Skip to content

[sysdig]: vulnerability data stream stops collecting data for very large data #15305

New issue
New issue
Open
Bug
#15306
Open
[sysdig]: vulnerability data stream stops collecting data for very large data#15305
Bug
#15306
Assignees
brijesh-elastic
Labels
Integration:sysdigSysdigTeam:Sit-CrestCrest developers on the Security Integrations team [elastic/sit-crest-contractors]bugSomething isn't working, use only for issuesneeds:triage
@brijesh-elastic

Description

@brijesh-elastic
brijesh-elastic
opened on Sep 12, 2025

Integration Name

Sysdig [sysdig]

Dataset Name

sysdig.vulnerability

Integration Version

2.1.0

Agent Version

8.16.0

Agent Output Type

elasticsearch

Elasticsearch Version

8.16.0

OS Version and Architecture

elastic-package

Software/API Version

No response

Error Message

Didn't receive any specific error.

Event Original

No response

What did you do?

Configure the Sysdig vulnerability data stream using the default parameters.

What did you see?

After saving the integration, I didn't receive any data or errors on the Discover page, even though I enabled debug logging for the agent. The diagnostics also don't show any errors. In the diagnostics, the CEL execution never completed (the response state never appears in the logs), but the request state message is seen many times. It seems the input was killed due to an out-of-memory issue and then restarted.

This issue has only occurred with a large amount of data.

What did you expect to see?

Data collection should gather logs, and they should be visible on the Discover page.

Anything else?

This issue has only occurred with a large amount of data.

Metadata

Metadata

Assignees

Labels

Integration:sysdigSysdigTeam:Sit-CrestCrest developers on the Security Integrations team [elastic/sit-crest-contractors]bugSomething isn't working, use only for issuesneeds:triage

Type

Bug

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions