Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Datasets system.auth and system.syslog are not available for AL2023 under Data streams tab. #4250

Open
amolnater-qasource opened this issue Feb 13, 2024 · 7 comments
Open

Datasets system.auth and system.syslog are not available for AL2023 under Data streams tab. #4250

amolnater-qasource opened this issue Feb 13, 2024 · 7 comments
Labels
bug Something isn't working impact:high Short-term priority; add to current release, or definitely next. Team:Elastic-Agent-Control-Plane Label for the Agent Control Plane team Team:Elastic-Agent-Data-Plane Label for the Agent Data Plane team

Comments

@amolnater-qasource
Copy link

Kibana Build details:

VERSION: 8.13.0 SNAPSHOT
BUILD: 71393
COMMIT: 4f3bc35472dfeb88c02466790bd3c96dcc98f4de
Artifact Link: https://snapshots.elastic.co/8.13.0-e2cda7bd/downloads/beats/elastic-agent/elastic-agent-8.13.0-SNAPSHOT-linux-x86_64.tar.gz

Host OS: Amazon Linux 2023(AL2023)

Preconditions:

  1. 8.13.0 SNAPSHOT Kibana cloud environment should be available.

Steps to reproduce:

  1. Install agent on AL2023 with agent policy having System integration.
  2. Navigate to Data streams tab and observe no data available for system.auth and system.syslog datasets.

Screenshots:
image

Expected Result:
Datasets system.auth and system.syslog should be available for AL2023 under Data streams tab.

Testing Under:
https://github.com/elastic/ingest-dev/issues/2942
@amolnater-qasource amolnater-qasource added bug Something isn't working Team:Elastic-Agent-Control-Plane Label for the Agent Control Plane team impact:high Short-term priority; add to current release, or definitely next. labels Feb 13, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/elastic-agent-control-plane (Team:Elastic-Agent-Control-Plane)

@amolnater-qasource
Copy link
Author

@manishgupta-qasource Please review.

@pierrehilbert
Copy link
Contributor

The issue seems to be the same than #3650, AL2023 is using journald instead of rsyslog

@manishgupta-qasource
Copy link

Secondary review for this ticket is Done

@pierrehilbert
Copy link
Contributor

Will be covered by elastic/beats#37086

@pierrehilbert pierrehilbert added the Team:Elastic-Agent-Data-Plane Label for the Agent Data Plane team label Jun 3, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/elastic-agent-data-plane (Team:Elastic-Agent-Data-Plane)

@jlind23 jlind23 mentioned this issue Jul 2, 2024
Merged
10 tasks
@belimawr
Copy link
Contributor

belimawr commented Aug 8, 2024

While elastic/beats#37086 paves the path to close this issue, it is also needed to update the system integration to use the journald input on hosts that have moved away from traditional log files.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working impact:high Short-term priority; add to current release, or definitely next. Team:Elastic-Agent-Control-Plane Label for the Agent Control Plane team Team:Elastic-Agent-Data-Plane Label for the Agent Data Plane team
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@belimawr @pierrehilbert @elasticmachine @manishgupta-qasource @amolnater-qasource