Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Filebeat] winlog input metrics are unregistered after recovery #36479

Closed
andrewkroh opened this issue Aug 31, 2023 · 1 comment · Fixed by #36483
Closed

[Filebeat] winlog input metrics are unregistered after recovery #36479

andrewkroh opened this issue Aug 31, 2023 · 1 comment · Fixed by #36483
Assignees
@efd6
Labels
bug Filebeat Filebeat Winlogbeat

Comments

@andrewkroh
Copy link
Member

When the winlog input encounters an error, such as the Microsoft-Windows-Windows Defender provider being removed during updates, it attempts to recover. The recovery is done by calling Close() and the Open(). But the lifetime of the input metrics is tied into the construction of the reader and Close(). So when open is called for a second time the input will not have any metrics registered.

Screenshot 2023-08-31 at 16 32 04

After the failure occurred there were not more metrics:

Screenshot 2023-08-31 at 16 46 17
@elasticmachine
Copy link
Collaborator

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@efd6 efd6 self-assigned this Sep 1, 2023
This was referenced Sep 1, 2023
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@efd6 efd6

Labels
bug Filebeat Filebeat Winlogbeat
Projects
None yet
Milestone
No milestone
3 participants
@andrewkroh @elasticmachine @efd6