Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Endpoint] ES Archiver fails to load with data #69245

Closed
aisantos opened this issue Jun 16, 2020 · 4 comments
Closed

[Endpoint] ES Archiver fails to load with data #69245

aisantos opened this issue Jun 16, 2020 · 4 comments
Assignees
Labels
bug Fixes for quality problems that affect the customer experience impact:high Addressing this issue will have a high level of impact on the quality/strength of our product. Team:Endpoint Data Visibility Team managing the endpoint resolver v7.9.0

Comments

@aisantos
Copy link

Related Issue: #68584 Failing ES Promotion: apis Endpoint plugin test metadata api POST /api/endpoint/metadata when index is not empty

Elasticsearch version:
8.0

Original install method (e.g. download page, yum, from source, etc.):
from source

Describe the bug
Loading es_archiver with the following 2 commands produces errors in screenshots.
node ../scripts/es_archiver.js --es-url http://localhost:9200 --kibana-url http://localhost:5601 --use-create load endpoint/metadata/api_feature (see screenshot 1)
node ../scripts/es_archiver.js load endpoint/metadata/api_feature (see screenshot 2)

To Reproduce
Steps to reproduce the behavior:

  1. Follow instructions on running endpoint on SIEM, see here
  2. Run node ../scripts/es_archiver.js --es-url http://localhost:9200 --kibana-url http://localhost:5601 --use-create load endpoint/metadata/api_feature in the terminal
  3. Observe auth error in screenshot 1
  4. Delete data stream with the following command in dev tools:
    DELETE _data_stream/metrics-endpoint.metadata-*
  5. Run node ../scripts/es_archiver.js load endpoint/metadata/api_feature
  6. Observe data_stream error in screenshot 2

Expected behavior
es_archiver data loads into endpoint index

Screenshots
Screenshot 1:
Screen Shot 2020-06-16 at 1 34 08 AM

Screenshot 2:
Screen Shot 2020-06-16 at 1 34 27 AM

Browser (if browser specific):

  • OS: Mac OS Mojave 10.14.6
  • Browser: Chrome
  • Version: 81.0.4044.138 (Official Build) (64-bit)

Additional context
Add any other context about the problem here.

Errors in browser console (if relevant):

Provide logs and/or server output (if relevant):

Any additional context:

@aisantos aisantos changed the title ES Archiver fails to load with data [Endpoint] ES Archiver fails to load with data Jun 16, 2020
@aisantos aisantos added impact:high Addressing this issue will have a high level of impact on the quality/strength of our product. blocker bug Fixes for quality problems that affect the customer experience Team:Endpoint Management labels Jun 16, 2020
@elasticmachine
Copy link
Contributor

Pinging @elastic/endpoint-management (Team:Endpoint Management)

@aisantos aisantos added Team:Endpoint Data Visibility Team managing the endpoint resolver and removed Team:Endpoint Management labels Jun 16, 2020
@elasticmachine
Copy link
Contributor

Pinging @elastic/endpoint-data-visibility-team (Team:Endpoint Data Visibility)

@aisantos
Copy link
Author

@aisantos
Copy link
Author

aisantos commented Jun 16, 2020

Fixed. It works with the auth and --use-create flag
Screen Shot 2020-06-16 at 9 22 35 AM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Fixes for quality problems that affect the customer experience impact:high Addressing this issue will have a high level of impact on the quality/strength of our product. Team:Endpoint Data Visibility Team managing the endpoint resolver v7.9.0
Projects
None yet
Development

No branches or pull requests

4 participants