Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Auditbeat] Error process.entity_id is duplicated error running setup #17042

Closed
liza-mae opened this issue Mar 16, 2020 · 6 comments · Fixed by #17089
Closed

[Auditbeat] Error process.entity_id is duplicated error running setup #17042

liza-mae opened this issue Mar 16, 2020 · 6 comments · Fixed by #17089
Assignees
@adriansr
Labels
Auditbeat bug

Comments

@liza-mae
Copy link

  • Version: master
  • Operating System: Linux
  • Discuss Forum URL: snapshot
  • Steps to Reproduce:

Running auditbeat setup is throwing an error:

Overwriting ILM policy is disabled. Set setup.ilm.overwrite:true for enabling.

Index setup finished.
Loading dashboards (Kibana must be running and reachable)
Exiting: error generating index pattern: field <process.entity_id> is duplicated, remove it or set 'overwrite: true', {Name:entity_id Type:keyword Description:ID uniquely identifying the process. It is computed as a SHA-256 hash of the host ID, PID, and process start time.
Format: Fields:[] MultiFields:[] Enabled: Analyzer: SearchAnalyzer: Norms:false Dynamic:{Value:} Index: DocValues: CopyTo: IgnoreAbove:0 AliasPath: MigrationAlias:false Dimension: ObjectType: ObjectTypeMappingType: ScalingFactor:0 ObjectTypeParams:[] Analyzed: Count:0 Searchable: Aggregatable: Script: Pattern: InputFormat: OutputFormat: OutputPrecision: LabelTemplate: UrlTemplate:[] OpenLinkInCurrentTab: Overwrite:false DefaultField: Path:process.entity_id}, {"aggregatable":true,"analyzed":false,"count":0,"doc_values":true,"indexed":true,"name":"process.entity_id","scripted":false,"searchable":true,"type":"string"}
@liza-mae liza-mae added bug Auditbeat Team:Services (Deprecated) Label for the former Integrations-Services team labels Mar 16, 2020
@elasticmachine
Copy link
Collaborator

Pinging @elastic/integrations-services (Team:Services)

@ycombinator ycombinator added Team:SIEM and removed Team:Services (Deprecated) Label for the former Integrations-Services team labels Mar 18, 2020
@elasticmachine
Copy link
Collaborator

Pinging @elastic/siem (Team:SIEM)

@adriansr adriansr self-assigned this Mar 18, 2020
adriansr added a commit to adriansr/beats that referenced this issue Mar 18, 2020
@adriansr
Remove duplicated field process.entity_id
98688cf 
Auditbeat was declaring this field before it was introduced in ECS 1.5
leading to duplication.

Fixes elastic#17042
@adriansr adriansr mentioned this issue Mar 18, 2020
Merged
adriansr added a commit that referenced this issue Mar 18, 2020
@adriansr
Remove duplicated field process.entity_id (#17089)
f01a126 
Auditbeat was declaring this field before it was introduced in ECS 1.5
leading to duplication.

Fixes #17042
@liza-mae
Copy link
Author

@adriansr thanks for the fix, this needs to be backported to 7.x please.

@liza-mae liza-mae reopened this Mar 19, 2020
@adriansr
Copy link
Contributor

@liza-mae yes, the backport is on its way 👍

@liza-mae
Copy link
Author

Thank you @adriansr :) !

@adriansr adriansr mentioned this issue Mar 19, 2020
Merged
adriansr added a commit to adriansr/beats that referenced this issue Mar 19, 2020
@adriansr
Remove duplicated field process.entity_id (elastic#17089)
6b7b953 
Auditbeat was declaring this field before it was introduced in ECS 1.5
leading to duplication.

Fixes elastic#17042

(cherry picked from commit f01a126)
adriansr added a commit that referenced this issue Mar 19, 2020
@adriansr
Remove duplicated field process.entity_id (#17089) (#17113)
921448c 
Auditbeat was declaring this field before it was introduced in ECS 1.5
leading to duplication.

Fixes #17042

(cherry picked from commit f01a126)
@jlind23
Copy link
Collaborator

jlind23 commented Apr 1, 2022

Backlog grooming: Closing it for now until further activity, can still be reopened if needed.

@jlind23 jlind23 closed this as completed Apr 1, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@adriansr adriansr

Labels
Auditbeat bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Remove duplicated field process.entity_id adriansr/beats
5 participants
@ycombinator @adriansr @elasticmachine @liza-mae @jlind23