450cc6d5ca03a57e1d6e4d61047c' },
[00:23:43]                 │   user: { id: 101, name: 'systemd-resolve' },
[00:23:43]                 │   signal: 
[00:23:43]                 │    { _meta: { version: 57 },
[00:23:43]                 │      parents: [ [Object] ],
[00:23:43]                 │      ancestors: [ [Object] ],
[00:23:43]                 │      status: 'open',
[00:23:43]                 │      rule: 
[00:23:43]                 │       { id: '811e0930-307c-11ec-914b-b7a7d49e2a76',
[00:23:43]                 │         actions: [],
[00:23:43]                 │         interval: '5m',
[00:23:43]                 │         name: 'existing_socket',
[00:23:43]                 │         tags: [],
[00:23:43]                 │         enabled: true,
[00:23:43]                 │         created_by: 'elastic',
[00:23:43]                 │         updated_by: 'elastic',
[00:23:43]                 │         throttle: null,
[00:23:43]                 │         created_at: '2021-10-19T01:33:04.733Z',
[00:23:43]                 │         updated_at: '2021-10-19T01:33:04.904Z',
[00:23:43]                 │         description: 'Tests a simple query',
[00:23:43]                 │         risk_score: 1,
[00:23:43]                 │         severity: 'high',
[00:23:43]                 │         output_index: '.siem-signals-default',
[00:23:43]                 │         meta: [Object],
[00:23:43]                 │         rule_name_override: 'event.action',
[00:23:43]                 │         author: [],
[00:23:43]                 │         false_positives: [],
[00:23:43]                 │         from: '1900-01-01T00:00:00.000Z',
[00:23:43]                 │         rule_id: 'rule-1',
[00:23:43]                 │         max_signals: 100,
[00:23:43]                 │         risk_score_mapping: [],
[00:23:43]                 │         severity_mapping: [],
[00:23:43]                 │         threat: [],
[00:23:43]                 │         to: 'now',
[00:23:43]                 │         references: [],
[00:23:43]                 │         version: 1,
[00:23:43]                 │         exceptions_list: [],
[00:23:43]                 │         immutable: false,
[00:23:43]                 │         type: 'query',
[00:23:43]                 │         language: 'kuery',
[00:23:43]                 │         index: [Object],
[00:23:43]                 │         query: '*:*' },
[00:23:43]                 │      reason: 'event with process systemd-resolve,:53, by systemd-resolve on zeek-sensor-amsterdam created high alert existing_socket.',
[00:23:43]                 │      depth: 1,
[00:23:43]                 │      parent: 
[00:23:43]                 │       { id: '7RXOBmkBR346wHgnH_4P',
[00:23:43]                 │         type: 'event',
[00:23:43]                 │         index: 'auditbeat-8.0.0-2019.02.19-000001',
[00:23:43]                 │         depth: 0 },
[00:23:43]                 │      original_time: '2019-02-19T17:29:23.677Z',
[00:23:43]                 │      original_event: 
[00:23:43]                 │       { action: 'existing_socket',
[00:23:43]                 │         dataset: 'socket',
[00:23:43]                 │         id: '69225608-2d5f-45a1-b3d1-6ff193d18c2b',
[00:23:43]                 │         kind: 'state',
[00:23:43]                 │         module: 'system' } } } to sort of equal { '@timestamp': '2021-10-19T01:33:08.007Z',
[00:23:43]                 │   agent: 
[00:23:43]                 │    { ephemeral_id: '1b4978a0-48be-49b1-ac96-323425b389ab',
[00:23:43]                 │      hostname: 'zeek-sensor-amsterdam',
[00:23:43]                 │      id: 'e52588e6-7aa3-4c89-a2c4-d6bc5c286db1',
[00:23:43]                 │      type: 'auditbeat',
[00:23:43]                 │      version: '8.0.0' },
[00:23:43]                 │   cloud: 
[00:23:43]                 │    { instance: { id: '133551048' },
[00:23:43]                 │      provider: 'digitalocean',
[00:23:43]                 │      region: 'ams3' },
[00:23:43]                 │   ecs: { version: '1.0.0-beta2' },
[00:23:43]                 │   event: 
[00:23:43]                 │    { action: 'boot',
[00:23:43]                 │      dataset: 'login',
[00:23:43]                 │      kind: 'signal',
[00:23:43]                 │      module: 'system',
[00:23:43]                 │      origin: '/var/log/wtmp' },
[00:23:43]                 │   host: 
[00:23:43]                 │    { architecture: 'x86_64',
[00:23:43]                 │      containerized: false,
[00:23:43]                 │      hostname: 'zeek-sensor-amsterdam',
[00:23:43]                 │      id: '2ce8b1e7d69e4a1d9c6bcddc473da9d9',
[00:23:43]                 │      name: 'zeek-sensor-amsterdam',
[00:23:43]                 │      os: 
[00:23:43]                 │       { codename: 'bionic',
[00:23:43]                 │         family: 'debian',
[00:23:43]                 │         kernel: '4.15.0-45-generic',
[00:23:43]                 │         name: 'Ubuntu',
[00:23:43]                 │         platform: 'ubuntu',
[00:23:43]                 │         version: '18.04.2 LTS (Bionic Beaver)' } },
[00:23:43]                 │   message: 'System boot',
[00:23:43]                 │   service: { type: 'system' },
[00:23:43]                 │   signal: 
[00:23:43]                 │    { _meta: { version: 57 },
[00:23:43]                 │      parents: [ [Object] ],
[00:23:43]                 │      ancestors: [ [Object] ],
[00:23:43]                 │      status: 'open',
[00:23:43]                 │      reason: 'event on zeek-sensor-amsterdam created high alert boot.',
[00:23:43]                 │      rule: 
[00:23:43]                 │       { id: '811e0930-307c-11ec-914b-b7a7d49e2a76',
[00:23:43]                 │         actions: [],
[00:23:43]                 │         interval: '5m',
[00:23:43]                 │         name: 'boot',
[00:23:43]                 │         tags: [],
[00:23:43]                 │         enabled: true,
[00:23:43]                 │         created_by: 'elastic',
[00:23:43]                 │         updated_by: 'elastic',
[00:23:43]                 │         throttle: null,
[00:23:43]                 │         created_at: '2021-10-19T01:33:04.733Z',
[00:23:43]                 │         updated_at: '2021-10-19T01:33:04.904Z',
[00:23:43]                 │         description: 'Tests a simple query',
[00:23:43]                 │         risk_score: 1,
[00:23:43]                 │         severity: 'high',
[00:23:43]                 │         output_index: '.siem-signals-default',
[00:23:43]                 │         meta: [Object],
[00:23:43]                 │         rule_name_override: 'event.action',
[00:23:43]                 │         author: [],
[00:23:43]                 │         false_positives: [],
[00:23:43]                 │         from: '1900-01-01T00:00:00.000Z',
[00:23:43]                 │         rule_id: 'rule-1',
[00:23:43]                 │         max_signals: 100,
[00:23:43]                 │         risk_score_mapping: [],
[00:23:43]                 │         severity_mapping: [],
[00:23:43]                 │         threat: [],
[00:23:43]                 │         to: 'now',
[00:23:43]                 │         references: [],
[00:23:43]                 │         version: 1,
[00:23:43]                 │         exceptions_list: [],
[00:23:43]                 │         immutable: false,
[00:23:43]                 │         type: 'query',
[00:23:43]                 │         language: 'kuery',
[00:23:43]                 │         index: [Object],
[00:23:43]                 │         query: '*:*' },
[00:23:43]                 │      original_time: '2019-02-19T17:29:23.677Z',
[00:23:43]                 │      depth: 1,
[00:23:43]                 │      parent: 
[00:23:43]                 │       { id: 'UBXOBmkBR346wHgnLP8T',
[00:23:43]                 │         type: 'event',
[00:23:43]                 │         index: 'auditbeat-8.0.0-2019.02.19-000001',
[00:23:43]                 │         depth: 0 },
[00:23:43]                 │      original_event: 
[00:23:43]                 │       { action: 'boot',
[00:23:43]                 │         dataset: 'login',
[00:23:43]                 │         kind: 'event',
[00:23:43]                 │         module: 'system',
[00:23:43]                 │         origin: '/var/log/wtmp' } } }
[00:23:43]                 │       + expected - actual
[00:23:43]                 │ 
[00:23:43]                 │            }
[00:23:43]                 │            "provider": "digitalocean"
[00:23:43]                 │            "region": "ams3"
[00:23:43]                 │          }
[00:23:43]                 │       -  "destination": {
[00:23:43]                 │       -    "ip": "127.0.0.53"
[00:23:43]                 │       -    "port": 53
[00:23:43]                 │       -  }
[00:23:43]                 │          "ecs": {
[00:23:43]                 │            "version": "1.0.0-beta2"
[00:23:43]                 │          }
[00:23:43]                 │          "event": {
[00:23:43]                 │       -    "action": "existing_socket"
[00:23:43]                 │       -    "dataset": "socket"
[00:23:43]                 │       -    "id": "69225608-2d5f-45a1-b3d1-6ff193d18c2b"
[00:23:43]                 │       +    "action": "boot"
[00:23:43]                 │       +    "dataset": "login"
[00:23:43]                 │            "kind": "signal"
[00:23:43]                 │            "module": "system"
[00:23:43]                 │       +    "origin": "/var/log/wtmp"
[00:23:43]                 │          }
[00:23:43]                 │          "host": {
[00:23:43]                 │            "architecture": "x86_64"
[00:23:43]                 │            "containerized": false
[00:23:43]                 │ --
[00:23:43]                 │              "platform": "ubuntu"
[00:23:43]                 │              "version": "18.04.2 LTS (Bionic Beaver)"
[00:23:43]                 │            }
[00:23:43]                 │          }
[00:23:43]                 │       -  "message": "Listening socket (127.0.0.53:53) OPEN by process systemd-resolve (PID: 1880) and user systemd-resolve (UID: 101)"
[00:23:43]                 │       -  "network": {
[00:23:43]                 │       -    "direction": "listening"
[00:23:43]                 │       -    "type": "ipv4"
[00:23:43]                 │       -  }
[00:23:43]                 │       -  "process": {
[00:23:43]                 │       -    "name": "systemd-resolve"
[00:23:43]                 │       -    "pid": 1880
[00:23:43]                 │       -  }
[00:23:43]                 │       +  "message": "System boot"
[00:23:43]                 │          "service": {
[00:23:43]                 │            "type": "system"
[00:23:43]                 │          }
[00:23:43]                 │          "signal": {
[00:23:43]                 │ --
[00:23:43]                 │            }
[00:23:43]                 │            "ancestors": [
[00:23:43]                 │              {
[00:23:43]                 │                "depth": 0
[00:23:43]                 │       -        "id": "7RXOBmkBR346wHgnH_4P"
[00:23:43]                 │       +        "id": "UBXOBmkBR346wHgnLP8T"
[00:23:43]                 │                "index": "auditbeat-8.0.0-2019.02.19-000001"
[00:23:43]                 │                "type": "event"
[00:23:43]                 │              }
[00:23:43]                 │            ]
[00:23:43]                 │            "depth": 1
[00:23:43]                 │            "original_event": {
[00:23:43]                 │       -      "action": "existing_socket"
[00:23:43]                 │       -      "dataset": "socket"
[00:23:43]                 │       -      "id": "69225608-2d5f-45a1-b3d1-6ff193d18c2b"
[00:23:43]                 │       -      "kind": "state"
[00:23:43]                 │       +      "action": "boot"
[00:23:43]                 │       +      "dataset": "login"
[00:23:43]                 │       +      "kind": "event"
[00:23:43]                 │              "module": "system"
[00:23:43]                 │       +      "origin": "/var/log/wtmp"
[00:23:43]                 │            }
[00:23:43]                 │            "original_time": "2019-02-19T17:29:23.677Z"
[00:23:43]                 │            "parent": {
[00:23:43]                 │              "depth": 0
[00:23:43]                 │       -      "id": "7RXOBmkBR346wHgnH_4P"
[00:23:43]                 │       +      "id": "UBXOBmkBR346wHgnLP8T"
[00:23:43]                 │              "index": "auditbeat-8.0.0-2019.02.19-000001"
[00:23:43]                 │              "type": "event"
[00:23:43]                 │            }
[00:23:43]                 │            "parents": [
[00:23:43]                 │              {
[00:23:43]                 │                "depth": 0
[00:23:43]                 │       -        "id": "7RXOBmkBR346wHgnH_4P"
[00:23:43]                 │       +        "id": "UBXOBmkBR346wHgnLP8T"
[00:23:43]                 │                "index": "auditbeat-8.0.0-2019.02.19-000001"
[00:23:43]                 │                "type": "event"
[00:23:43]                 │              }
[00:23:43]                 │            ]
[00:23:43]                 │       -    "reason": "event with process systemd-resolve,:53, by systemd-resolve on zeek-sensor-amsterdam created high alert existing_socket."
[00:23:43]                 │       +    "reason": "event on zeek-sensor-amsterdam created high alert boot."
[00:23:43]                 │            "rule": {
[00:23:43]                 │              "actions": []
[00:23:43]                 │              "author": []
[00:23:43]                 │              "created_at": "2021-10-19T01:33:04.733Z"
[00:23:43]                 │ --
[00:23:43]                 │              "max_signals": 100
[00:23:43]                 │              "meta": {
[00:23:43]                 │                "ruleNameOverridden": true
[00:23:43]                 │              }
[00:23:43]                 │       -      "name": "existing_socket"
[00:23:43]                 │       +      "name": "boot"
[00:23:43]                 │              "output_index": ".siem-signals-default"
[00:23:43]                 │              "query": "*:*"
[00:23:43]                 │              "references": []
[00:23:43]                 │              "risk_score": 1
[00:23:43]                 │ --
[00:23:43]                 │              "version": 1
[00:23:43]                 │            }
[00:23:43]                 │            "status": "open"
[00:23:43]                 │          }
[00:23:43]                 │       -  "socket": {
[00:23:43]                 │       -    "entity_id": "c508a858ff77716f07fd5bfdb1e88f4d0063450cc6d5ca03a57e1d6e4d61047c"
[00:23:43]                 │       -  }
[00:23:43]                 │       -  "user": {
[00:23:43]                 │       -    "id": 101
[00:23:43]                 │       -    "name": "systemd-resolve"
[00:23:43]                 │       -  }
[00:23:43]                 │        }
[00:23:43]                 │       
[00:23:43]                 │       at Assertion.assert (/dev/shm/workspace/parallel/9/kibana/node_modules/@kbn/expect/expect.js:100:11)
[00:23:43]                 │       at Assertion.eql (/dev/shm/workspace/parallel/9/kibana/node_modules/@kbn/expect/expect.js:244:8)
[00:23:43]                 │       at Context.<anonymous> (test/detection_engine_api_integration/security_and_spaces/tests/generating_signals.ts:1643:28)
[00:23:43]                 │       at runMicrotasks (<anonymous>)
[00:23:43]                 │       at processTicksAndRejections (node:internal/process/task_queues:96:5)
[00:23:43]                 │       at Object.apply (/dev/shm/workspace/parallel/9/kibana/node_modules/@kbn/test/target_node/functional_test_runner/lib/mocha/wrap_function.js:87:16)
[00:23:43]                 │ 
[00:23:43]                 │

Stack Trace

Error: expected { '@timestamp': '2021-10-19T01:33:08.007Z',
  agent: 
   { ephemeral_id: '1b4978a0-48be-49b1-ac96-323425b389ab',
     hostname: 'zeek-sensor-amsterdam',
     id: 'e52588e6-7aa3-4c89-a2c4-d6bc5c286db1',
     type: 'auditbeat',
     version: '8.0.0' },
  cloud: 
   { instance: { id: '133551048' },
     provider: 'digitalocean',
     region: 'ams3' },
  destination: { ip: '127.0.0.53', port: 53 },
  ecs: { version: '1.0.0-beta2' },
  event: 
   { action: 'existing_socket',
     dataset: 'socket',
     id: '69225608-2d5f-45a1-b3d1-6ff193d18c2b',
     kind: 'signal',
     module: 'system' },
  host: 
   { architecture: 'x86_64',
     containerized: false,
     hostname: 'zeek-sensor-amsterdam',
     id: '2ce8b1e7d69e4a1d9c6bcddc473da9d9',
     name: 'zeek-sensor-amsterdam',
     os: 
      { codename: 'bionic',
        family: 'debian',
        kernel: '4.15.0-45-generic',
        name: 'Ubuntu',
        platform: 'ubuntu',
        version: '18.04.2 LTS (Bionic Beaver)' } },
  message: 'Listening socket (127.0.0.53:53) OPEN by process systemd-resolve (PID: 1880) and user systemd-resolve (UID: 101)',
  network: { direction: 'listening', type: 'ipv4' },
  process: { name: 'systemd-resolve', pid: 1880 },
  service: { type: 'system' },
  socket: { entity_id: 'c508a858ff77716f07fd5bfdb1e88f4d0063450cc6d5ca03a57e1d6e4d61047c' },
  user: { id: 101, name: 'systemd-resolve' },
  signal: 
   { _meta: { version: 57 },
     parents: [ [Object] ],
     ancestors: [ [Object] ],
     status: 'open',
     rule: 
      { id: '811e0930-307c-11ec-914b-b7a7d49e2a76',
        actions: [],
        interval: '5m',
        name: 'existing_socket',
        tags: [],
        enabled: true,
        created_by: 'elastic',
        updated_by: 'elastic',
        throttle: null,
        created_at: '2021-10-19T01:33:04.733Z',
        updated_at: '2021-10-19T01:33:04.904Z',
        description: 'Tests a simple query',
        risk_score: 1,
        severity: 'high',
        output_index: '.siem-signals-default',
        meta: [Object],
        rule_name_override: 'event.action',
        author: [],
        false_positives: [],
        from: '1900-01-01T00:00:00.000Z',
        rule_id: 'rule-1',
        max_signals: 100,
        risk_score_mapping: [],
        severity_mapping: [],
        threat: [],
        to: 'now',
        references: [],
        version: 1,
        exceptions_list: [],
        immutable: false,
        type: 'query',
        language: 'kuery',
        index: [Object],
        query: '*:*' },
     reason: 'event with process systemd-resolve,:53, by systemd-resolve on zeek-sensor-amsterdam created high alert existing_socket.',
     depth: 1,
     parent: 
      { id: '7RXOBmkBR346wHgnH_4P',
        type: 'event',
        index: 'auditbeat-8.0.0-2019.02.19-000001',
        depth: 0 },
     original_time: '2019-02-19T17:29:23.677Z',
     original_event: 
      { action: 'existing_socket',
        dataset: 'socket',
        id: '69225608-2d5f-45a1-b3d1-6ff193d18c2b',
        kind: 'state',
        module: 'system' } } } to sort of equal { '@timestamp': '2021-10-19T01:33:08.007Z',
  agent: 
   { ephemeral_id: '1b4978a0-48be-49b1-ac96-323425b389ab',
     hostname: 'zeek-sensor-amsterdam',
     id: 'e52588e6-7aa3-4c89-a2c4-d6bc5c286db1',
     type: 'auditbeat',
     version: '8.0.0' },
  cloud: 
   { instance: { id: '133551048' },
     provider: 'digitalocean',
     region: 'ams3' },
  ecs: { version: '1.0.0-beta2' },
  event: 
   { action: 'boot',
     dataset: 'login',
     kind: 'signal',
     module: 'system',
     origin: '/var/log/wtmp' },
  host: 
   { architecture: 'x86_64',
     containerized: false,
     hostname: 'zeek-sensor-amsterdam',
     id: '2ce8b1e7d69e4a1d9c6bcddc473da9d9',
     name: 'zeek-sensor-amsterdam',
     os: 
      { codename: 'bionic',
        family: 'debian',
        kernel: '4.15.0-45-generic',
        name: 'Ubuntu',
        platform: 'ubuntu',
        version: '18.04.2 LTS (Bionic Beaver)' } },
  message: 'System boot',
  service: { type: 'system' },
  signal: 
   { _meta: { version: 57 },
     parents: [ [Object] ],
     ancestors: [ [Object] ],
     status: 'open',
     reason: 'event on zeek-sensor-amsterdam created high alert boot.',
     rule: 
      { id: '811e0930-307c-11ec-914b-b7a7d49e2a76',
        actions: [],
        interval: '5m',
        name: 'boot',
        tags: [],
        enabled: true,
        created_by: 'elastic',
        updated_by: 'elastic',
        throttle: null,
        created_at: '2021-10-19T01:33:04.733Z',
        updated_at: '2021-10-19T01:33:04.904Z',
        description: 'Tests a simple query',
        risk_score: 1,
        severity: 'high',
        output_index: '.siem-signals-default',
        meta: [Object],
        rule_name_override: 'event.action',
        author: [],
        false_positives: [],
        from: '1900-01-01T00:00:00.000Z',
        rule_id: 'rule-1',
        max_signals: 100,
        risk_score_mapping: [],
        severity_mapping: [],
        threat: [],
        to: 'now',
        references: [],
        version: 1,
        exceptions_list: [],
        immutable: false,
        type: 'query',
        language: 'kuery',
        index: [Object],
        query: '*:*' },
     original_time: '2019-02-19T17:29:23.677Z',
     depth: 1,
     parent: 
      { id: 'UBXOBmkBR346wHgnLP8T',
        type: 'event',
        index: 'auditbeat-8.0.0-2019.02.19-000001',
        depth: 0 },
     original_event: 
      { action: 'boot',
        dataset: 'login',
        kind: 'event',
        module: 'system',
        origin: '/var/log/wtmp' } } }
    at Assertion.assert (/dev/shm/workspace/parallel/9/kibana/node_modules/@kbn/expect/expect.js:100:11)
    at Assertion.eql (/dev/shm/workspace/parallel/9/kibana/node_modules/@kbn/expect/expect.js:244:8)
    at Context.<anonymous> (test/detection_engine_api_integration/security_and_spaces/tests/generating_signals.ts:1643:28)
    at runMicrotasks (<anonymous>)
    at processTicksAndRejections (node:internal/process/task_queues:96:5)
    at Object.apply (/dev/shm/workspace/parallel/9/kibana/node_modules/@kbn/test/target_node/functional_test_runner/lib/mocha/wrap_function.js:87:16) {
  actual: '{\n' +
    '  "@timestamp": "2021-10-19T01:33:08.007Z"\n' +
    '  "agent": {\n' +
    '    "ephemeral_id": "1b4978a0-48be-49b1-ac96-323425b389ab"\n' +
    '    "hostname": "zeek-sensor-amsterdam"\n' +
    '    "id": "e52588e6-7aa3-4c89-a2c4-d6bc5c286db1"\n' +
    '    "type": "auditbeat"\n' +
    '    "version": "8.0.0"\n' +
    '  }\n' +
    '  "cloud": {\n' +
    '    "instance": {\n' +
    '      "id": "133551048"\n' +
    '    }\n' +
    '    "provider": "digitalocean"\n' +
    '    "region": "ams3"\n' +
    '  }\n' +
    '  "destination": {\n' +
    '    "ip": "127.0.0.53"\n' +
    '    "port": 53\n' +
    '  }\n' +
    '  "ecs": {\n' +
    '    "version": "1.0.0-beta2"\n' +
    '  }\n' +
    '  "event": {\n' +
    '    "action": "existing_socket"\n' +
    '    "dataset": "socket"\n' +
    '    "id": "69225608-2d5f-45a1-b3d1-6ff193d18c2b"\n' +
    '    "kind": "signal"\n' +
    '    "module": "system"\n' +
    '  }\n' +
    '  "host": {\n' +
    '    "architecture": "x86_64"\n' +
    '    "containerized": false\n' +
    '    "hostname": "zeek-sensor-amsterdam"\n' +
    '    "id": "2ce8b1e7d69e4a1d9c6bcddc473da9d9"\n' +
    '    "name": "zeek-sensor-amsterdam"\n' +
    '    "os": {\n' +
    '      "codename": "bionic"\n' +
    '      "family": "debian"\n' +
    '      "kernel": "4.15.0-45-generic"\n' +
    '      "name": "Ubuntu"\n' +
    '      "platform": "ubuntu"\n' +
    '      "version": "18.04.2 LTS (Bionic Beaver)"\n' +
    '    }\n' +
    '  }\n' +
    '  "message": "Listening socket (127.0.0.53:53) OPEN by process systemd-resolve (PID: 1880) and user systemd-resolve (UID: 101)"\n' +
    '  "network": {\n' +
    '    "direction": "listening"\n' +
    '    "type": "ipv4"\n' +
    '  }\n' +
    '  "process": {\n' +
    '    "name": "systemd-resolve"\n' +
    '    "pid": 1880\n' +
    '  }\n' +
    '  "service": {\n' +
    '    "type": "system"\n' +
    '  }\n' +
    '  "signal": {\n' +
    '    "_meta": {\n' +
    '      "version": 57\n' +
    '    }\n' +
    '    "ancestors": [\n' +
    '      {\n' +
    '        "depth": 0\n' +
    '        "id": "7RXOBmkBR346wHgnH_4P"\n' +
    '        "index": "auditbeat-8.0.0-2019.02.19-000001"\n' +
    '        "type": "event"\n' +
    '      }\n' +
    '    ]\n' +
    '    "depth": 1\n' +
    '    "original_event": {\n' +
    '      "action": "existing_socket"\n' +
    '      "dataset": "socket"\n' +
    '      "id": "69225608-2d5f-45a1-b3d1-6ff193d18c2b"\n' +
    '      "kind": "state"\n' +
    '      "module": "system"\n' +
    '    }\n' +
    '    "original_time": "2019-02-19T17:29:23.677Z"\n' +
    '    "parent": {\n' +
    '      "depth": 0\n' +
    '      "id": "7RXOBmkBR346wHgnH_4P"\n' +
    '      "index": "auditbeat-8.0.0-2019.02.19-000001"\n' +
    '      "type": "event"\n' +
    '    }\n' +
    '    "parents": [\n' +
    '      {\n' +
    '        "depth": 0\n' +
    '        "id": "7RXOBmkBR346wHgnH_4P"\n' +
    '        "index": "auditbeat-8.0.0-2019.02.19-000001"\n' +
    '        "type": "event"\n' +
    '      }\n' +
    '    ]\n' +
    '    "reason": "event with process systemd-resolve,:53, by systemd-resolve on zeek-sensor-amsterdam created high alert existing_socket."\n' +
    '    "rule": {\n' +
    '      "actions": []\n' +
    '      "author": []\n' +
    '      "created_at": "2021-10-19T01:33:04.733Z"\n' +
    '      "created_by": "elastic"\n' +
    '      "description": "Tests a simple query"\n' +
    '      "enabled": true\n' +
    '      "exceptions_list": []\n' +
    '      "false_positives": []\n' +
    '      "from": "1900-01-01T00:00:00.000Z"\n' +
    '      "id": "811e0930-307c-11ec-914b-b7a7d49e2a76"\n' +
    '      "immutable": false\n' +
    '      "index": [\n' +
    '        "auditbeat-*"\n' +
    '      ]\n' +
    '      "interval": "5m"\n' +
    '      "language": "kuery"\n' +
    '      "max_signals": 100\n' +
    '      "meta": {\n' +
    '        "ruleNameOverridden": true\n' +
    '      }\n' +
    '      "name": "existing_socket"\n' +
    '      "output_index": ".siem-signals-default"\n' +
    '      "query": "*:*"\n' +
    '      "references": []\n' +
    '      "risk_score": 1\n' +
    '      "risk_score_mapping": []\n' +
    '      "rule_id": "rule-1"\n' +
    '      "rule_name_override": "event.action"\n' +
    '      "severity": "high"\n' +
    '      "severity_mapping": []\n' +
    '      "tags": []\n' +
    '      "threat": []\n' +
    '      "throttle": [null]\n' +
    '      "to": "now"\n' +
    '      "type": "query"\n' +
    '      "updated_at": "2021-10-19T01:33:04.904Z"\n' +
    '      "updated_by": "elastic"\n' +
    '      "version": 1\n' +
    '    }\n' +
    '    "status": "open"\n' +
    '  }\n' +
    '  "socket": {\n' +
    '    "entity_id": "c508a858ff77716f07fd5bfdb1e88f4d0063450cc6d5ca03a57e1d6e4d61047c"\n' +
    '  }\n' +
    '  "user": {\n' +
    '    "id": 101\n' +
    '    "name": "systemd-resolve"\n' +
    '  }\n' +
    '}',
  expected: '{\n' +
    '  "@timestamp": "2021-10-19T01:33:08.007Z"\n' +
    '  "agent": {\n' +
    '    "ephemeral_id": "1b4978a0-48be-49b1-ac96-323425b389ab"\n' +
    '    "hostname": "zeek-sensor-amsterdam"\n' +
    '    "id": "e52588e6-7aa3-4c89-a2c4-d6bc5c286db1"\n' +
    '    "type": "auditbeat"\n' +
    '    "version": "8.0.0"\n' +
    '  }\n' +
    '  "cloud": {\n' +
    '    "instance": {\n' +
    '      "id": "133551048"\n' +
    '    }\n' +
    '    "provider": "digitalocean"\n' +
    '    "region": "ams3"\n' +
    '  }\n' +
    '  "ecs": {\n' +
    '    "version": "1.0.0-beta2"\n' +
    '  }\n' +
    '  "event": {\n' +
    '    "action": "boot"\n' +
    '    "dataset": "login"\n' +
    '    "kind": "signal"\n' +
    '    "module": "system"\n' +
    '    "origin": "/var/log/wtmp"\n' +
    '  }\n' +
    '  "host": {\n' +
    '    "architecture": "x86_64"\n' +
    '    "containerized": false\n' +
    '    "hostname": "zeek-sensor-amsterdam"\n' +
    '    "id": "2ce8b1e7d69e4a1d9c6bcddc473da9d9"\n' +
    '    "name": "zeek-sensor-amsterdam"\n' +
    '    "os": {\n' +
    '      "codename": "bionic"\n' +
    '      "family": "debian"\n' +
    '      "kernel": "4.15.0-45-generic"\n' +
    '      "name": "Ubuntu"\n' +
    '      "platform": "ubuntu"\n' +
    '      "version": "18.04.2 LTS (Bionic Beaver)"\n' +
    '    }\n' +
    '  }\n' +
    '  "message": "System boot"\n' +
    '  "service": {\n' +
    '    "type": "system"\n' +
    '  }\n' +
    '  "signal": {\n' +
    '    "_meta": {\n' +
    '      "version": 57\n' +
    '    }\n' +
    '    "ancestors": [\n' +
    '      {\n' +
    '        "depth": 0\n' +
    '        "id": "UBXOBmkBR346wHgnLP8T"\n' +
    '        "index": "auditbeat-8.0.0-2019.02.19-000001"\n' +
    '        "type": "event"\n' +
    '      }\n' +
    '    ]\n' +
    '    "depth": 1\n' +
    '    "original_event": {\n' +
    '      "action": "boot"\n' +
    '      "dataset": "login"\n' +
    '      "kind": "event"\n' +
    '      "module": "system"\n' +
    '      "origin": "/var/log/wtmp"\n' +
    '    }\n' +
    '    "original_time": "2019-02-19T17:29:23.677Z"\n' +
    '    "parent": {\n' +
    '      "depth": 0\n' +
    '      "id": "UBXOBmkBR346wHgnLP8T"\n' +
    '      "index": "auditbeat-8.0.0-2019.02.19-000001"\n' +
    '      "type": "event"\n' +
    '    }\n' +
    '    "parents": [\n' +
    '      {\n' +
    '        "depth": 0\n' +
    '        "id": "UBXOBmkBR346wHgnLP8T"\n' +
    '        "index": "auditbeat-8.0.0-2019.02.19-000001"\n' +
    '        "type": "event"\n' +
    '      }\n' +
    '    ]\n' +
    '    "reason": "event on zeek-sensor-amsterdam created high alert boot."\n' +
    '    "rule": {\n' +
    '      "actions": []\n' +
    '      "author": []\n' +
    '      "created_at": "2021-10-19T01:33:04.733Z"\n' +
    '      "created_by": "elastic"\n' +
    '      "description": "Tests a simple query"\n' +
    '      "enabled": true\n' +
    '      "exceptions_list": []\n' +
    '      "false_positives": []\n' +
    '      "from": "1900-01-01T00:00:00.000Z"\n' +
    '      "id": "811e0930-307c-11ec-914b-b7a7d49e2a76"\n' +
    '      "immutable": false\n' +
    '      "index": [\n' +
    '        "auditbeat-*"\n' +
    '      ]\n' +
    '      "interval": "5m"\n' +
    '      "language": "kuery"\n' +
    '      "max_signals": 100\n' +
    '      "meta": {\n' +
    '        "ruleNameOverridden": true\n' +
    '      }\n' +
    '      "name": "boot"\n' +
    '      "output_index": ".siem-signals-default"\n' +
    '      "query": "*:*"\n' +
    '      "references": []\n' +
    '      "risk_score": 1\n' +
    '      "risk_score_mapping": []\n' +
    '      "rule_id": "rule-1"\n' +
    '      "rule_name_override": "event.action"\n' +
    '      "severity": "high"\n' +
    '      "severity_mapping": []\n' +
    '      "tags": []\n' +
    '      "threat": []\n' +
    '      "throttle": [null]\n' +
    '      "to": "now"\n' +
    '      "type": "query"\n' +
    '      "updated_at": "2021-10-19T01:33:04.904Z"\n' +
    '      "updated_by": "elastic"\n' +
    '      "version": 1\n' +
    '    }\n' +
    '    "status": "open"\n' +
    '  }\n' +
    '}',
  showDiff: true
}
Kibana Pipeline / general / task-queue-process-2 / X-Pack Endpoint API Integration Tests.x-pack/test/security_solution_endpoint_api_int/apis/metadata·ts.Endpoint plugin test metadata api with metrics-endpoint.metadata_current_default index POST /api/endpoint/metadata when index is not empty metadata api should return one entry for each host with default paging

Link to Jenkins

Standard Out

Failed Tests Reporter:
  - Test has failed 4 times on tracked branches: https://github.com/elastic/kibana/issues/115488

[00:00:00]     │
[00:00:00]       └-: Endpoint plugin
[00:00:00]         └-> "before all" hook in "Endpoint plugin"
[00:00:00]         └-> "before all" hook in "Endpoint plugin"
[00:00:00]           │ info [o.e.c.m.MetadataMappingService] [node-01] [.kibana_8.0.0_001/WjnytmEDTI2qBm_nz47nYw] update_mapping [_doc]
[00:00:00]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [.fleet_component_template-1]
[00:00:00]           │ info [docker:registry] 2021/10/19 01:28:18 source.ip: 172.17.0.1:42566, url.original: /search?package=system&internal=true&experimental=true
[00:00:00]           │ info [docker:registry] 2021/10/19 01:28:18 source.ip: 172.17.0.1:42568, url.original: /search?package=elastic_agent&internal=true&experimental=true
[00:00:00]           │ info [docker:registry] 2021/10/19 01:28:18 source.ip: 172.17.0.1:42564, url.original: /search?package=endpoint&internal=true&experimental=true
[00:00:00]           │ info [docker:registry] 2021/10/19 01:28:18 source.ip: 172.17.0.1:42570, url.original: /search?package=fleet_server&internal=true&experimental=true
[00:00:00]           │ info [docker:registry] 2021/10/19 01:28:18 source.ip: 172.17.0.1:42582, url.original: /search?package=elastic_agent&internal=true&experimental=true
[00:00:01]           │ info [docker:registry] 2021/10/19 01:28:18 source.ip: 172.17.0.1:42586, url.original: /search?package=fleet_server&internal=true&experimental=true
[00:00:01]           │ info [docker:registry] 2021/10/19 01:28:18 source.ip: 172.17.0.1:42580, url.original: /search?package=endpoint&internal=true&experimental=true
[00:00:01]           │ info [docker:registry] 2021/10/19 01:28:18 source.ip: 172.17.0.1:42578, url.original: /search?package=system&internal=true&experimental=true
[00:00:01]           │ info [o.e.c.m.MetadataMappingService] [node-01] [.kibana_8.0.0_001/WjnytmEDTI2qBm_nz47nYw] update_mapping [_doc]
[00:00:01]           │ info [docker:registry] 2021/10/19 01:28:18 source.ip: 172.17.0.1:42592, url.original: /package/elastic_agent/1.2.1
[00:00:01]           │ info [docker:registry] 2021/10/19 01:28:18 source.ip: 172.17.0.1:42596, url.original: /package/endpoint/1.2.0-dev.1
[00:00:01]           │ info [docker:registry] 2021/10/19 01:28:18 source.ip: 172.17.0.1:42598, url.original: /package/fleet_server/1.0.1
[00:00:01]           │ info [docker:registry] 2021/10/19 01:28:18 source.ip: 172.17.0.1:42602, url.original: /package/system/1.4.2
[00:00:01]           │ info [docker:registry] 2021/10/19 01:28:18 source.ip: 172.17.0.1:42612, url.original: /package/elastic_agent/1.2.1/
[00:00:01]           │ info [docker:registry] 2021/10/19 01:28:18 source.ip: 172.17.0.1:42614, url.original: /package/endpoint/1.2.0-dev.1/
[00:00:01]           │ info [docker:registry] 2021/10/19 01:28:18 source.ip: 172.17.0.1:42616, url.original: /package/system/1.4.2/
[00:00:01]           │ info [docker:registry] 2021/10/19 01:28:18 source.ip: 172.17.0.1:42618, url.original: /package/fleet_server/1.0.1/
[00:00:01]           │ info [docker:registry] 2021/10/19 01:28:18 source.ip: 172.17.0.1:42622, url.original: /epr/fleet_server/fleet_server-1.0.1.zip
[00:00:01]           │ info [docker:registry] 2021/10/19 01:28:18 source.ip: 172.17.0.1:42628, url.original: /epr/elastic_agent/elastic_agent-1.2.1.zip
[00:00:01]           │ info [docker:registry] 2021/10/19 01:28:18 source.ip: 172.17.0.1:42630, url.original: /epr/endpoint/endpoint-1.2.0-dev.1.zip
[00:00:01]           │ info [docker:registry] 2021/10/19 01:28:18 source.ip: 172.17.0.1:42634, url.original: /epr/system/system-1.4.2.zip
[00:00:02]           │ info [o.e.c.m.MetadataMappingService] [node-01] [.kibana_8.0.0_001/WjnytmEDTI2qBm_nz47nYw] update_mapping [_doc]
[00:00:02]           │ info [o.e.c.m.MetadataMappingService] [node-01] [.kibana_8.0.0_001/WjnytmEDTI2qBm_nz47nYw] update_mapping [_doc]
[00:00:02]           │ info [o.e.c.m.MetadataMappingService] [node-01] [.kibana_8.0.0_001/WjnytmEDTI2qBm_nz47nYw] update_mapping [_doc]
[00:00:04]           │ info [o.e.x.i.a.TransportPutLifecycleAction] [node-01] adding index lifecycle policy [logs-endpoint.collection-diagnostic]
[00:00:04]           │ info [o.e.c.m.MetadataMappingService] [node-01] [.kibana_8.0.0_001/WjnytmEDTI2qBm_nz47nYw] update_mapping [_doc]
[00:00:05]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-elastic_agent.apm_server@settings]
[00:00:05]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-elastic_agent.apm_server@mappings]
[00:00:05]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-elastic_agent.apm_server@mappings]
[00:00:05]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-elastic_agent.apm_server@settings]
[00:00:05]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-elastic_agent.auditbeat@mappings]
[00:00:05]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-elastic_agent.auditbeat@settings]
[00:00:05]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-elastic_agent.auditbeat@settings]
[00:00:05]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-elastic_agent.auditbeat@mappings]
[00:00:05]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-elastic_agent.filebeat@settings]
[00:00:05]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-elastic_agent@mappings]
[00:00:05]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-elastic_agent.filebeat@mappings]
[00:00:05]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-elastic_agent.endpoint_security@settings]
[00:00:05]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-elastic_agent.endpoint_security@mappings]
[00:00:05]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-elastic_agent@settings]
[00:00:05]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-elastic_agent.metricbeat@settings]
[00:00:05]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-elastic_agent.metricbeat@mappings]
[00:00:05]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-elastic_agent.fleet_server@mappings]
[00:00:05]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-elastic_agent.fleet_server@settings]
[00:00:05]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-elastic_agent.elastic_agent@settings]
[00:00:05]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-elastic_agent.elastic_agent@mappings]
[00:00:05]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-elastic_agent.filebeat@settings]
[00:00:05]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-elastic_agent.filebeat@mappings]
[00:00:05]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-elastic_agent.packetbeat@mappings]
[00:00:05]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-elastic_agent.packetbeat@settings]
[00:00:05]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-elastic_agent.fleet_server@mappings]
[00:00:05]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-elastic_agent.fleet_server@settings]
[00:00:05]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-elastic_agent.endpoint_security@mappings]
[00:00:05]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-elastic_agent.endpoint_security@settings]
[00:00:05]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-elastic_agent.heartbeat@mappings]
[00:00:05]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-elastic_agent.heartbeat@settings]
[00:00:05]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-elastic_agent.packetbeat@mappings]
[00:00:05]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-elastic_agent.packetbeat@settings]
[00:00:05]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-elastic_agent.heartbeat@mappings]
[00:00:06]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-elastic_agent.metricbeat@mappings]
[00:00:06]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-elastic_agent.osquerybeat@mappings]
[00:00:06]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-elastic_agent.osquerybeat@mappings]
[00:00:06]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-elastic_agent.apm_server@custom]
[00:00:06]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-elastic_agent.apm_server@custom]
[00:00:06]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-elastic_agent.auditbeat@custom]
[00:00:06]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-elastic_agent.auditbeat@custom]
[00:00:06]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-elastic_agent.filebeat@custom]
[00:00:06]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-elastic_agent@custom]
[00:00:06]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-elastic_agent.endpoint_security@custom]
[00:00:06]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-elastic_agent.metricbeat@custom]
[00:00:06]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-elastic_agent.fleet_server@custom]
[00:00:06]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-elastic_agent.elastic_agent@custom]
[00:00:06]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-elastic_agent.filebeat@custom]
[00:00:06]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-elastic_agent.packetbeat@custom]
[00:00:06]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-elastic_agent.fleet_server@custom]
[00:00:06]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-elastic_agent.endpoint_security@custom]
[00:00:06]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-elastic_agent.heartbeat@custom]
[00:00:06]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-elastic_agent.packetbeat@custom]
[00:00:06]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-elastic_agent.metricbeat@settings]
[00:00:06]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-elastic_agent.osquerybeat@settings]
[00:00:06]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-elastic_agent.osquerybeat@settings]
[00:00:06]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-elastic_agent.heartbeat@custom]
[00:00:06]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-elastic_agent.heartbeat@settings]
[00:00:06]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-elastic_agent.metricbeat@custom]
[00:00:06]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-elastic_agent.osquerybeat@custom]
[00:00:06]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-elastic_agent.osquerybeat@custom]
[00:00:06]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [logs-elastic_agent.apm_server] for index patterns [logs-elastic_agent.apm_server-*]
[00:00:06]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [metrics-elastic_agent.apm_server] for index patterns [metrics-elastic_agent.apm_server-*]
[00:00:06]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [logs-elastic_agent.auditbeat] for index patterns [logs-elastic_agent.auditbeat-*]
[00:00:06]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [metrics-elastic_agent.auditbeat] for index patterns [metrics-elastic_agent.auditbeat-*]
[00:00:07]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [metrics-elastic_agent.filebeat] for index patterns [metrics-elastic_agent.filebeat-*]
[00:00:07]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [logs-elastic_agent] for index patterns [logs-elastic_agent-*]
[00:00:07]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [metrics-elastic_agent.endpoint_security] for index patterns [metrics-elastic_agent.endpoint_security-*]
[00:00:07]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [logs-elastic_agent.metricbeat] for index patterns [logs-elastic_agent.metricbeat-*]
[00:00:07]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [logs-elastic_agent.fleet_server] for index patterns [logs-elastic_agent.fleet_server-*]
[00:00:07]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [metrics-elastic_agent.elastic_agent] for index patterns [metrics-elastic_agent.elastic_agent-*]
[00:00:07]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [logs-elastic_agent.filebeat] for index patterns [logs-elastic_agent.filebeat-*]
[00:00:07]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [logs-elastic_agent.packetbeat] for index patterns [logs-elastic_agent.packetbeat-*]
[00:00:07]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [metrics-elastic_agent.fleet_server] for index patterns [metrics-elastic_agent.fleet_server-*]
[00:00:07]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [logs-elastic_agent.endpoint_security] for index patterns [logs-elastic_agent.endpoint_security-*]
[00:00:07]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [metrics-elastic_agent.heartbeat] for index patterns [metrics-elastic_agent.heartbeat-*]
[00:00:07]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [metrics-elastic_agent.packetbeat] for index patterns [metrics-elastic_agent.packetbeat-*]
[00:00:07]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [logs-elastic_agent.heartbeat] for index patterns [logs-elastic_agent.heartbeat-*]
[00:00:07]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [metrics-elastic_agent.metricbeat] for index patterns [metrics-elastic_agent.metricbeat-*]
[00:00:07]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [metrics-elastic_agent.osquerybeat] for index patterns [metrics-elastic_agent.osquerybeat-*]
[00:00:07]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [logs-elastic_agent.osquerybeat] for index patterns [logs-elastic_agent.osquerybeat-*]
[00:00:08]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [metrics-metadata-current] for index patterns [metrics-endpoint.metadata_current_*]
[00:00:08]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [metrics-metadata-united] for index patterns [.metrics-endpoint.metadata_united_*]
[00:00:09]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [.logs-endpoint.action.responses@mappings]
[00:00:09]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [.logs-endpoint.action.responses@settings]
[00:00:09]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [.logs-endpoint.actions@mappings]
[00:00:09]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [.logs-endpoint.actions@settings]
[00:00:09]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-endpoint.alerts@mappings]
[00:00:09]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-endpoint.alerts@settings]
[00:00:09]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-endpoint.metrics@mappings]
[00:00:09]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-endpoint.metrics@settings]
[00:00:09]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-endpoint.events.registry@mappings]
[00:00:09]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-endpoint.events.registry@settings]
[00:00:09]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-endpoint.events.process@mappings]
[00:00:09]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-endpoint.events.process@settings]
[00:00:09]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-endpoint.events.library@mappings]
[00:00:09]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-endpoint.events.library@settings]
[00:00:09]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-endpoint.metadata@mappings]
[00:00:09]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-endpoint.metadata@settings]
[00:00:09]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-endpoint.policy@mappings]
[00:00:10]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-endpoint.policy@settings]
[00:00:10]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-endpoint.events.security@mappings]
[00:00:10]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-endpoint.events.security@settings]
[00:00:10]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-endpoint.events.file@mappings]
[00:00:10]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-endpoint.events.file@settings]
[00:00:10]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-endpoint.events.network@settings]
[00:00:10]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-endpoint.events.network@mappings]
[00:00:10]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [.logs-endpoint.diagnostic.collection@mappings]
[00:00:10]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [.logs-endpoint.diagnostic.collection@settings]
[00:00:10]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-system.application@settings]
[00:00:10]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-system.process.summary@settings]
[00:00:10]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-system.process@settings]
[00:00:10]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-system.diskio@settings]
[00:00:10]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-system.auth@settings]
[00:00:10]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-system.socket_summary@settings]
[00:00:10]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-system.syslog@settings]
[00:00:10]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-system.core@settings]
[00:00:10]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-system.fsstat@settings]
[00:00:10]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-system.memory@settings]
[00:00:10]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-system.security@settings]
[00:00:10]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-system.system@settings]
[00:00:10]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-system.load@settings]
[00:00:11]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-system.cpu@settings]
[00:00:11]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-system.uptime@settings]
[00:00:11]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-system.filesystem@settings]
[00:00:11]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [.logs-endpoint.action.responses@custom]
[00:00:11]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [.logs-endpoint.actions@custom]
[00:00:11]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-system.network@settings]
[00:00:11]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-endpoint.alerts@custom]
[00:00:11]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-endpoint.metrics@custom]
[00:00:11]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-endpoint.events.registry@custom]
[00:00:11]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-endpoint.events.process@custom]
[00:00:11]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-endpoint.events.library@custom]
[00:00:11]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-endpoint.metadata@custom]
[00:00:11]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-endpoint.policy@custom]
[00:00:11]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-endpoint.events.security@custom]
[00:00:11]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-endpoint.events.file@custom]
[00:00:11]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-endpoint.events.network@custom]
[00:00:11]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [.logs-endpoint.diagnostic.collection@custom]
[00:00:11]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-system.application@custom]
[00:00:11]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-system.process.summary@custom]
[00:00:11]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-system.process@custom]
[00:00:11]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-system.diskio@custom]
[00:00:11]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-system.auth@custom]
[00:00:11]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-system.core@custom]
[00:00:11]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-system.syslog@custom]
[00:00:12]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-system.socket_summary@custom]
[00:00:12]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-system.fsstat@custom]
[00:00:12]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-system.security@custom]
[00:00:12]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-system.memory@custom]
[00:00:12]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-system.system@custom]
[00:00:12]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-system.cpu@custom]
[00:00:12]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-system.load@custom]
[00:00:12]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-system.uptime@custom]
[00:00:12]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-system.filesystem@custom]
[00:00:12]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-system.network@custom]
[00:00:12]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [.logs-endpoint.action.responses] for index patterns [.logs-endpoint.action.responses-*]
[00:00:12]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [.logs-endpoint.actions] for index patterns [.logs-endpoint.actions-*]
[00:00:12]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [logs-endpoint.alerts] for index patterns [logs-endpoint.alerts-*]
[00:00:12]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [metrics-endpoint.metrics] for index patterns [metrics-endpoint.metrics-*]
[00:00:12]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [logs-endpoint.events.registry] for index patterns [logs-endpoint.events.registry-*]
[00:00:12]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [logs-endpoint.events.process] for index patterns [logs-endpoint.events.process-*]
[00:00:12]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [logs-endpoint.events.library] for index patterns [logs-endpoint.events.library-*]
[00:00:12]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [metrics-endpoint.metadata] for index patterns [metrics-endpoint.metadata-*]
[00:00:12]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [metrics-endpoint.policy] for index patterns [metrics-endpoint.policy-*]
[00:00:12]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [logs-endpoint.events.security] for index patterns [logs-endpoint.events.security-*]
[00:00:12]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [logs-endpoint.events.file] for index patterns [logs-endpoint.events.file-*]
[00:00:13]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [logs-endpoint.events.network] for index patterns [logs-endpoint.events.network-*]
[00:00:13]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [.logs-endpoint.diagnostic.collection] for index patterns [.logs-endpoint.diagnostic.collection-*]
[00:00:13]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [logs-system.application] for index patterns [logs-system.application-*]
[00:00:13]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [metrics-system.process.summary] for index patterns [metrics-system.process.summary-*]
[00:00:13]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [metrics-system.process] for index patterns [metrics-system.process-*]
[00:00:13]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [metrics-system.diskio] for index patterns [metrics-system.diskio-*]
[00:00:13]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [logs-system.auth] for index patterns [logs-system.auth-*]
[00:00:13]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [metrics-system.core] for index patterns [metrics-system.core-*]
[00:00:13]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [logs-system.syslog] for index patterns [logs-system.syslog-*]
[00:00:13]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [metrics-system.socket_summary] for index patterns [metrics-system.socket_summary-*]
[00:00:13]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [metrics-system.fsstat] for index patterns [metrics-system.fsstat-*]
[00:00:13]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [logs-system.security] for index patterns [logs-system.security-*]
[00:00:13]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [metrics-system.memory] for index patterns [metrics-system.memory-*]
[00:00:13]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [logs-system.system] for index patterns [logs-system.system-*]
[00:00:13]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [metrics-system.cpu] for index patterns [metrics-system.cpu-*]
[00:00:13]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [metrics-system.load] for index patterns [metrics-system.load-*]
[00:00:13]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [metrics-system.uptime] for index patterns [metrics-system.uptime-*]
[00:00:14]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [metrics-system.filesystem] for index patterns [metrics-system.filesystem-*]
[00:00:14]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [metrics-system.network] for index patterns [metrics-system.network-*]
[00:00:15]           │ info [o.e.c.m.MetadataCreateIndexService] [node-01] [.transform-internal-007] creating index, cause [auto(bulk api)], templates [], shards [1]/[1]
[00:00:15]           │ info [o.e.c.r.a.AllocationService] [node-01] updating number_of_replicas to [0] for indices [.transform-internal-007]
[00:00:15]           │ info [o.e.c.r.a.AllocationService] [node-01] current.health="GREEN" message="Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[.transform-internal-007][0]]])." previous.health="YELLOW" reason="shards started [[.transform-internal-007][0]]"
[00:00:15]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [.transform-notifications-000002] for index patterns [.transform-notifications-*]
[00:00:15]           │ info [o.e.x.t.t.p.SchemaUtil] [node-01] Failed to deduce mapping for [agent.id], fall back to keyword. Create the destination index with complete mappings first to avoid deducing the mappings
[00:00:15]           │ info [o.e.x.c.c.n.AbstractAuditor] [node-01] Auditor template [.transform-notifications-000002] successfully installed
[00:00:15]           │ info [o.e.c.m.MetadataCreateIndexService] [node-01] [metrics-endpoint.metadata_current_default] creating index, cause [api], templates [metrics-metadata-current], shards [1]/[1]
[00:00:15]           │ info [o.e.c.r.a.AllocationService] [node-01] updating number_of_replicas to [0] for indices [metrics-endpoint.metadata_current_default]
[00:00:15]           │ info [o.e.c.m.MetadataCreateIndexService] [node-01] [.metrics-endpoint.metadata_united_default] creating index, cause [api], templates [metrics-metadata-united], shards [1]/[1]
[00:00:15]           │ info [o.e.c.r.a.AllocationService] [node-01] updating number_of_replicas to [0] for indices [.metrics-endpoint.metadata_united_default]
[00:00:15]           │ info [o.e.c.m.MetadataCreateIndexService] [node-01] [.transform-notifications-000002] creating index, cause [auto(bulk api)], templates [.transform-notifications-000002], shards [1]/[1]
[00:00:15]           │ info [o.e.c.r.a.AllocationService] [node-01] updating number_of_replicas to [0] for indices [.transform-notifications-000002]
[00:00:15]           │ info [o.e.c.r.a.AllocationService] [node-01] current.health="GREEN" message="Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[metrics-endpoint.metadata_current_default][0], [.metrics-endpoint.metadata_united_default][0], [.transform-notifications-000002][0]]])." previous.health="YELLOW" reason="shards started [[metrics-endpoint.metadata_current_default][0], [.metrics-endpoint.metadata_united_default][0], [.transform-notifications-000002][0]]"
[00:00:15]           │ info [o.e.x.t.t.TransformTask] [node-01] [endpoint.metadata_united-default-1.2.0-dev.1] updating state for transform to [{"task_state":"started","indexer_state":"stopped","checkpoint":0,"progress":{"docs_indexed":0,"docs_processed":0},"should_stop_at_checkpoint":false}].
[00:00:15]           │ info [o.e.x.t.t.TransformTask] [node-01] [endpoint.metadata_current-default-1.2.0-dev.1] updating state for transform to [{"task_state":"started","indexer_state":"stopped","checkpoint":0,"progress":{"docs_indexed":0,"docs_processed":0},"should_stop_at_checkpoint":false}].
[00:00:15]           │ info [o.e.x.t.t.TransformPersistentTasksExecutor] [node-01] [endpoint.metadata_united-default-1.2.0-dev.1] successfully completed and scheduled task in node operation
[00:00:15]           │ info [o.e.x.t.t.TransformPersistentTasksExecutor] [node-01] [endpoint.metadata_current-default-1.2.0-dev.1] successfully completed and scheduled task in node operation
[00:00:15]           │ info [o.e.x.t.t.ClientTransformIndexer] [node-01] [endpoint.metadata_current-default-1.2.0-dev.1] Failed to create a point in time reader, falling back to normal search.
[00:00:15]           │      java.lang.NullPointerException: Point in time parameter must be not null
[00:00:15]           │      	at java.util.Objects.requireNonNull(Objects.java:233) ~[?:?]
[00:00:15]           │      	at org.elasticsearch.action.search.OpenPointInTimeResponse.<init>(OpenPointInTimeResponse.java:38) ~[elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.search.TransportOpenPointInTimeAction.lambda$doExecute$1(TransportOpenPointInTimeAction.java:98) ~[elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.ActionListener$MappedActionListener.onResponse(ActionListener.java:95) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.ActionListener$RunAfterActionListener.onResponse(ActionListener.java:339) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.search.AbstractSearchAsyncAction.start(AbstractSearchAsyncAction.java:186) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.search.TransportSearchAction.executeSearch(TransportSearchAction.java:754) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.search.TransportSearchAction.executeLocalSearch(TransportSearchAction.java:542) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.search.TransportSearchAction.lambda$executeRequest$6(TransportSearchAction.java:335) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:134) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.index.query.Rewriteable.rewriteAndFetch(Rewriteable.java:103) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.index.query.Rewriteable.rewriteAndFetch(Rewriteable.java:76) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.search.TransportSearchAction.executeRequest(TransportSearchAction.java:376) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.search.TransportSearchAction.executeRequest(TransportSearchAction.java:276) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.search.TransportOpenPointInTimeAction.doExecute(TransportOpenPointInTimeAction.java:77) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.search.TransportOpenPointInTimeAction.doExecute(TransportOpenPointInTimeAction.java:37) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.support.TransportAction$RequestFilterChain.proceed(TransportAction.java:77) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.support.ActionFilter$Simple.apply(ActionFilter.java:42) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.support.TransportAction$RequestFilterChain.proceed(TransportAction.java:75) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.lambda$applyInternal$3(SecurityActionFilter.java:143) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.ActionListener$DelegatingFailureActionListener.onResponse(ActionListener.java:217) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.AuthorizationService$1.onResponse(AuthorizationService.java:481) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.AuthorizationService$1.onResponse(AuthorizationService.java:475) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.interceptor.DlsFlsLicenseRequestInterceptor.intercept(DlsFlsLicenseRequestInterceptor.java:82) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.AuthorizationService$1.onResponse(AuthorizationService.java:479) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.AuthorizationService$1.onResponse(AuthorizationService.java:475) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.interceptor.BulkShardRequestInterceptor.intercept(BulkShardRequestInterceptor.java:76) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.AuthorizationService$1.onResponse(AuthorizationService.java:479) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.AuthorizationService$1.onResponse(AuthorizationService.java:475) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.interceptor.FieldAndDocumentLevelSecurityRequestInterceptor.intercept(FieldAndDocumentLevelSecurityRequestInterceptor.java:75) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.interceptor.UpdateRequestInterceptor.intercept(UpdateRequestInterceptor.java:27) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.AuthorizationService$1.onResponse(AuthorizationService.java:479) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.AuthorizationService$1.onResponse(AuthorizationService.java:475) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.interceptor.ResizeRequestInterceptor.intercept(ResizeRequestInterceptor.java:78) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.AuthorizationService$1.onResponse(AuthorizationService.java:479) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.AuthorizationService$1.onResponse(AuthorizationService.java:475) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.interceptor.FieldAndDocumentLevelSecurityRequestInterceptor.intercept(FieldAndDocumentLevelSecurityRequestInterceptor.java:75) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.interceptor.ShardSearchRequestInterceptor.intercept(ShardSearchRequestInterceptor.java:26) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.AuthorizationService$1.onResponse(AuthorizationService.java:479) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.AuthorizationService$1.onResponse(AuthorizationService.java:475) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.interceptor.FieldAndDocumentLevelSecurityRequestInterceptor.intercept(FieldAndDocumentLevelSecurityRequestInterceptor.java:75) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.interceptor.SearchRequestInterceptor.intercept(SearchRequestInterceptor.java:26) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.AuthorizationService$1.onResponse(AuthorizationService.java:479) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.AuthorizationService$1.onResponse(AuthorizationService.java:475) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.interceptor.IndicesAliasesRequestInterceptor.intercept(IndicesAliasesRequestInterceptor.java:100) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.AuthorizationService.runRequestInterceptors(AuthorizationService.java:474) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.AuthorizationService.handleIndexActionAuthorizationResult(AuthorizationService.java:464) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.AuthorizationService.lambda$authorizeAction$11(AuthorizationService.java:395) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.AuthorizationSe
[00:00:15]           │ info rvice$AuthorizationResultListener.onResponse(AuthorizationService.java:781) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.AuthorizationService$AuthorizationResultListener.onResponse(AuthorizationService.java:756) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.support.ContextPreservingActionListener.onResponse(ContextPreservingActionListener.java:31) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.RBACEngine.lambda$authorizeIndexAction$3(RBACEngine.java:325) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:134) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.common.util.concurrent.ListenableFuture.notifyListenerDirectly(ListenableFuture.java:113) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.common.util.concurrent.ListenableFuture.addListener(ListenableFuture.java:55) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.common.util.concurrent.ListenableFuture.addListener(ListenableFuture.java:41) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.AuthorizationService$CachingAsyncSupplier.getAsync(AuthorizationService.java:828) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.RBACEngine.authorizeIndexAction(RBACEngine.java:318) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.AuthorizationService.authorizeAction(AuthorizationService.java:393) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.AuthorizationService.maybeAuthorizeRunAs(AuthorizationService.java:326) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.AuthorizationService.lambda$authorize$1(AuthorizationService.java:227) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:134) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.support.ContextPreservingActionListener.onResponse(ContextPreservingActionListener.java:31) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.RBACEngine.lambda$resolveAuthorizationInfo$1(RBACEngine.java:128) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:134) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.store.CompositeRolesStore.roles(CompositeRolesStore.java:175) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.store.CompositeRolesStore.getRoles(CompositeRolesStore.java:270) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.RBACEngine.getRoles(RBACEngine.java:134) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.RBACEngine.resolveAuthorizationInfo(RBACEngine.java:122) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.AuthorizationService.authorize(AuthorizationService.java:229) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.lambda$applyInternal$4(SecurityActionFilter.java:142) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:134) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authc.AuthenticatorChain.authenticateAsync(AuthenticatorChain.java:85) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authc.AuthenticationService.authenticate(AuthenticationService.java:153) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.applyInternal(SecurityActionFilter.java:137) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.apply(SecurityActionFilter.java:101) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.support.TransportAction$RequestFilterChain.proceed(TransportAction.java:75) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.support.TransportAction.execute(TransportAction.java:53) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.tasks.TaskManager.registerAndExecute(TaskManager.java:163) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.client.node.NodeClient.executeLocally(NodeClient.java:100) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.client.node.NodeClient.doExecute(NodeClient.java:80) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.client.support.AbstractClient.execute(AbstractClient.java:375) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.client.FilterClient.doExecute(FilterClient.java:54) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.client.ParentTaskAssigningClient.doExecute(ParentTaskAssigningClient.java:52) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.client.support.AbstractClient.execute(AbstractClient.java:375) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.core.ClientHelper.executeWithHeadersAsync(ClientHelper.java:195) [x-pack-core-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.transform.transforms.ClientTransformIndexer.injectPointInTimeIfNeeded(ClientTransformIndexer.java:412) [transform-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.transform.transforms.ClientTransformIndexer.doNextSearch(ClientTransformIndexer.java:128) [transform-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.core.indexing.AsyncTwoPhaseIndexer.triggerNextSearch(AsyncTwoPhaseIndexer.java:605) [x-pack-core-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.core.indexing.AsyncTwoPhaseIndexer.nextSearch(AsyncTwoPhaseIndexer.java:592) [x-pack-core-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.core.indexing.AsyncTwoPhaseIndexer.lambda$maybeTriggerAsyncJob$4(AsyncTwoPhaseIndexer.java:216) [x-pack-core-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:134) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.transform.transforms.TransformIndexer.lambda$onStart$4(TransformIndexer.java:267) [transform-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:134) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.transform.transforms.TransformIndexer.lambda$onStart$5(TransformIndexer.java:303) [transform-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:134) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.transform.transforms.common.AbstractCompositeAggFunction.getInitialProgressFromResponse(AbstractCompositeAggFunction.java:187) [transform-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.transform.transforms.TransformIndexer.lambda$onStart$7(TransformIndexer.java:300) [transform-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:134) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.support.ContextPreservingActionListener.onResponse(ContextPreservingActionListener.java:31) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.client.node.NodeClient.lambda$executeLocally$0(NodeClient.java:103) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.tasks.TaskManager$1.onResponse(TaskManager.java:169) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.tasks.TaskManager$1.onResponse(TaskManager.java:163) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.support.ContextPreservingActionListener.onResponse(ContextPreservingActionListener.java:31) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.lambda$applyInternal$2(SecurityActionFilter.java:146) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.ActionListener$DelegatingFailureActionListener.onResponse(ActionListener.java:217) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.ActionListener$RunAfterActionListener.onResponse(ActionListener.java:339) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.search.AbstractSearchAsyncAction.start(AbstractSearchAsyncAction.java:186) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.search.TransportSearchAction.executeSearch(TransportSearchAction.java:754) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.search.TransportSearchAction.executeLocalSearch(TransportSearchAction.java:542) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.search.TransportSearchAction.lambda$executeRequest$6(TransportSearchAction.java:335) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:134) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.index.query.Rewriteable.rewriteAndFetch(Rewriteable.java:103) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.index.query.Rewriteable.rewriteAndFetch(Rewriteable.java:76) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.search.TransportSearchAction.executeRequest(TransportSearchAction.java:376) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.search.TransportSearchAction.doExecute(TransportSearchAction.java:265) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.search.TransportSearchAction.doExecute(TransportSearchAction.java:99) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.support.TransportAction$RequestFilterChain.proceed(TransportAction.java:77) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.support.ActionFilter$Simple.apply(ActionFilter.java:42) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.support.TransportAction$RequestFilterChain.proceed(TransportAction.java:75) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.lambda$applyInternal$3(SecurityActionFilter.java:143) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.ActionListener$DelegatingFailureActionListener.onResponse(ActionListener.java:217) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.AuthorizationService$1.onResponse(AuthorizationService.java:481) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.AuthorizationService$1.onResponse(AuthorizationService.java:475) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.interceptor.DlsFlsLicenseRequestInterceptor.intercept(DlsFlsLicenseRequestInterceptor.java:82) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.AuthorizationService$1.onResponse(AuthorizationService.java:479) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.AuthorizationService$1.onResponse(AuthorizationService.java:475) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.interceptor.BulkShardRequestInterceptor.intercept(BulkShardRequestInterceptor.java:76) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.AuthorizationService$1.onResponse(AuthorizationService.java:479) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.AuthorizationService$1.onResponse(AuthorizationService.java:475) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.interceptor.FieldAndDocumentLevelSecurityRequestInterceptor.intercept(FieldAndDocumentLevelSecurityRequestInterceptor.java:75) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.interceptor.UpdateRequestInterceptor.intercept(UpdateRequestInterceptor.java:27) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.AuthorizationService$1.onResponse(AuthorizationService.java:479) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.AuthorizationService$1.onResponse(AuthorizationService.java:475) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.interceptor.ResizeRequestInterceptor.intercept(ResizeRequestInterceptor.java:78) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.AuthorizationService$1.onResponse(AuthorizationService.java:479) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.AuthorizationService$1.onResponse(AuthorizationService.java:475) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.interceptor.FieldAndDocumentLevelSecurityRequestInterceptor.intercept(FieldAndDocumentLevelSecurityRequestInterceptor.java:75) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.interceptor.ShardSearchRequestInterceptor.intercept(ShardSearchRequestInterceptor.java:26) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.AuthorizationService$1.onResponse(AuthorizationService.java:479) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.AuthorizationService$1.onResponse(AuthorizationService.java:475) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.interceptor.FieldAndDocumentLevelSecurityRequestInterceptor.intercept(FieldAndDocumentLevelSecurityRequestInterceptor.java:75) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.interceptor.SearchRequestInterceptor.intercept(SearchRequestInterceptor.java:26) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.AuthorizationService$1.onResponse(AuthorizationService.java:479) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.AuthorizationService$1.onResponse(AuthorizationService.java:475) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.interceptor.IndicesAliasesRequestInterceptor.intercept(IndicesAliasesRequestInterceptor.java:100) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.AuthorizationService.runRequestInterceptors(AuthorizationService.java:474) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.AuthorizationService.handleIndexActionAuthorizationResult(AuthorizationService.java:464) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.AuthorizationService.lambda$authorizeAction$11(AuthorizationService.java:395) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.AuthorizationService$AuthorizationResultListener.onResponse(AuthorizationService.java:781) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.AuthorizationService$AuthorizationResultListener.onResponse(AuthorizationService.java:756) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.support.ContextPreservingActionListener.onResponse(ContextPreservingActionListener.java:31) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.RBACEngine.lambda$authorizeIndexAction$3(RBACEngine.java:325) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:134) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.common.util.concurrent.ListenableFuture.notifyListenerDirectly(ListenableFuture.java:113) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.common.util.concurrent.ListenableFuture.addListener(ListenableFuture.java:55) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.common.util.concurrent.ListenableFuture.addListener(ListenableFuture.java:41) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.AuthorizationService$CachingAsyncSupplier.getAsync(AuthorizationService.java:828) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.RBACEngine.authorizeIndexAction(RBACEngine.java:318) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.AuthorizationService.authorizeAction(AuthorizationService.java:393) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.AuthorizationService.maybeAuthorizeRunAs(AuthorizationService.java:326) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.AuthorizationService.lambda$authorize$1(AuthorizationService.java:227) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:134) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.support.ContextPreservingActionListener.onResponse(ContextPreservingActionListener.java:31) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.RBACEngine.lambda$resolveAuthorizationInfo$1(RBACEngine.java:128) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:134) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.store.CompositeRolesStore.roles(CompositeRolesStore.java:175) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.store.CompositeRolesStore.getRoles(CompositeRolesStore.java:270) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.RBACEngine.getRoles(RBACEngine.java:134) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.RBACEngine.resolveAuthorizationInfo(RBACEngine.java:122) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.AuthorizationService.authorize(AuthorizationService.java:229) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.lambda$applyInternal$4(SecurityActionFilter.java:142) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:134) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authc.AuthenticatorChain.authenticateAsync(AuthenticatorChain.java:85) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authc.AuthenticationService.authenticate(AuthenticationService.java:153) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.applyInternal(SecurityActionFilter.java:137) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.apply(SecurityActionFilter.java:101) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.support.TransportAction$RequestFilterChain.proceed(TransportAction.java:75) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.support.TransportAction.execute(TransportAction.java:53) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.tasks.TaskManager.registerAndExecute(TaskManager.java:163) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.client.node.NodeClient.executeLocally(NodeClient.java:100) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.client.node.NodeClient.doExecute(NodeClient.java:80) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.client.support.AbstractClient.execute(AbstractClient.java:375) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.client.FilterClient.doExecute(FilterClient.java:54) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.client.ParentTaskAssigningClient.doExecute(ParentTaskAssigningClient.java:52) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.client.support.AbstractClient.execute(AbstractClient.java:375) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.core.ClientHelper.executeWithHeadersAsync(ClientHelper.java:195) [x-pack-core-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.transform.transforms.ClientTransformIndexer.doGetInitialProgress(ClientTransformIndexer.java:243) [transform-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.transform.transforms.TransformIndexer.lambda$onStart$9(TransformIndexer.java:299) [transform-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:134) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.transform.transforms.TransformIndexer.lambda$createCheckpoint$0(TransformIndexer.java:228) [transform-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:134) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.transform.persistence.IndexBasedTransformConfigManager.lambda$putTransformCheckpoint$0(IndexBasedTransformConfigManager.java:127) [transform-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:134) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.support.ContextPreservingActionListener.onResponse(ContextPreservingActionListener.java:31) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.client.node.NodeClient.lambda$executeLocally$0(NodeClient.java:103) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.tasks.TaskManager$1.onResponse(TaskManager.java:169) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.tasks.TaskManager$1.onResponse(TaskManager.java:163) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.support.ContextPreservingActionListener.onResponse(ContextPreservingActionListener.java:31) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.lambda$applyInternal$2(SecurityActionFilter.java:146) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.ActionListener$DelegatingFailureActionListener.onResponse(ActionListener.java:217) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.bulk.TransportSingleItemBulkWriteAction.lambda$wrapBulkResponse$0(TransportSingleItemBulkWriteAction.java:51) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:134) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.support.ContextPreservingActionListener.onResponse(ContextPreservingActionListener.java:31) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.lambda$applyInternal$2(SecurityActionFilter.java:146) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.ActionListener$DelegatingFailureActionListener.onResponse(ActionListener.java:217) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.ActionListener$RunBeforeActionListener.onResponse(ActionListener.java:387) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.bulk.TransportBulkAction$BulkOperation$1.finishHim(TransportBulkAction.java:591) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.bulk.TransportBulkAction$BulkOperation$1.onResponse(TransportBulkAction.java:572) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.bulk.TransportBulkAction$BulkOperation$1.onResponse(TransportBulkAction.java:561) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.client.node.NodeClient.lambda$executeLocally$0(NodeClient.java:103) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.tasks.TaskManager$1.onResponse(TaskManager.java:169) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.tasks.TaskManager$1.onResponse(TaskManager.java:163) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.support.ContextPreservingActionListener.onResponse(ContextPreservingActionListener.java:31) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.lambda$applyInternal$2(SecurityActionFilter.java:146) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.ActionListener$DelegatingFailureActionListener.onResponse(ActionListener.java:217) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.support.replication.TransportReplicationAction$ReroutePhase.finishOnSuccess(TransportReplicationAction.java:877) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.support.replication.TransportReplicationAction$ReroutePhase$1.handleResponse(TransportReplicationAction.java:796) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.support.replication.TransportReplicationAction$ReroutePhase$1.handleResponse(TransportReplicationAction.java:787) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.transport.TransportService$4.handleResponse(TransportService.java:622) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.transport.TransportService$ContextRestoreResponseHandler.handleResponse(TransportService.java:1184) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.transport.TransportService$DirectResponseChannel.processResponse(TransportService.java:1262) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.transport.TransportService$DirectResponseChannel.sendResponse(TransportService.java:1242) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.transport.TaskTransportChannel.sendResponse(TaskTransportChannel.java:41) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.support.ChannelActionListener.onResponse(ChannelActionListener.java:32) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.support.ChannelActionListener.onResponse(ChannelActionListener.java:16) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.ActionListener$RunBeforeActionListener.onResponse(ActionListener.java:387) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.support.replication.TransportReplicationAction$AsyncPrimaryAction.lambda$runWithPrimaryShardReference$2(TransportReplicationAction.java:413) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:134) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.ActionListener$MappedActionListener.onResponse(ActionListener.java:101) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.support.replication.ReplicationOperation.finish(ReplicationOperation.java:336) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.support.replication.ReplicationOperation.decPendingAndFinishIfNeeded(ReplicationOperation.java:317) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.support.replication.ReplicationOperation$1.onResponse(ReplicationOperation.java:147) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.support.replication.ReplicationOperation$1.onResponse(ReplicationOperation.java:139) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.support.replication.TransportWriteAction$WritePrimaryResult$1.onSuccess(TransportWriteAction.java:255) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.support.replication.TransportWriteAction$AsyncAfterWriteAction.maybeFinish(TransportWriteAction.java:390) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.support.replication.TransportWriteAction$AsyncAfterWriteAction.lambda$run$1(TransportWriteAction.java:421) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.common.util.concurrent.AsyncIOProcessor.notifyList(AsyncIOProcessor.java:111) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.common.util.concurrent.AsyncIOProcessor.drainAndProcessAndRelease(AsyncIOProcessor.java:89) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.common.util.concurrent.AsyncIOProcessor.put(AsyncIOProcessor.java:73) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.index.shard.IndexShard.sync(IndexShard.java:3287) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.support.replication.TransportWriteAction$AsyncAfterWriteAction.run(TransportWriteAction.java:419) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.support.replication.TransportWriteAction$WritePrimaryResult.runPostReplicationActions(TransportWriteAction.java:262) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.support.replication.ReplicationOperation.handlePrimaryResult(ReplicationOperation.java:139) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:134) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.ActionListener.completeWith(ActionListener.java:445) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.bulk.TransportShardBulkAction$2.finishRequest(TransportShardBulkAction.java:207) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.bulk.TransportShardBulkAction$2.doRun(TransportShardBulkAction.java:176) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:26) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.bulk.TransportShardBulkAction.performOnPrimary(TransportShardBulkAction.java:212) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.bulk.TransportShardBulkAction.dispatchedShardOperationOnPrimary(TransportShardBulkAction.java:110) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.bulk.TransportShardBulkAction.dispatchedShardOperationOnPrimary(TransportShardBulkAction.java:74) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.support.replication.TransportWriteAction$1.doRun(TransportWriteAction.java:181) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.common.util.concurrent.ThreadContext$ContextPreservingAbstractRunnable.doRun(ThreadContext.java:737) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:26) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) [?:?]
[00:00:15]           │      	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) [?:?]
[00:00:15]           │      	at java.lang.Thread.run(Thread.java:833) [?:?]
[00:00:17]           │ info [o.e.c.m.MetadataMappingService] [node-01] [.kibana_8.0.0_001/WjnytmEDTI2qBm_nz47nYw] update_mapping [_doc]
[00:00:18]           │ info [o.e.c.m.MetadataMappingService] [node-01] [.kibana_8.0.0_001/WjnytmEDTI2qBm_nz47nYw] update_mapping [_doc]
[00:00:19]           │ info [o.e.c.m.MetadataMappingService] [node-01] [.kibana_8.0.0_001/WjnytmEDTI2qBm_nz47nYw] update_mapping [_doc]
[00:00:19]           │ info [docker:registry] 2021/10/19 01:28:36 source.ip: 172.17.0.1:42712, url.original: /search?package=system&internal=true&experimental=true
[00:00:19]           │ info [docker:registry] 2021/10/19 01:28:36 source.ip: 172.17.0.1:42716, url.original: /search?package=system&internal=true&experimental=true
[00:00:19]           │ info [docker:registry] 2021/10/19 01:28:36 source.ip: 172.17.0.1:42720, url.original: /search?package=system&internal=true&experimental=true
[00:00:19]           │ info [docker:registry] 2021/10/19 01:28:36 source.ip: 172.17.0.1:42724, url.original: /package/system/1.4.2
[00:00:19]           │ info [docker:registry] 2021/10/19 01:28:36 source.ip: 172.17.0.1:42728, url.original: /package/system/1.4.2/
[00:00:21]           │ info [docker:registry] 2021/10/19 01:28:38 source.ip: 172.17.0.1:42736, url.original: /search?package=fleet_server&internal=true&experimental=true
[00:00:21]           │ info [docker:registry] 2021/10/19 01:28:38 source.ip: 172.17.0.1:42740, url.original: /search?package=fleet_server&internal=true&experimental=true
[00:00:21]           │ info [docker:registry] 2021/10/19 01:28:38 source.ip: 172.17.0.1:42744, url.original: /search?package=fleet_server&internal=true&experimental=true
[00:00:21]           │ info [docker:registry] 2021/10/19 01:28:38 source.ip: 172.17.0.1:42748, url.original: /package/fleet_server/1.0.1
[00:00:21]           │ info [docker:registry] 2021/10/19 01:28:38 source.ip: 172.17.0.1:42752, url.original: /package/fleet_server/1.0.1/
[00:00:23]           │ info [o.e.c.m.MetadataCreateIndexService] [node-01] [.fleet-enrollment-api-keys-7] creating index, cause [auto(bulk api)], templates [], shards [1]/[1]
[00:00:23]           │ info [o.e.c.r.a.AllocationService] [node-01] updating number_of_replicas to [0] for indices [.fleet-enrollment-api-keys-7]
[00:00:23]           │ info [o.e.c.r.a.AllocationService] [node-01] current.health="GREEN" message="Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[.fleet-enrollment-api-keys-7][0]]])." previous.health="YELLOW" reason="shards started [[.fleet-enrollment-api-keys-7][0]]"
[00:00:24]           │ info [o.e.c.m.MetadataCreateIndexService] [node-01] [.fleet-policies-7] creating index, cause [auto(bulk api)], templates [], shards [1]/[1]
[00:00:24]           │ info [o.e.c.r.a.AllocationService] [node-01] updating number_of_replicas to [0] for indices [.fleet-policies-7]
[00:00:24]           │ info [o.e.c.r.a.AllocationService] [node-01] current.health="GREEN" message="Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[.fleet-policies-7][0]]])." previous.health="YELLOW" reason="shards started [[.fleet-policies-7][0]]"
[00:00:24]           │ info [docker:registry] 2021/10/19 01:28:41 source.ip: 172.17.0.1:42766, url.original: /search?package=system&internal=true&experimental=true
[00:00:24]           │ info [docker:registry] 2021/10/19 01:28:41 source.ip: 172.17.0.1:42768, url.original: /search?package=fleet_server&internal=true&experimental=true
[00:00:24]           │ info [docker:registry] 2021/10/19 01:28:41 source.ip: 172.17.0.1:42774, url.original: /search?package=elastic_agent&internal=true&experimental=true
[00:00:24]           │ info [docker:registry] 2021/10/19 01:28:41 source.ip: 172.17.0.1:42776, url.original: /search?package=elastic_agent&internal=true&experimental=true
[00:00:29]         └-: test metadata api
[00:00:29]           └-> "before all" hook in "test metadata api"
[00:00:29]           └-: with metrics-endpoint.metadata_current_default index
[00:00:29]             └-> "before all" hook in "with metrics-endpoint.metadata_current_default index"
[00:00:29]             └-: POST /api/endpoint/metadata when index is not empty
[00:00:29]               └-> "before all" hook for "metadata api should return one entry for each host with default paging"
[00:00:29]               └-> "before all" hook for "metadata api should return one entry for each host with default paging"
[00:00:29]                 │ info [x-pack/test/functional/es_archives/endpoint/metadata/api_feature] Loading "data.json"
[00:00:29]                 │ info [o.e.c.m.MetadataCreateIndexService] [node-01] [.ds-metrics-endpoint.metadata-default-2021.10.19-000001] creating index, cause [initialize_data_stream], templates [metrics-endpoint.metadata], shards [1]/[1]
[00:00:29]                 │ info [o.e.c.m.MetadataCreateDataStreamService] [node-01] adding data stream [metrics-endpoint.metadata-default] with write index [.ds-metrics-endpoint.metadata-default-2021.10.19-000001], backing indices [], and aliases []
[00:00:29]                 │ info [o.e.x.i.IndexLifecycleTransition] [node-01] moving index [.ds-metrics-endpoint.metadata-default-2021.10.19-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [metrics]
[00:00:29]                 │ info [x-pack/test/functional/es_archives/endpoint/metadata/api_feature] Indexed 9 docs into "metrics-endpoint.metadata-default"
[00:00:30]                 │ info [o.e.x.i.IndexLifecycleTransition] [node-01] moving index [.ds-metrics-endpoint.metadata-default-2021.10.19-000001] from [{"phase":"new","action":"complete","name":"complete"}] to [{"phase":"hot","action":"unfollow","name":"branch-check-unfollow-prerequisites"}] in policy [metrics]
[00:00:30]                 │ info [o.e.x.i.IndexLifecycleTransition] [node-01] moving index [.ds-metrics-endpoint.metadata-default-2021.10.19-000001] from [{"phase":"hot","action":"unfollow","name":"branch-check-unfollow-prerequisites"}] to [{"phase":"hot","action":"rollover","name":"check-rollover-ready"}] in policy [metrics]
[00:01:42]                 │ info [o.e.x.s.SnapshotRetentionTask] [node-01] starting SLM retention snapshot cleanup task
[00:01:42]                 │ info [o.e.x.s.SnapshotRetentionTask] [node-01] there are no repositories to fetch, SLM retention snapshot cleanup task complete
[00:02:30]               └-> metadata api should return one entry for each host with default paging
[00:02:30]                 └-> "before each" hook: global before each for "metadata api should return one entry for each host with default paging"
[00:02:30]                 └- ✖ fail: Endpoint plugin test metadata api with metrics-endpoint.metadata_current_default index POST /api/endpoint/metadata when index is not empty metadata api should return one entry for each host with default paging
[00:02:30]                 │       Error: expected 0 to sort of equal 3
[00:02:30]                 │       + expected - actual
[00:02:30]                 │ 
[00:02:30]                 │       -0
[00:02:30]                 │       +3
[00:02:30]                 │       
[00:02:30]                 │       at Assertion.assert (/dev/shm/workspace/kibana/node_modules/@kbn/expect/expect.js:100:11)
[00:02:30]                 │       at Assertion.eql (/dev/shm/workspace/kibana/node_modules/@kbn/expect/expect.js:244:8)
[00:02:30]                 │       at Context.<anonymous> (test/security_solution_endpoint_api_int/apis/metadata.ts:85:33)
[00:02:30]                 │       at runMicrotasks (<anonymous>)
[00:02:30]                 │       at processTicksAndRejections (node:internal/process/task_queues:96:5)
[00:02:30]                 │       at Object.apply (/dev/shm/workspace/kibana/node_modules/@kbn/test/target_node/functional_test_runner/lib/mocha/wrap_function.js:87:16)
[00:02:30]                 │ 
[00:02:30]                 │

Stack Trace

Error: expected 0 to sort of equal 3
    at Assertion.assert (/dev/shm/workspace/kibana/node_modules/@kbn/expect/expect.js:100:11)
    at Assertion.eql (/dev/shm/workspace/kibana/node_modules/@kbn/expect/expect.js:244:8)
    at Context.<anonymous> (test/security_solution_endpoint_api_int/apis/metadata.ts:85:33)
    at runMicrotasks (<anonymous>)
    at processTicksAndRejections (node:internal/process/task_queues:96:5)
    at Object.apply (/dev/shm/workspace/kibana/node_modules/@kbn/test/target_node/functional_test_runner/lib/mocha/wrap_function.js:87:16) {
  actual: '0',
  expected: '3',
  showDiff: true
}
Kibana Pipeline / general / task-queue-process-2 / X-Pack Endpoint API Integration Tests.x-pack/test/security_solution_endpoint_api_int/apis/metadata·ts.Endpoint plugin test metadata api with metrics-endpoint.metadata_current_default index POST /api/endpoint/metadata when index is not empty metadata api should return one entry for each host with default paging

Link to Jenkins

Standard Out

Failed Tests Reporter:
  - Test has failed 4 times on tracked branches: https://github.com/elastic/kibana/issues/115488

[00:00:00]     │
[00:00:00]       └-: Endpoint plugin
[00:00:00]         └-> "before all" hook in "Endpoint plugin"
[00:00:00]         └-> "before all" hook in "Endpoint plugin"
[00:00:00]           │ info [o.e.c.m.MetadataMappingService] [node-01] [.kibana_8.0.0_001/10Q0gBmMQcitoEMRJnsQPQ] update_mapping [_doc]
[00:00:00]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [.fleet_component_template-1]
[00:00:01]           │ info [o.e.c.m.MetadataMappingService] [node-01] [.kibana_8.0.0_001/10Q0gBmMQcitoEMRJnsQPQ] update_mapping [_doc]
[00:00:01]           │ info [docker:registry] 2021/10/19 01:15:12 source.ip: 172.17.0.1:40262, url.original: /search?package=elastic_agent&internal=true&experimental=true
[00:00:01]           │ info [docker:registry] 2021/10/19 01:15:12 source.ip: 172.17.0.1:40260, url.original: /search?package=endpoint&internal=true&experimental=true
[00:00:01]           │ info [docker:registry] 2021/10/19 01:15:12 source.ip: 172.17.0.1:40258, url.original: /search?package=system&internal=true&experimental=true
[00:00:01]           │ info [docker:registry] 2021/10/19 01:15:12 source.ip: 172.17.0.1:40264, url.original: /search?package=fleet_server&internal=true&experimental=true
[00:00:01]           │ info [docker:registry] 2021/10/19 01:15:12 source.ip: 172.17.0.1:40272, url.original: /search?package=fleet_server&internal=true&experimental=true
[00:00:01]           │ info [docker:registry] 2021/10/19 01:15:12 source.ip: 172.17.0.1:40274, url.original: /search?package=system&internal=true&experimental=true
[00:00:01]           │ info [docker:registry] 2021/10/19 01:15:12 source.ip: 172.17.0.1:40276, url.original: /search?package=elastic_agent&internal=true&experimental=true
[00:00:01]           │ info [docker:registry] 2021/10/19 01:15:12 source.ip: 172.17.0.1:40280, url.original: /search?package=endpoint&internal=true&experimental=true
[00:00:01]           │ info [docker:registry] 2021/10/19 01:15:12 source.ip: 172.17.0.1:40286, url.original: /package/fleet_server/1.0.1
[00:00:01]           │ info [docker:registry] 2021/10/19 01:15:12 source.ip: 172.17.0.1:40292, url.original: /package/system/1.4.2
[00:00:01]           │ info [docker:registry] 2021/10/19 01:15:12 source.ip: 172.17.0.1:40290, url.original: /package/elastic_agent/1.2.1
[00:00:01]           │ info [docker:registry] 2021/10/19 01:15:12 source.ip: 172.17.0.1:40296, url.original: /package/endpoint/1.2.0-dev.1
[00:00:01]           │ info [docker:registry] 2021/10/19 01:15:12 source.ip: 172.17.0.1:40312, url.original: /package/system/1.4.2/
[00:00:01]           │ info [docker:registry] 2021/10/19 01:15:12 source.ip: 172.17.0.1:40306, url.original: /package/fleet_server/1.0.1/
[00:00:01]           │ info [docker:registry] 2021/10/19 01:15:12 source.ip: 172.17.0.1:40308, url.original: /package/endpoint/1.2.0-dev.1/
[00:00:01]           │ info [docker:registry] 2021/10/19 01:15:12 source.ip: 172.17.0.1:40310, url.original: /package/elastic_agent/1.2.1/
[00:00:01]           │ info [docker:registry] 2021/10/19 01:15:12 source.ip: 172.17.0.1:40316, url.original: /epr/fleet_server/fleet_server-1.0.1.zip
[00:00:01]           │ info [docker:registry] 2021/10/19 01:15:12 source.ip: 172.17.0.1:40320, url.original: /epr/system/system-1.4.2.zip
[00:00:01]           │ info [docker:registry] 2021/10/19 01:15:12 source.ip: 172.17.0.1:40326, url.original: /epr/endpoint/endpoint-1.2.0-dev.1.zip
[00:00:01]           │ info [docker:registry] 2021/10/19 01:15:12 source.ip: 172.17.0.1:40328, url.original: /epr/elastic_agent/elastic_agent-1.2.1.zip
[00:00:02]           │ info [o.e.c.m.MetadataMappingService] [node-01] [.kibana_8.0.0_001/10Q0gBmMQcitoEMRJnsQPQ] update_mapping [_doc]
[00:00:03]           │ info [o.e.c.m.MetadataMappingService] [node-01] [.kibana_8.0.0_001/10Q0gBmMQcitoEMRJnsQPQ] update_mapping [_doc]
[00:00:03]           │ info [o.e.c.m.MetadataMappingService] [node-01] [.kibana_8.0.0_001/10Q0gBmMQcitoEMRJnsQPQ] update_mapping [_doc]
[00:00:03]           │ info [o.e.c.m.MetadataMappingService] [node-01] [.kibana_8.0.0_001/10Q0gBmMQcitoEMRJnsQPQ] update_mapping [_doc]
[00:00:03]           │ info [o.e.x.i.a.TransportPutLifecycleAction] [node-01] adding index lifecycle policy [logs-endpoint.collection-diagnostic]
[00:00:05]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-elastic_agent.apm_server@mappings]
[00:00:05]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-elastic_agent.apm_server@settings]
[00:00:05]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-elastic_agent.apm_server@mappings]
[00:00:05]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-elastic_agent.apm_server@settings]
[00:00:05]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-elastic_agent.auditbeat@mappings]
[00:00:05]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-elastic_agent.auditbeat@settings]
[00:00:05]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-elastic_agent.auditbeat@settings]
[00:00:05]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-elastic_agent@settings]
[00:00:05]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-elastic_agent.elastic_agent@mappings]
[00:00:05]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-elastic_agent@mappings]
[00:00:05]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-elastic_agent.elastic_agent@settings]
[00:00:05]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-elastic_agent.endpoint_security@mappings]
[00:00:05]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-elastic_agent.auditbeat@mappings]
[00:00:05]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-elastic_agent.endpoint_security@settings]
[00:00:05]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-elastic_agent.endpoint_security@settings]
[00:00:05]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-elastic_agent.endpoint_security@mappings]
[00:00:05]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-elastic_agent.fleet_server@mappings]
[00:00:05]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-elastic_agent.fleet_server@settings]
[00:00:05]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-elastic_agent.fleet_server@mappings]
[00:00:05]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-elastic_agent.fleet_server@settings]
[00:00:05]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-elastic_agent.heartbeat@mappings]
[00:00:05]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-elastic_agent.heartbeat@settings]
[00:00:05]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-elastic_agent.metricbeat@mappings]
[00:00:05]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-elastic_agent.metricbeat@settings]
[00:00:05]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-elastic_agent.filebeat@mappings]
[00:00:05]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-elastic_agent.filebeat@settings]
[00:00:05]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-elastic_agent.filebeat@mappings]
[00:00:05]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-elastic_agent.heartbeat@settings]
[00:00:05]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-elastic_agent.heartbeat@mappings]
[00:00:05]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-elastic_agent.filebeat@settings]
[00:00:06]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-elastic_agent.metricbeat@mappings]
[00:00:06]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-elastic_agent.osquerybeat@mappings]
[00:00:06]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-elastic_agent.osquerybeat@mappings]
[00:00:06]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-elastic_agent.packetbeat@mappings]
[00:00:06]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-elastic_agent.apm_server@custom]
[00:00:06]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-elastic_agent.packetbeat@mappings]
[00:00:06]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-elastic_agent.apm_server@custom]
[00:00:06]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-elastic_agent.auditbeat@custom]
[00:00:06]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-elastic_agent.auditbeat@custom]
[00:00:06]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-elastic_agent@custom]
[00:00:06]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-elastic_agent.elastic_agent@custom]
[00:00:06]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-elastic_agent.endpoint_security@custom]
[00:00:06]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-elastic_agent.endpoint_security@custom]
[00:00:06]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-elastic_agent.fleet_server@custom]
[00:00:06]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-elastic_agent.fleet_server@custom]
[00:00:06]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-elastic_agent.heartbeat@custom]
[00:00:06]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-elastic_agent.metricbeat@custom]
[00:00:06]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-elastic_agent.filebeat@custom]
[00:00:06]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-elastic_agent.filebeat@custom]
[00:00:06]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-elastic_agent.heartbeat@custom]
[00:00:06]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-elastic_agent.metricbeat@settings]
[00:00:06]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-elastic_agent.osquerybeat@settings]
[00:00:06]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-elastic_agent.osquerybeat@settings]
[00:00:06]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-elastic_agent.packetbeat@settings]
[00:00:06]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-elastic_agent.packetbeat@settings]
[00:00:06]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-elastic_agent.metricbeat@custom]
[00:00:06]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-elastic_agent.osquerybeat@custom]
[00:00:06]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-elastic_agent.osquerybeat@custom]
[00:00:06]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-elastic_agent.packetbeat@custom]
[00:00:06]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-elastic_agent.packetbeat@custom]
[00:00:06]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [metrics-elastic_agent.apm_server] for index patterns [metrics-elastic_agent.apm_server-*]
[00:00:06]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [logs-elastic_agent.apm_server] for index patterns [logs-elastic_agent.apm_server-*]
[00:00:06]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [logs-elastic_agent.auditbeat] for index patterns [logs-elastic_agent.auditbeat-*]
[00:00:06]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [metrics-elastic_agent.auditbeat] for index patterns [metrics-elastic_agent.auditbeat-*]
[00:00:06]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [logs-elastic_agent] for index patterns [logs-elastic_agent-*]
[00:00:06]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [metrics-elastic_agent.elastic_agent] for index patterns [metrics-elastic_agent.elastic_agent-*]
[00:00:06]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [metrics-elastic_agent.endpoint_security] for index patterns [metrics-elastic_agent.endpoint_security-*]
[00:00:07]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [logs-elastic_agent.endpoint_security] for index patterns [logs-elastic_agent.endpoint_security-*]
[00:00:07]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [metrics-elastic_agent.fleet_server] for index patterns [metrics-elastic_agent.fleet_server-*]
[00:00:07]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [logs-elastic_agent.fleet_server] for index patterns [logs-elastic_agent.fleet_server-*]
[00:00:07]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [logs-elastic_agent.heartbeat] for index patterns [logs-elastic_agent.heartbeat-*]
[00:00:07]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [logs-elastic_agent.metricbeat] for index patterns [logs-elastic_agent.metricbeat-*]
[00:00:07]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [logs-elastic_agent.filebeat] for index patterns [logs-elastic_agent.filebeat-*]
[00:00:07]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [metrics-elastic_agent.filebeat] for index patterns [metrics-elastic_agent.filebeat-*]
[00:00:07]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [metrics-elastic_agent.heartbeat] for index patterns [metrics-elastic_agent.heartbeat-*]
[00:00:07]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [metrics-elastic_agent.metricbeat] for index patterns [metrics-elastic_agent.metricbeat-*]
[00:00:07]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [logs-elastic_agent.osquerybeat] for index patterns [logs-elastic_agent.osquerybeat-*]
[00:00:07]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [metrics-elastic_agent.osquerybeat] for index patterns [metrics-elastic_agent.osquerybeat-*]
[00:00:07]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [metrics-elastic_agent.packetbeat] for index patterns [metrics-elastic_agent.packetbeat-*]
[00:00:07]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [logs-elastic_agent.packetbeat] for index patterns [logs-elastic_agent.packetbeat-*]
[00:00:08]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-system.application@settings]
[00:00:08]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-system.auth@settings]
[00:00:08]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-system.network@settings]
[00:00:08]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-system.socket_summary@settings]
[00:00:08]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-system.filesystem@settings]
[00:00:08]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-system.system@settings]
[00:00:08]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-system.filesystem@custom]
[00:00:08]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-system.socket_summary@custom]
[00:00:08]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-system.network@custom]
[00:00:08]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-system.auth@custom]
[00:00:08]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-system.fsstat@settings]
[00:00:08]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-system.load@settings]
[00:00:08]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-system.cpu@settings]
[00:00:08]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-system.memory@settings]
[00:00:08]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-system.diskio@settings]
[00:00:08]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-system.process@settings]
[00:00:08]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-system.core@settings]
[00:00:08]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-system.security@settings]
[00:00:08]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-system.uptime@settings]
[00:00:08]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-system.process.summary@settings]
[00:00:08]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-system.application@custom]
[00:00:09]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-system.syslog@settings]
[00:00:09]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-system.system@custom]
[00:00:09]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-system.cpu@custom]
[00:00:09]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-system.fsstat@custom]
[00:00:09]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-system.load@custom]
[00:00:09]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-system.memory@custom]
[00:00:09]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-system.diskio@custom]
[00:00:09]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-system.process@custom]
[00:00:09]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-system.core@custom]
[00:00:09]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-system.security@custom]
[00:00:09]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-system.process.summary@custom]
[00:00:09]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-system.uptime@custom]
[00:00:09]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-system.syslog@custom]
[00:00:09]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [metrics-system.filesystem] for index patterns [metrics-system.filesystem-*]
[00:00:09]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [metrics-system.socket_summary] for index patterns [metrics-system.socket_summary-*]
[00:00:09]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [metrics-system.network] for index patterns [metrics-system.network-*]
[00:00:09]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [logs-system.auth] for index patterns [logs-system.auth-*]
[00:00:09]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [logs-system.application] for index patterns [logs-system.application-*]
[00:00:09]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [logs-system.system] for index patterns [logs-system.system-*]
[00:00:09]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [metrics-system.cpu] for index patterns [metrics-system.cpu-*]
[00:00:09]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [metrics-system.fsstat] for index patterns [metrics-system.fsstat-*]
[00:00:09]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [metrics-system.load] for index patterns [metrics-system.load-*]
[00:00:10]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [metrics-system.memory] for index patterns [metrics-system.memory-*]
[00:00:10]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [metrics-system.diskio] for index patterns [metrics-system.diskio-*]
[00:00:10]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [metrics-system.process] for index patterns [metrics-system.process-*]
[00:00:10]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [metrics-system.core] for index patterns [metrics-system.core-*]
[00:00:10]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [logs-system.security] for index patterns [logs-system.security-*]
[00:00:10]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [metrics-system.process.summary] for index patterns [metrics-system.process.summary-*]
[00:00:10]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [metrics-system.uptime] for index patterns [metrics-system.uptime-*]
[00:00:10]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [logs-system.syslog] for index patterns [logs-system.syslog-*]
[00:00:10]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [metrics-metadata-current] for index patterns [metrics-endpoint.metadata_current_*]
[00:00:10]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [metrics-metadata-united] for index patterns [.metrics-endpoint.metadata_united_*]
[00:00:11]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [.logs-endpoint.actions@mappings]
[00:00:11]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [.logs-endpoint.actions@settings]
[00:00:11]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-endpoint.events.process@mappings]
[00:00:11]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-endpoint.events.process@settings]
[00:00:11]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-endpoint.events.file@mappings]
[00:00:11]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-endpoint.events.file@settings]
[00:00:11]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [.logs-endpoint.action.responses@mappings]
[00:00:11]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [.logs-endpoint.action.responses@settings]
[00:00:11]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-endpoint.events.registry@mappings]
[00:00:11]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-endpoint.events.registry@settings]
[00:00:11]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-endpoint.metadata@mappings]
[00:00:11]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-endpoint.metadata@settings]
[00:00:11]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [.logs-endpoint.diagnostic.collection@mappings]
[00:00:11]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [.logs-endpoint.diagnostic.collection@settings]
[00:00:11]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-endpoint.events.security@mappings]
[00:00:11]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-endpoint.events.security@settings]
[00:00:11]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-endpoint.alerts@mappings]
[00:00:11]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-endpoint.alerts@settings]
[00:00:12]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-endpoint.events.library@mappings]
[00:00:12]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-endpoint.events.library@settings]
[00:00:12]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-endpoint.metrics@mappings]
[00:00:12]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-endpoint.metrics@settings]
[00:00:12]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-endpoint.policy@mappings]
[00:00:12]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-endpoint.policy@settings]
[00:00:12]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-endpoint.events.network@mappings]
[00:00:12]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-endpoint.events.network@settings]
[00:00:12]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [.logs-endpoint.actions@custom]
[00:00:12]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-endpoint.events.process@custom]
[00:00:12]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-endpoint.events.file@custom]
[00:00:12]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [.logs-endpoint.action.responses@custom]
[00:00:12]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-endpoint.events.registry@custom]
[00:00:12]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-endpoint.metadata@custom]
[00:00:12]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [.logs-endpoint.diagnostic.collection@custom]
[00:00:12]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-endpoint.events.security@custom]
[00:00:12]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-endpoint.alerts@custom]
[00:00:12]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-endpoint.events.library@custom]
[00:00:12]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-endpoint.metrics@custom]
[00:00:12]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [metrics-endpoint.policy@custom]
[00:00:12]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding component template [logs-endpoint.events.network@custom]
[00:00:12]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [.logs-endpoint.actions] for index patterns [.logs-endpoint.actions-*]
[00:00:13]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [logs-endpoint.events.process] for index patterns [logs-endpoint.events.process-*]
[00:00:13]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [logs-endpoint.events.file] for index patterns [logs-endpoint.events.file-*]
[00:00:13]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [.logs-endpoint.action.responses] for index patterns [.logs-endpoint.action.responses-*]
[00:00:13]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [logs-endpoint.events.registry] for index patterns [logs-endpoint.events.registry-*]
[00:00:13]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [metrics-endpoint.metadata] for index patterns [metrics-endpoint.metadata-*]
[00:00:13]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [.logs-endpoint.diagnostic.collection] for index patterns [.logs-endpoint.diagnostic.collection-*]
[00:00:13]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [logs-endpoint.events.security] for index patterns [logs-endpoint.events.security-*]
[00:00:13]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [logs-endpoint.alerts] for index patterns [logs-endpoint.alerts-*]
[00:00:13]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [logs-endpoint.events.library] for index patterns [logs-endpoint.events.library-*]
[00:00:13]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [metrics-endpoint.metrics] for index patterns [metrics-endpoint.metrics-*]
[00:00:13]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [metrics-endpoint.policy] for index patterns [metrics-endpoint.policy-*]
[00:00:13]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [logs-endpoint.events.network] for index patterns [logs-endpoint.events.network-*]
[00:00:15]           │ info [o.e.c.m.MetadataCreateIndexService] [node-01] [.transform-internal-007] creating index, cause [auto(bulk api)], templates [], shards [1]/[1]
[00:00:15]           │ info [o.e.c.r.a.AllocationService] [node-01] updating number_of_replicas to [0] for indices [.transform-internal-007]
[00:00:15]           │ info [o.e.c.r.a.AllocationService] [node-01] current.health="GREEN" message="Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[.transform-internal-007][0]]])." previous.health="YELLOW" reason="shards started [[.transform-internal-007][0]]"
[00:00:15]           │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [.transform-notifications-000002] for index patterns [.transform-notifications-*]
[00:00:15]           │ info [o.e.x.t.t.p.SchemaUtil] [node-01] Failed to deduce mapping for [agent.id], fall back to keyword. Create the destination index with complete mappings first to avoid deducing the mappings
[00:00:15]           │ info [o.e.x.c.c.n.AbstractAuditor] [node-01] Auditor template [.transform-notifications-000002] successfully installed
[00:00:15]           │ info [o.e.c.m.MetadataCreateIndexService] [node-01] [metrics-endpoint.metadata_current_default] creating index, cause [api], templates [metrics-metadata-current], shards [1]/[1]
[00:00:15]           │ info [o.e.c.r.a.AllocationService] [node-01] updating number_of_replicas to [0] for indices [metrics-endpoint.metadata_current_default]
[00:00:15]           │ info [o.e.c.m.MetadataCreateIndexService] [node-01] [.metrics-endpoint.metadata_united_default] creating index, cause [api], templates [metrics-metadata-united], shards [1]/[1]
[00:00:15]           │ info [o.e.c.r.a.AllocationService] [node-01] updating number_of_replicas to [0] for indices [.metrics-endpoint.metadata_united_default]
[00:00:15]           │ info [o.e.c.m.MetadataCreateIndexService] [node-01] [.transform-notifications-000002] creating index, cause [auto(bulk api)], templates [.transform-notifications-000002], shards [1]/[1]
[00:00:15]           │ info [o.e.c.r.a.AllocationService] [node-01] updating number_of_replicas to [0] for indices [.transform-notifications-000002]
[00:00:15]           │ info [o.e.c.r.a.AllocationService] [node-01] current.health="GREEN" message="Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[metrics-endpoint.metadata_current_default][0], [.metrics-endpoint.metadata_united_default][0], [.transform-notifications-000002][0]]])." previous.health="YELLOW" reason="shards started [[metrics-endpoint.metadata_current_default][0], [.metrics-endpoint.metadata_united_default][0], [.transform-notifications-000002][0]]"
[00:00:15]           │ info [o.e.x.t.t.TransformTask] [node-01] [endpoint.metadata_current-default-1.2.0-dev.1] updating state for transform to [{"task_state":"started","indexer_state":"stopped","checkpoint":0,"progress":{"docs_indexed":0,"docs_processed":0},"should_stop_at_checkpoint":false}].
[00:00:15]           │ info [o.e.x.t.t.TransformTask] [node-01] [endpoint.metadata_united-default-1.2.0-dev.1] updating state for transform to [{"task_state":"started","indexer_state":"stopped","checkpoint":0,"progress":{"docs_indexed":0,"docs_processed":0},"should_stop_at_checkpoint":false}].
[00:00:15]           │ info [o.e.x.t.t.TransformPersistentTasksExecutor] [node-01] [endpoint.metadata_current-default-1.2.0-dev.1] successfully completed and scheduled task in node operation
[00:00:15]           │ info [o.e.x.t.t.ClientTransformIndexer] [node-01] [endpoint.metadata_current-default-1.2.0-dev.1] Failed to create a point in time reader, falling back to normal search.
[00:00:15]           │      java.lang.NullPointerException: Point in time parameter must be not null
[00:00:15]           │      	at java.util.Objects.requireNonNull(Objects.java:233) ~[?:?]
[00:00:15]           │      	at org.elasticsearch.action.search.OpenPointInTimeResponse.<init>(OpenPointInTimeResponse.java:38) ~[elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.search.TransportOpenPointInTimeAction.lambda$doExecute$1(TransportOpenPointInTimeAction.java:98) ~[elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.ActionListener$MappedActionListener.onResponse(ActionListener.java:95) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.ActionListener$RunAfterActionListener.onResponse(ActionListener.java:339) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.search.AbstractSearchAsyncAction.start(AbstractSearchAsyncAction.java:186) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.search.TransportSearchAction.executeSearch(TransportSearchAction.java:754) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.search.TransportSearchAction.executeLocalSearch(TransportSearchAction.java:542) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.search.TransportSearchAction.lambda$executeRequest$6(TransportSearchAction.java:335) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:134) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.index.query.Rewriteable.rewriteAndFetch(Rewriteable.java:103) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.index.query.Rewriteable.rewriteAndFetch(Rewriteable.java:76) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.search.TransportSearchAction.executeRequest(TransportSearchAction.java:376) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.search.TransportSearchAction.executeRequest(TransportSearchAction.java:276) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.search.TransportOpenPointInTimeAction.doExecute(TransportOpenPointInTimeAction.java:77) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.search.TransportOpenPointInTimeAction.doExecute(TransportOpenPointInTimeAction.java:37) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.support.TransportAction$RequestFilterChain.proceed(TransportAction.java:77) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.support.ActionFilter$Simple.apply(ActionFilter.java:42) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.support.TransportAction$RequestFilterChain.proceed(TransportAction.java:75) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.lambda$applyInternal$3(SecurityActionFilter.java:143) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.ActionListener$DelegatingFailureActionListener.onResponse(ActionListener.java:217) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.AuthorizationService$1.onResponse(AuthorizationService.java:481) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.AuthorizationService$1.onResponse(AuthorizationService.java:475) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.interceptor.DlsFlsLicenseRequestInterceptor.intercept(DlsFlsLicenseRequestInterceptor.java:82) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.AuthorizationService$1.onResponse(AuthorizationService.java:479) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.AuthorizationService$1.onResponse(AuthorizationService.java:475) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.interceptor.BulkShardRequestInterceptor.intercept(BulkShardRequestInterceptor.java:76) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.AuthorizationService$1.onResponse(AuthorizationService.java:479) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.AuthorizationService$1.onResponse(AuthorizationService.java:475) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.interceptor.FieldAndDocumentLevelSecurityRequestInterceptor.intercept(FieldAndDocumentLevelSecurityRequestInterceptor.java:75) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.interceptor.UpdateRequestInterceptor.intercept(UpdateRequestInterceptor.java:27) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.AuthorizationService$1.onResponse(AuthorizationService.java:479) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.AuthorizationService$1.onResponse(AuthorizationService.java:475) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.interceptor.ResizeRequestInterceptor.intercept(ResizeRequestInterceptor.java:78) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.AuthorizationService$1.onResponse(AuthorizationService.java:479) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.AuthorizationService$1.onResponse(AuthorizationService.java:475) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.interceptor.FieldAndDocumentLevelSecurityRequestInterceptor.intercept(FieldAndDocumentLevelSecurityRequestInterceptor.java:75) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.interceptor.ShardSearchRequestInterceptor.intercept(ShardSearchRequestInterceptor.java:26) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.AuthorizationService$1.onResponse(AuthorizationService.java:479) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.AuthorizationService$1.onResponse(AuthorizationService.java:475) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.interceptor.FieldAndDocumentLevelSecurityRequestInterceptor.intercept(FieldAndDocumentLevelSecurityRequestInterceptor.java:75) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.interceptor.SearchRequestInterceptor.intercept(SearchRequestInterceptor.java:26) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.AuthorizationService$1.onResponse(AuthorizationService.java:479) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.AuthorizationService$1.onResponse(AuthorizationService.java:475) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.interceptor.IndicesAliasesRequestInterceptor.intercept(IndicesAliasesRequestInterceptor.java:100) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.AuthorizationService.runRequestInterceptors(AuthorizationService.java:474) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.AuthorizationService.handleIndexActionAuthorizationResult(AuthorizationService.java:464) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.AuthorizationService.lambda$authorizeAction$11(AuthorizationService.java:395) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.AuthorizationSe
[00:00:15]           │ info rvice$AuthorizationResultListener.onResponse(AuthorizationService.java:781) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.AuthorizationService$AuthorizationResultListener.onResponse(AuthorizationService.java:756) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.support.ContextPreservingActionListener.onResponse(ContextPreservingActionListener.java:31) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.RBACEngine.lambda$authorizeIndexAction$3(RBACEngine.java:325) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:134) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.common.util.concurrent.ListenableFuture.notifyListenerDirectly(ListenableFuture.java:113) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.common.util.concurrent.ListenableFuture.addListener(ListenableFuture.java:55) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.common.util.concurrent.ListenableFuture.addListener(ListenableFuture.java:41) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.AuthorizationService$CachingAsyncSupplier.getAsync(AuthorizationService.java:828) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.RBACEngine.authorizeIndexAction(RBACEngine.java:318) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.AuthorizationService.authorizeAction(AuthorizationService.java:393) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.AuthorizationService.maybeAuthorizeRunAs(AuthorizationService.java:326) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.AuthorizationService.lambda$authorize$1(AuthorizationService.java:227) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:134) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.support.ContextPreservingActionListener.onResponse(ContextPreservingActionListener.java:31) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.RBACEngine.lambda$resolveAuthorizationInfo$1(RBACEngine.java:128) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:134) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.store.CompositeRolesStore.roles(CompositeRolesStore.java:175) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.store.CompositeRolesStore.getRoles(CompositeRolesStore.java:270) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.RBACEngine.getRoles(RBACEngine.java:134) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.RBACEngine.resolveAuthorizationInfo(RBACEngine.java:122) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authz.AuthorizationService.authorize(AuthorizationService.java:229) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.lambda$applyInternal$4(SecurityActionFilter.java:142) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:134) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authc.AuthenticatorChain.authenticateAsync(AuthenticatorChain.java:85) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.authc.AuthenticationService.authenticate(AuthenticationService.java:153) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.applyInternal(SecurityActionFilter.java:137) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.apply(SecurityActionFilter.java:101) [x-pack-security-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.support.TransportAction$RequestFilterChain.proceed(TransportAction.java:75) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.support.TransportAction.execute(TransportAction.java:53) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.tasks.TaskManager.registerAndExecute(TaskManager.java:163) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.client.node.NodeClient.executeLocally(NodeClient.java:100) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.client.node.NodeClient.doExecute(NodeClient.java:80) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.client.support.AbstractClient.execute(AbstractClient.java:375) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.client.FilterClient.doExecute(FilterClient.java:54) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.client.ParentTaskAssigningClient.doExecute(ParentTaskAssigningClient.java:52) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.client.support.AbstractClient.execute(AbstractClient.java:375) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.core.ClientHelper.executeWithHeadersAsync(ClientHelper.java:195) [x-pack-core-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.transform.transforms.ClientTransformIndexer.injectPointInTimeIfNeeded(ClientTransformIndexer.java:412) [transform-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.transform.transforms.ClientTransformIndexer.doNextSearch(ClientTransformIndexer.java:128) [transform-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.core.indexing.AsyncTwoPhaseIndexer.triggerNextSearch(AsyncTwoPhaseIndexer.java:605) [x-pack-core-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.core.indexing.AsyncTwoPhaseIndexer.nextSearch(AsyncTwoPhaseIndexer.java:592) [x-pack-core-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.core.indexing.AsyncTwoPhaseIndexer.lambda$maybeTriggerAsyncJob$4(AsyncTwoPhaseIndexer.java:216) [x-pack-core-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:134) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.transform.transforms.TransformIndexer.lambda$onStart$4(TransformIndexer.java:267) [transform-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:134) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.transform.transforms.TransformIndexer.lambda$onStart$5(TransformIndexer.java:303) [transform-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:134) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.transform.transforms.common.AbstractCompositeAggFunction.getInitialProgressFromResponse(AbstractCompositeAggFunction.java:187) [transform-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.xpack.transform.transforms.TransformIndexer.lambda$onStart$7(TransformIndexer.java:300) [transform-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:134) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.action.support.ContextPreservingActionListener.onResponse(ContextPreservingActionListener.java:31) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.client.node.NodeClient.lambda$executeLocally$0(NodeClient.java:103) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:00:15]           │      	at org.elasticsearch.tasks.TaskManager$1.onResponse(TaskManager.java:169) [elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNA
[00:00:15]           │ info [o.e.x.t.t.TransformPersistentTasksExecutor] [node-01] [endpoint.metadata_united-default-1.2.0-dev.1] successfully completed and scheduled task in node operation
[00:00:17]           │ info [o.e.c.m.MetadataMappingService] [node-01] [.kibana_8.0.0_001/10Q0gBmMQcitoEMRJnsQPQ] update_mapping [_doc]
[00:00:18]           │ info [o.e.c.m.MetadataMappingService] [node-01] [.kibana_8.0.0_001/10Q0gBmMQcitoEMRJnsQPQ] update_mapping [_doc]
[00:00:19]           │ info [docker:registry] 2021/10/19 01:15:30 source.ip: 172.17.0.1:40384, url.original: /search?package=system&internal=true&experimental=true
[00:00:19]           │ info [docker:registry] 2021/10/19 01:15:30 source.ip: 172.17.0.1:40388, url.original: /search?package=system&internal=true&experimental=true
[00:00:19]           │ info [docker:registry] 2021/10/19 01:15:31 source.ip: 172.17.0.1:40392, url.original: /search?package=system&internal=true&experimental=true
[00:00:19]           │ info [docker:registry] 2021/10/19 01:15:31 source.ip: 172.17.0.1:40396, url.original: /package/system/1.4.2
[00:00:19]           │ info [docker:registry] 2021/10/19 01:15:31 source.ip: 172.17.0.1:40400, url.original: /package/system/1.4.2/
[00:00:19]           │ info [o.e.c.m.MetadataMappingService] [node-01] [.kibana_8.0.0_001/10Q0gBmMQcitoEMRJnsQPQ] update_mapping [_doc]
[00:00:21]           │ info [docker:registry] 2021/10/19 01:15:32 source.ip: 172.17.0.1:40408, url.original: /search?package=fleet_server&internal=true&experimental=true
[00:00:21]           │ info [docker:registry] 2021/10/19 01:15:32 source.ip: 172.17.0.1:40412, url.original: /search?package=fleet_server&internal=true&experimental=true
[00:00:21]           │ info [docker:registry] 2021/10/19 01:15:32 source.ip: 172.17.0.1:40416, url.original: /search?package=fleet_server&internal=true&experimental=true
[00:00:21]           │ info [docker:registry] 2021/10/19 01:15:32 source.ip: 172.17.0.1:40420, url.original: /package/fleet_server/1.0.1
[00:00:21]           │ info [docker:registry] 2021/10/19 01:15:32 source.ip: 172.17.0.1:40424, url.original: /package/fleet_server/1.0.1/
[00:00:23]           │ info [o.e.c.m.MetadataCreateIndexService] [node-01] [.fleet-enrollment-api-keys-7] creating index, cause [auto(bulk api)], templates [], shards [1]/[1]
[00:00:23]           │ info [o.e.c.r.a.AllocationService] [node-01] updating number_of_replicas to [0] for indices [.fleet-enrollment-api-keys-7]
[00:00:23]           │ info [o.e.c.r.a.AllocationService] [node-01] current.health="GREEN" message="Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[.fleet-enrollment-api-keys-7][0]]])." previous.health="YELLOW" reason="shards started [[.fleet-enrollment-api-keys-7][0]]"
[00:00:24]           │ info [o.e.c.m.MetadataCreateIndexService] [node-01] [.fleet-policies-7] creating index, cause [auto(bulk api)], templates [], shards [1]/[1]
[00:00:24]           │ info [o.e.c.r.a.AllocationService] [node-01] updating number_of_replicas to [0] for indices [.fleet-policies-7]
[00:00:24]           │ info [o.e.c.r.a.AllocationService] [node-01] current.health="GREEN" message="Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[.fleet-policies-7][0]]])." previous.health="YELLOW" reason="shards started [[.fleet-policies-7][0]]"
[00:00:24]           │ info [docker:registry] 2021/10/19 01:15:36 source.ip: 172.17.0.1:40438, url.original: /search?package=system&internal=true&experimental=true
[00:00:24]           │ info [docker:registry] 2021/10/19 01:15:36 source.ip: 172.17.0.1:40436, url.original: /search?package=fleet_server&internal=true&experimental=true
[00:00:24]           │ info [docker:registry] 2021/10/19 01:15:36 source.ip: 172.17.0.1:40446, url.original: /search?package=elastic_agent&internal=true&experimental=true
[00:00:24]           │ info [docker:registry] 2021/10/19 01:15:36 source.ip: 172.17.0.1:40444, url.original: /search?package=elastic_agent&internal=true&experimental=true
[00:00:29]         └-: test metadata api
[00:00:29]           └-> "before all" hook in "test metadata api"
[00:00:29]           └-: with metrics-endpoint.metadata_current_default index
[00:00:29]             └-> "before all" hook in "with metrics-endpoint.metadata_current_default index"
[00:00:29]             └-: POST /api/endpoint/metadata when index is not empty
[00:00:29]               └-> "before all" hook for "metadata api should return one entry for each host with default paging"
[00:00:29]               └-> "before all" hook for "metadata api should return one entry for each host with default paging"
[00:00:29]                 │ info [x-pack/test/functional/es_archives/endpoint/metadata/api_feature] Loading "data.json"
[00:00:29]                 │ info [o.e.c.m.MetadataCreateIndexService] [node-01] [.ds-metrics-endpoint.metadata-default-2021.10.19-000001] creating index, cause [initialize_data_stream], templates [metrics-endpoint.metadata], shards [1]/[1]
[00:00:29]                 │ info [o.e.c.m.MetadataCreateDataStreamService] [node-01] adding data stream [metrics-endpoint.metadata-default] with write index [.ds-metrics-endpoint.metadata-default-2021.10.19-000001], backing indices [], and aliases []
[00:00:29]                 │ info [o.e.x.i.IndexLifecycleTransition] [node-01] moving index [.ds-metrics-endpoint.metadata-default-2021.10.19-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [metrics]
[00:00:29]                 │ info [x-pack/test/functional/es_archives/endpoint/metadata/api_feature] Indexed 9 docs into "metrics-endpoint.metadata-default"
[00:00:29]                 │ info [o.e.x.i.IndexLifecycleTransition] [node-01] moving index [.ds-metrics-endpoint.metadata-default-2021.10.19-000001] from [{"phase":"new","action":"complete","name":"complete"}] to [{"phase":"hot","action":"unfollow","name":"branch-check-unfollow-prerequisites"}] in policy [metrics]
[00:00:29]                 │ info [o.e.x.i.IndexLifecycleTransition] [node-01] moving index [.ds-metrics-endpoint.metadata-default-2021.10.19-000001] from [{"phase":"hot","action":"unfollow","name":"branch-check-unfollow-prerequisites"}] to [{"phase":"hot","action":"rollover","name":"check-rollover-ready"}] in policy [metrics]
[00:02:29]               └-> metadata api should return one entry for each host with default paging
[00:02:29]                 └-> "before each" hook: global before each for "metadata api should return one entry for each host with default paging"
[00:02:29]                 └- ✖ fail: Endpoint plugin test metadata api with metrics-endpoint.metadata_current_default index POST /api/endpoint/metadata when index is not empty metadata api should return one entry for each host with default paging
[00:02:29]                 │       Error: expected 0 to sort of equal 3
[00:02:29]                 │       + expected - actual
[00:02:29]                 │ 
[00:02:29]                 │       -0
[00:02:29]                 │       +3
[00:02:29]                 │       
[00:02:29]                 │       at Assertion.assert (/dev/shm/workspace/kibana/node_modules/@kbn/expect/expect.js:100:11)
[00:02:29]                 │       at Assertion.eql (/dev/shm/workspace/kibana/node_modules/@kbn/expect/expect.js:244:8)
[00:02:29]                 │       at Context.<anonymous> (test/security_solution_endpoint_api_int/apis/metadata.ts:85:33)
[00:02:29]                 │       at runMicrotasks (<anonymous>)
[00:02:29]                 │       at processTicksAndRejections (node:internal/process/task_queues:96:5)
[00:02:29]                 │       at Object.apply (/dev/shm/workspace/kibana/node_modules/@kbn/test/target_node/functional_test_runner/lib/mocha/wrap_function.js:87:16)
[00:02:29]                 │ 
[00:02:29]                 │

Stack Trace

Error: expected 0 to sort of equal 3
    at Assertion.assert (/dev/shm/workspace/kibana/node_modules/@kbn/expect/expect.js:100:11)
    at Assertion.eql (/dev/shm/workspace/kibana/node_modules/@kbn/expect/expect.js:244:8)
    at Context.<anonymous> (test/security_solution_endpoint_api_int/apis/metadata.ts:85:33)
    at runMicrotasks (<anonymous>)
    at processTicksAndRejections (node:internal/process/task_queues:96:5)
    at Object.apply (/dev/shm/workspace/kibana/node_modules/@kbn/test/target_node/functional_test_runner/lib/mocha/wrap_function.js:87:16) {
  actual: '0',
  expected: '3',
  showDiff: true
}

Metrics [docs]

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
monitoring 1.1MB 1.1MB +210.0B

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @neptunian

@klacabane
Copy link
Contributor

klacabane commented Oct 19, 2021
edited
Loading

Added some findings on #115267 and it looks like we're getting a stale anchor element which doesn't execute the redirection while the click event is registered.

@neptunian
Copy link
Contributor Author

Closing in favor of #115612

@neptunian neptunian closed this Oct 19, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@neptunian neptunian

Labels
Epic: Stack Monitoring de-angularization Team:Infra Monitoring UI - DEPRECATED DEPRECATED - Label for the Infra Monitoring UI team. Use Team:obs-ux-infra_services v7.16.0 v8.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@neptunian @kibanamachine @klacabane