Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"windows.powershell_operational" not available in Fleet Data Streams tab when relating events are on host Win Server 2012. #570

Closed
amolnater-qasource opened this issue Jan 27, 2021 · 7 comments
Closed

"windows.powershell_operational" not available in Fleet Data Streams tab when relating events are on host Win Server 2012. #570

amolnater-qasource opened this issue Jan 27, 2021 · 7 comments
Labels
bug Something isn't working, use only for issues Integration:windows Windows QA:Needs Validation Needs validation by the QA Team Stalled Team:Integrations Label for the Integrations team

Comments

@amolnater-qasource
Copy link

amolnater-qasource commented Jan 27, 2021
edited by EricDavisX
Loading

Kibana version:
Kibana: 8.0.0 Snapshot Cloud environment

Preconditions:

  1. Artifacts for 8.0.0 Snapshot Agent should be available.
    Link used: https://snapshots.elastic.co/8.0.0-e9bbbb5f/downloads/beats/elastic-agent/elastic-agent-8.0.0-SNAPSHOT-windows-x86_64.zip

Build Details:

    BUILD: 39872
    COMMIT: 0fe7b9e080c67c43aefdb7ea25d5e90a80cb4ade
  1. Agent must be deployed using default policy having Windows integration.

Steps to reproduce:

  1. Login to Kibana cloud environment.
  2. Navigate to Fleet>Data Streams tab.
  3. Go to integration filter and select- windows.
  4. Observe that "windows.powershell_operational" dataset logs are not available under Data Streams tab.
  5. Navigate to Windows Server 2012 endpoint.
  6. Run: Get-WinEvent -ListLog * | where {$_.RecordCount -gt 0} command in PowerShell.
  7. Observe that "Microsoft-Windows-Powershell/Operational" events are available.

Reference ticket Id:
#551 (comment)

Actual Result:
"windows.powershell_operational" dataset logs are not available under Data Streams tab when "Microsoft-Windows-Powershell/Operational" events are available for Windows Server 2012.

Expected Result:
"windows.powershell_operational" should be available in Data Streams tab in this case

Screenshots:
Server Bug
@andresrc andresrc added the Team:Integrations Label for the Integrations team label Jan 27, 2021
@elasticmachine
Copy link

Pinging @elastic/integrations (Team:Integrations)

@manishgupta-qasource
Copy link

Reviewed & Assigned to @EricDavisX

@manishgupta-qasource manishgupta-qasource added the Team:Fleet Label for the Fleet team [elastic/fleet] label Jan 27, 2021
@elasticmachine
Copy link

Pinging @elastic/ingest-management (Team:Ingest Management)

@manishgupta-qasource manishgupta-qasource added bug Something isn't working, use only for issues Integration:windows Windows labels Jan 27, 2021
@amolnater-qasource amolnater-qasource mentioned this issue Jan 27, 2021
Closed
@EricDavisX EricDavisX changed the title [Ingest Manager]: "windows.powershell_operational" dataset logs are not available under Data Streams tab when "Microsoft-Windows-Powershell/Operational" events are available for Windows Server 2012. "windows.powershell_operational" not available in Fleet Data Streams tab when relating events are on host Win Server 2012. Jan 27, 2021
@EricDavisX
Copy link
Contributor

I see this is a spin-off of the above linked issue, thank you for the reference link.
@amolnater-qasource we need to know the version of the Integration used during test when we are reporting a 'data' problem with collection. Also, if it works on other Windows host systems please do note this or note whether it has been assessed, so we can follow up if needs be. Thank you.

@EricDavisX EricDavisX removed the Team:Fleet Label for the Fleet team [elastic/fleet] label Jan 27, 2021
@fearful-symmetry
Copy link
Contributor

@narph might want to look into this. I looked into it, and wasn't sure if it was an integrations issue, or a config issue.

@amolnater-qasource
Copy link
Author

amolnater-qasource commented Jan 28, 2021
edited
Loading

Hi @EricDavisX

Windows Integration version used during testing was v0.3.0

Further, we have shared our observations for Windows 10 host on 8.0 snapshot Kibana cloud build earlier in ticket #551 (comment)

Build details:

BUILD: 39872
COMMIT: 0fe7b9e080c67c43aefdb7ea25d5e90a80cb4ade

Observation :

  • "windows.powershell_operational" dataset logs are available on Datstream page for Windows 10 OS host.

Please refer below Screenshot:
win

Thanks
QAS

@ph ph mentioned this issue Feb 3, 2021
Open
@narph narph removed their assignment Nov 18, 2021
@botelastic
Copy link

botelastic bot commented Nov 18, 2022

Hi! We just realized that we haven't looked into this issue in a while. We're sorry! We're labeling this issue as Stale to make it hit our filters and make sure we get back to it as soon as possible. In the meantime, it'd be extremely helpful if you could take a look at it as well and confirm its relevance. A simple comment with a nice emoji will be enough :+1. Thank you for your contribution!

@botelastic botelastic bot added the Stalled label Nov 18, 2022
@botelastic botelastic bot closed this as completed May 17, 2023
@amolnater-qasource amolnater-qasource added the QA:Needs Validation Needs validation by the QA Team label May 17, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working, use only for issues Integration:windows Windows QA:Needs Validation Needs validation by the QA Team Stalled Team:Integrations Label for the Integrations team
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@andresrc @narph @fearful-symmetry @EricDavisX @elasticmachine @manishgupta-qasource @amolnater-qasource