Filebeat Maximum of 1000 shards reached?

GliderSnipping

unread,

Aug 20, 2022, 2:27:25 PM8/20/22

to Wazuh mailing list

|Wazuh version|Component|Install type|Install method|Platform|
|---|---|---|---|---|
| 4301-1 | Filebeat? | Manager | Sources (unattended-installation.sh) | Debian 11 |

Hello,

I've been getting strange issues lately which I'm unsure how to resolve.
Wazuh simply stops showing any logs, but luckily they do get logged in `alerts.json`.

Looking around the web yielded no valid solution, so I reverted the VM a week back. Worked like a charm (for a week) until the same issues appeared again today. (Probably when the elasticsearch indices filled up)

One noticeable issue that I also found on the google group here:

`systemctl status filebeat`:
```
Aug 16 17:03:49 sierra filebeat[520]: 2022-08-16T17:03:49.797+0200 WARN [elasticsearch] elasticsearch/client.go:408 Cannot index event publisher.Event{Content:beat.Event{Timestamp:time.Time{wall:0xc0b70a552f544e68, ext:354569171825743, loc:(*time.Location)(0x42417a0)}, Meta:{"pipeline":"filebeat-7.10.2-wazuh-alerts-pipeline"}, Fields:{"agent"
...
SNIP
...
{"type":"validation_exception","reason":"Validation Failed: 1: this action would add [3] total shards, but this cluster currently has [1000]/[1000] maximum shards open;"}
```

I'm not sure what these indexes/indices are, but do I need all of them?

Is this a problem with too many logs in elasticsearch?
I'm sure I have system space, though maybe elasticsearch has a hard cap on used space? I would like to keep at least 6 months back.

Is there a simple way to do a cleanup? (delete if older than 6m)

Is there an all in one cleanup script to clean data from elasticsearch, /var/ossec/logs and everywhere else there would be junk? (anything older than 6m in my case)
If not, can you please list all the files I would need to delete manually.

I got confused with wazuh-alerts indexes (being for alerts), and wazuh-monitoring indexes (as I understood something for agents?)
Do I need to keep both for a 6m period (if I want to keep 6 months worth of logs) or are they somehow different?

I'm not sure why this is happening, but it doesn't seem right on a "vanilla installation". This means that EVERY wazuh admin will encounter this issue every once in a while, or at least once, until they configure policies or I'm not even exactly sure, what the fix for this would be. Though I'm sure there's a solution for it, if you knowledgeable folks wouldn't mind sharing 😄

Geoff Nordli

unread,

Aug 20, 2022, 7:17:03 PM8/20/22

to Wazuh mailing list

Hi.

Yes, everyone runs into this. These are some commands I use assuming default username/password.

cluster health

curl -u admin:admin -k -XGET https://localhost:9200/_cluster/health?pretty

List the indices

curl -u admin:admin -k -XGET https://localhost:9200/_cat/indices?pretty

Set the number of shards per node (you already have yours set to 1000)

curl -u admin:admin -k -XPUT -H 'Content-Type: application/json' 'https://localhost:9200/_cluster/settings' -d '{ "persistent" : {"cluster.max_shards_per_node" : 1000 } }'

delete indices.

curl -X DELETE -u admin:admin -k 'https://localhost:9200/wazuh-statistics-2021*'

You will need to find what indices you want to delete, then use the delete command.

You can then setup a policy to delete the indices so you don't have to manually purge them.

Geoff

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/2d87508c-25e9-480e-8932-f9f58a9a3465n%40googlegroups.com.

GliderSnipping

unread,

Aug 21, 2022, 1:56:28 AM8/21/22

to Wazuh mailing list

Thanks for the reply Geoff.

So if I want to keep 6 months worth of logs, do I just delete indices older than 6 months?

Is there a difference between warm/cold indices? I saw in another thread that someone wants to keep 3 months worth of warm indices, and 1 year of logs overall (https://groups.google.com/g/wazuh/c/7AA-HkJ3hDA/m/JQHKjrnSLQAJ). That would work for me, though I don't yet understand warm/cold indices and their functioning.

And about policy setting, where do I go about configuring that?

Also should I use single shard indices since I'm on a single node? (https://groups.google.com/g/wazuh/c/7AA-HkJ3hDA/m/2iwUnmnYLQAJ)

After I use the DELETE command, is all the junk cleared up from the filesystem? I'm guessing I'm supposed to DELETE everything older than 6 months (if I want to keep 6 months worth of logs) Though it seems my oldest logs are exactly 6 months old (February 1st).

How do I "retire" some of these indices? I'm guessing this is what it means to put them in cold storage, though I'm curious what that does exactly? After they're in "cold" state, can I not look them up in wazuh query search anymore?

What about shrinking these indices? Would that just make them smaller on the filesystem? What gain does it provide? Same thread: (https://groups.google.com/g/wazuh/c/7AA-HkJ3hDA/m/7uM4nVjtLQAJ)

List of all current indices:

yellow open security-auditlog-2022.05.30 7hg8dELCTRGrA_CrRSc9Kg 1 1 8 0 153.3kb 153.3kb
green open .opendistro-reports-instances Esjqk0gXRKOvz_zhSNGYvQ 1 0 0 0 208b 208b
yellow open security-auditlog-2022.05.31 HuvfEw0WSA2sBlGjMiWK-g 1 1 15 0 116.9kb 116.9kb
yellow open security-auditlog-2022.06.01 QKM4rLsLStmBpg-9FpDilg 1 1 12 0 57.4kb 57.4kb
yellow open security-auditlog-2022.06.02 EJdk6LVBTvK5ugLy7obNHw 1 1 11 0 55.4kb 55.4kb
yellow open security-auditlog-2022.06.03 zFn4sUOwRT-GNXvZ6xi6zA 1 1 18 0 155.7kb 155.7kb
yellow open security-auditlog-2022.06.04 OUbUSYs7R3qpYtsCyqMLSg 1 1 15 0 99.5kb 99.5kb
yellow open security-auditlog-2022.06.05 Q48IlHD6QSSFrFhk9-4SMw 1 1 22 0 68.8kb 68.8kb
green open wazuh-statistics-2022.31w 5imMQ5NwSCWLmujF5OGPXQ 1 0 2935 0 832.3kb 832.3kb
yellow open security-auditlog-2022.06.06 UaTVwYSdTYCq3K5T2YIrOg 1 1 22 0 108.7kb 108.7kb
yellow open security-auditlog-2022.06.07 v3spCtmNTzOTy8JB512HqA 1 1 18 0 173.6kb 173.6kb
yellow open security-auditlog-2022.06.08 YO3vfzAbQ52gmP-C2gj_6w 1 1 18 0 156.1kb 156.1kb
yellow open security-auditlog-2022.06.09 BixmGVKWT62v1V4jGsgYyw 1 1 13 0 93.4kb 93.4kb
yellow open security-auditlog-2022.05.20 9GVDKiLxTMyNQVgUt7tqKA 1 1 15 0 133.4kb 133.4kb
yellow open security-auditlog-2022.05.21 BEog6NRLT2qYWS6gtpo_Sg 1 1 11 0 55.2kb 55.2kb
yellow open security-auditlog-2022.05.22 kLrumK4gQImXICg9KSCp-g 1 1 21 0 71.7kb 71.7kb
yellow open security-auditlog-2022.05.23 ZvpyOGxfQk6LXDRVgXDExw 1 1 21 0 65kb 65kb
yellow open security-auditlog-2022.05.24 1t7a4JbqQn2nXgjXvzxI_A 1 1 14 0 113.9kb 113.9kb
yellow open security-auditlog-2022.05.25 DOJGy7iCT2SQN_8-vBYmpg 1 1 28 0 149.7kb 149.7kb
green open wazuh-statistics-2022.20w KHUgW_tuTkCD_z6MzwuRig 1 0 4028 0 1001.7kb 1001.7kb
yellow open security-auditlog-2022.05.26 GFTwSg_0RhirwS1uHP5Hcw 1 1 32 0 184.4kb 184.4kb
green open wazuh-statistics-2022.32w u5Ys56AoTSWCysNLBi4MkA 1 0 1407 0 408.1kb 408.1kb
yellow open security-auditlog-2022.05.27 BxJ1X20XQZmR82wdw-CxKQ 1 1 34 0 70kb 70kb
yellow open security-auditlog-2022.05.28 uS-9JqQqRB6yJXusyYow9A 1 1 9 0 154.5kb 154.5kb
yellow open security-auditlog-2022.05.29 FqMM3A7RRTu-PKauFHbySg 1 1 11 0 56.5kb 56.5kb
yellow open security-auditlog-2022.06.20 tqySmUm1RguqBi1O150pxg 1 1 13 0 76.6kb 76.6kb
yellow open security-auditlog-2022.06.21 3O9DbBjdRPuatDVEKJdTsA 1 1 16 0 135.2kb 135.2kb
yellow open security-auditlog-2022.06.22 FsTZEy0yQCetoqhl9NtlQQ 1 1 16 0 153kb 153kb
yellow open security-auditlog-2022.06.23 NzfbLaKkQ06a-Vblh6EUgA 1 1 19 0 176.5kb 176.5kb
yellow open security-auditlog-2022.06.24 9uum7xluTnOnOFrI-EXSew 1 1 12 0 75.7kb 75.7kb
yellow open security-auditlog-2022.06.25 HbFCHjmzSe-9nYG6XILIUw 1 1 12 0 56.2kb 56.2kb
yellow open security-auditlog-2022.06.26 -VLm6wX1T5iytmTEMEsTMA 1 1 11 0 55.9kb 55.9kb
yellow open security-auditlog-2022.06.27 D071PUUeT3e8X8xbbg4EQA 1 1 18 0 155.5kb 155.5kb
green open wazuh-statistics-2022.21w uawU-4yYQ1qNR59QpCGU8g 1 0 4017 0 1mb 1mb
yellow open security-auditlog-2022.06.28 SxQRg-MzTPSUe_Fw3yrE_g 1 1 18 0 172.9kb 172.9kb
yellow open security-auditlog-2022.06.29 YN_BOvljTKGa47Nnxpgv3g 1 1 16 0 117.4kb 117.4kb
yellow open security-auditlog-2022.06.10 Q91zS-jzTOG99oLbWW1_zg 1 1 16 0 134.8kb 134.8kb
yellow open security-auditlog-2022.06.11 jV4a2zGMSpqvcW9n28MOdg 1 1 18 0 143kb 143kb
yellow open security-auditlog-2022.06.12 3nNWI5aMTJi3OjLFLCPGDA 1 1 22 0 72.9kb 72.9kb
yellow open security-auditlog-2022.06.13 U9u59hmJQSm4c1wc3d4bVg 1 1 10 0 191.9kb 191.9kb
yellow open security-auditlog-2022.06.14 DxH0SqDJQ32zh5DKvKpzLQ 1 1 20 0 182.5kb 182.5kb
yellow open security-auditlog-2022.06.15 8bG4JqGoRReWCrfyxaZlTA 1 1 15 0 133.3kb 133.3kb
yellow open security-auditlog-2022.06.16 RWbczVTfRDeI5zvD5Er1pA 1 1 13 0 76.9kb 76.9kb
green open wazuh-statistics-2022.10w oOzL7afMQji9cW2RhpA7tA 2 0 2000 0 713.4kb 713.4kb
yellow open security-auditlog-2022.06.17 x4mdZzeeRzSPRFaVugBzmw 1 1 11 0 176kb 176kb
yellow open security-auditlog-2022.06.18 2swLmTWvR5OyOHgh-1EhfQ 1 1 14 0 96.8kb 96.8kb
yellow open security-auditlog-2022.06.19 u03Q0jtST2qB3FfXhEELng 1 1 15 0 118.3kb 118.3kb
green open wazuh-statistics-2022.22w 1Gkl0M0LS5GYBClVmRwuIw 1 0 4027 0 1mb 1mb
green open wazuh-alerts-4.x-2022.02.20 J4JiRjuiTzOtMUP_7bAhCg 3 0 742 0 555kb 555kb
green open wazuh-alerts-4.x-2022.02.22 FW8-tW9KSSunSMObqVQitA 3 0 24 0 323.3kb 323.3kb
green open wazuh-alerts-4.x-2022.02.21 eqIy754RRi-W1Zx88cwQ4g 3 0 516 0 642.4kb 642.4kb
green open wazuh-alerts-4.x-2022.02.24 l0UfsgjmTYqDX0gBLWBMqw 3 0 284 0 549.8kb 549.8kb
green open wazuh-alerts-4.x-2022.02.23 V-PNBiM4SoiBYNKJdqg_Aw 3 0 32 0 445.8kb 445.8kb
green open wazuh-alerts-4.x-2022.02.26 1uT9wwqYTmm29lxoi3LUlQ 3 0 58 0 295.4kb 295.4kb
green open wazuh-alerts-4.x-2022.02.25 F6wV_7AKR7GqBvbwPlBZ-Q 3 0 661 0 662.6kb 662.6kb
green open .opendistro-reports-definitions 8Pm7R-bzQVmoZFKJa4juaw 1 0 0 0 208b 208b
green open wazuh-alerts-4.x-2022.02.28 UeaJVi_1RJOHf1RQTyvzvQ 3 0 369 0 709.9kb 709.9kb
green open wazuh-alerts-4.x-2022.02.27 s31z6ETmSHaSjfk0ZEikjA 3 0 131 0 513.9kb 513.9kb
yellow open security-auditlog-2022.04.20 pkjNLvbdSeCFY7Jpy4hC2w 1 1 15 0 114.8kb 114.8kb
yellow open security-auditlog-2022.04.21 -OI_5gNiQpCkZfJOf_AKuQ 1 1 9 0 167.2kb 167.2kb
yellow open security-auditlog-2022.04.22 NtUdoWUSSDO7Yb6T2al_-A 1 1 10 0 174.1kb 174.1kb
yellow open security-auditlog-2022.04.23 _0SBUKX5TBGwFrXqUw4PdQ 1 1 7 0 120kb 120kb
green open wazuh-statistics-2022.8w MPBG2DP7RJCTvkt_j7nhag 2 0 4032 0 1.1mb 1.1mb
yellow open security-auditlog-2022.04.24 9Hv14WmhTh6fKhR92bLaUA 1 1 15 0 117.2kb 117.2kb
yellow open security-auditlog-2022.04.25 naV9bsCXTS-FOoSIq9xJew 1 1 13 0 75.6kb 75.6kb
yellow open security-auditlog-2022.04.26 OQ-bMeiETGm6PHQZfJqwmg 1 1 17 0 175.4kb 175.4kb
yellow open security-auditlog-2022.04.27 of-LKgV5QI2_u8DONFQsqw 1 1 8 0 153.4kb 153.4kb
yellow open security-auditlog-2022.04.28 nHX_-Wh5SrmLhkExgtq5lw 1 1 21 0 71.8kb 71.8kb
yellow open security-auditlog-2022.04.29 3wMlUQ0hTK24S2kqSe6raw 1 1 15 0 116.3kb 116.3kb
green open wazuh-statistics-2022.11w qn5ApYKuR7CPX60itLmmBg 2 0 3670 0 984.5kb 984.5kb
green open wazuh-statistics-2022.23w Or0aO8BjR2qSbA6Q4UDTwg 1 0 4021 0 917.7kb 917.7kb
green open wazuh-alerts-4.x-2022.03.01 ER2at1KqQgin2KTmvnh_Sg 3 0 25 0 390.4kb 390.4kb
green open wazuh-alerts-4.x-2022.03.03 mHDCt5rfQG6Mh33SY8DFcg 3 0 317 0 796.7kb 796.7kb
green open wazuh-alerts-4.x-2022.03.02 15S--mecSca5hE2YFTDpdA 3 0 1113 0 1.3mb 1.3mb
green open wazuh-alerts-4.x-2022.03.05 jtPwm_kSRM6tiJbXV-iRTg 3 0 310 0 709kb 709kb
green open wazuh-alerts-4.x-2022.03.04 ybm-OfOGSm2fCUtYBItN7g 3 0 137 0 411.2kb 411.2kb
green open wazuh-alerts-4.x-2022.03.07 0djYpbn-QlqgefdjHjHMLg 3 0 904 0 1.1mb 1.1mb
green open wazuh-alerts-4.x-2022.03.06 nj5dJNurSWC_VeKtpBe0JQ 3 0 992 0 593.7kb 593.7kb
green open wazuh-alerts-4.x-2022.03.09 33XZ3F_wRe-LfkstP0cn3w 3 0 20 0 325.3kb 325.3kb
green open wazuh-alerts-4.x-2022.03.08 mroUp98MSiOMvZoldgVlGw 3 0 152 0 595.1kb 595.1kb
yellow open security-auditlog-2022.04.10 pO1GkMJoSTWNpzafXcz_TA 1 1 30 0 185kb 185kb
yellow open security-auditlog-2022.04.11 PP-Eo0pdTByUjE9y7O6QvQ 1 1 6 0 113.4kb 113.4kb
yellow open security-auditlog-2022.04.12 Q_AeggCIS8qHovGNNgQYkw 1 1 11 0 55.1kb 55.1kb
yellow open security-auditlog-2022.04.13 Mmxdnp8KS_2UGEhUdLjqQw 1 1 8 0 152.1kb 152.1kb
green open wazuh-statistics-2022.9w Nma2Y9ngQj2xNG9FUSjyQw 2 0 4026 0 1mb 1mb
yellow open security-auditlog-2022.04.14 SJxySap8Ri-OKQIL3ZzmsA 1 1 21 0 181.6kb 181.6kb
yellow open security-auditlog-2022.04.15 dEOqvrhdT_mZnNbARp6xww 1 1 10 0 191.6kb 191.6kb
yellow open security-auditlog-2022.04.16 XgGuVs4eRyGIRN83zqPo8Q 1 1 17 0 138.3kb 138.3kb
yellow open security-auditlog-2022.04.17 Kne3wl_CT8yEQ47F6KGT1g 1 1 21 0 72.9kb 72.9kb
green open wazuh-statistics-2022.24w Glha98uSRaS9SgK4yXzS4A 1 0 4000 0 1mb 1mb
yellow open security-auditlog-2022.04.18 iybnf9SaS7WRONCXa1bLEw 1 1 23 0 92.6kb 92.6kb
yellow open security-auditlog-2022.04.19 j3ZGzc9-T5m3PbIYW2SUoQ 1 1 15 0 121.8kb 121.8kb
green open wazuh-statistics-2022.12w lZxIEefCS9OqT6FMu4UigA 2 0 3996 0 1mb 1mb
green open wazuh-alerts-4.x-2022.02.02 fZhc1pRmQ3yDPQPqmMDSOw 3 0 181 0 556.1kb 556.1kb
green open wazuh-alerts-4.x-2022.02.01 Bqmqk5ypSK6zILrteGVoqw 3 0 1951 0 2.8mb 2.8mb
green open wazuh-alerts-4.x-2022.02.04 FRy1kmHzRFeLZVpSXNXLow 3 0 530 0 754.4kb 754.4kb
green open wazuh-alerts-4.x-2022.02.03 3DvXOCrMQ8aorv6L1d5SrA 3 0 355 0 655.5kb 655.5kb
green open wazuh-alerts-4.x-2022.02.06 xu-Y6q4vR7Gpol2CpgQhkw 3 0 1217 0 667.7kb 667.7kb
green open wazuh-alerts-4.x-2022.02.05 5EH7rKRYTE6zm2exRZD_8g 3 0 69 0 273.1kb 273.1kb
green open wazuh-alerts-4.x-2022.02.08 UeSZf4-xR_O0AgMd5Qw21w 3 0 91 0 437.7kb 437.7kb
green open wazuh-alerts-4.x-2022.02.07 vyLzkcRlR--ZITuUawt3lA 3 0 1665 0 908.8kb 908.8kb
yellow open security-auditlog-2022.05.10 fxGs0L1qRWeEx98-B7td6Q 1 1 16 0 156.1kb 156.1kb
yellow open security-auditlog-2022.05.11 liaagNZjSZOo6j39rb8jCg 1 1 11 0 193kb 193kb
yellow open security-auditlog-2022.05.12 zLSFmzd5QR2FxiD-k5Zvig 1 1 16 0 134.3kb 134.3kb
yellow open security-auditlog-2022.05.13 zqdYhmicQmCsv_OTCzmXXQ 1 1 42 0 78.5kb 78.5kb
yellow open security-auditlog-2022.05.14 e38Qy16aSMuF4F2U4PIc9g 1 1 10 0 192.2kb 192.2kb
yellow open security-auditlog-2022.05.15 FzKzQROfS2egREXFbG_C6A 1 1 17 0 155.2kb 155.2kb
yellow open security-auditlog-2022.05.16 qAT-aosoTLSV4wScE6N__g 1 1 8 0 152kb 152kb
yellow open security-auditlog-2022.05.17 qa8W2MhhQhCD5B7yR7RApA 1 1 9 0 170.8kb 170.8kb
yellow open security-auditlog-2022.05.18 nyhWEpdYR9i9Hjzk69iiBQ 1 1 11 0 55.4kb 55.4kb
green open wazuh-statistics-2022.13w YbZZub_LQ96kIJhSucofLQ 2 0 3535 0 967.7kb 967.7kb
yellow open security-auditlog-2022.05.19 l7TieaSxRLWQ__I0Csxf6A 1 1 12 0 73.7kb 73.7kb
green open wazuh-statistics-2022.25w O3CojyywSw-cUV-usGcepg 1 0 4029 0 965.3kb 965.3kb
green open wazuh-alerts-4.x-2022.02.11 XsPj5dU3TRC6K9EatLwmfA 3 0 26 0 387.8kb 387.8kb
green open wazuh-alerts-4.x-2022.02.10 bGDH6Vg6QpK-Zoq_UKy8yQ 3 0 150 0 617.9kb 617.9kb
green open wazuh-alerts-4.x-2022.02.13 beNIEbUrSBmw9qqx8D9Fww 3 0 592 0 482.9kb 482.9kb
green open wazuh-alerts-4.x-2022.02.12 w47LUKr3RmiqcFaGKMJ-7g 3 0 101 0 470.1kb 470.1kb
green open wazuh-alerts-4.x-2022.02.15 6_T51NHXRVqdZfO6-cu_UQ 3 0 98 0 473.5kb 473.5kb
green open wazuh-alerts-4.x-2022.02.14 FW4jve2yTtetRFIUjsqSVQ 3 0 171 0 497.8kb 497.8kb
green open wazuh-alerts-4.x-2022.02.17 yn3tczgPSsad99Tb8v_eyg 3 0 27 0 386.8kb 386.8kb
green open wazuh-alerts-4.x-2022.02.16 _LMldo-NSW6HwbhjwVIi5w 3 0 101 0 346.1kb 346.1kb
green open .kibana_1 Ub8bPdVSTaWpUp4EHjooGQ 1 0 78 9 42kb 42kb
green open wazuh-alerts-4.x-2022.02.19 79KilR_kRFmUVLPe6wrIOA 3 0 139 0 610.6kb 610.6kb
yellow open security-auditlog-2022.04.30 fWKtzFk5TT6LMohYKjfpwA 1 1 10 0 173.8kb 173.8kb
green open wazuh-alerts-4.x-2022.02.18 uJsZcwtITNO-rURmvd70Xw 3 0 26 0 399.4kb 399.4kb
green open wazuh-alerts-4.x-2022.02.09 HK5t17xxRoyOtLI-VyhZfA 3 0 608 0 535.3kb 535.3kb
yellow open security-auditlog-2022.05.01 vQrDVF3fQLuZgvbHjVS-MQ 1 1 14 0 75.8kb 75.8kb
yellow open security-auditlog-2022.05.02 aqnM79GoQgSszgxibcuY-A 1 1 28 0 186.6kb 186.6kb
yellow open security-auditlog-2022.05.03 On3IyInGT0-aljwfOtzFOw 1 1 6 0 112.6kb 112.6kb
yellow open security-auditlog-2022.05.04 DXefNdVRQ-W9aEucPPtVRg 1 1 12 0 73.2kb 73.2kb
yellow open security-auditlog-2022.05.05 7Rixn3l5Q5SZgZyC0HWLFw 1 1 12 0 74.7kb 74.7kb
yellow open security-auditlog-2022.05.06 1riHGM-WR4yci9xRwZXMtA 1 1 14 0 95.8kb 95.8kb
yellow open security-auditlog-2022.05.07 x7Q8uAyjQGSLTrTJTYOOUA 1 1 13 0 57.7kb 57.7kb
yellow open security-auditlog-2022.05.08 vCB3ASWBR5iBxNlve-OlYw 1 1 14 0 76.7kb 76.7kb
yellow open security-auditlog-2022.05.09 h8IY25D2S0aRFbai3FGhPQ 1 1 16 0 136.2kb 136.2kb
green open wazuh-statistics-2022.14w XQwpSIDyQiKqGx16FnPG0A 2 0 4014 0 803.9kb 803.9kb
green open wazuh-statistics-2022.26w 8cKDmaq6QEOvDQLQSqj8ig 1 0 4023 0 947.9kb 947.9kb
green open .opendistro_security 8AjU-jFEQ920tSdTiNDPNA 1 0 9 8 76.9kb 76.9kb
green open wazuh-monitoring-2022.19w EiVwiHNASymRZzN5bhV1_g 1 0 8139 0 1.1mb 1.1mb
green open wazuh-monitoring-2022.6w fziO4N-tSbuYhFuj6a5LMg 1 0 5352 0 645.2kb 645.2kb
green open wazuh-monitoring-2022.18w qFHkciGQT9uu07rYap6u4A 1 0 7267 0 935kb 935kb
yellow open security-auditlog-2022.08.12 yfCyDAnHQPS_uJIZnKMl5g 1 1 9 0 176.5kb 176.5kb
green open wazuh-monitoring-2022.5w fqLuw8g9TGuoxqLcbdiY8Q 1 0 4252 0 674.4kb 674.4kb
green open wazuh-monitoring-2022.17w qsYPukT7SbyMsuoKWUHLUA 1 0 5216 0 670kb 670kb
green open wazuh-monitoring-2022.29w 3Fo-MOGuTzS9_0QnL2nUdw 1 0 7411 0 989.4kb 989.4kb
green open wazuh-monitoring-2022.28w 63uQm8bPST6w0EF7znrUBA 1 0 7705 0 1mb 1mb
green open wazuh-monitoring-2022.16w oEiRHITwQpa6yPDdY7CmhQ 1 0 5345 0 633.8kb 633.8kb
green open wazuh-monitoring-2022.27w Z1xjDNJ2Tcy5ANDbwU6Mcg 1 0 7425 0 1018.6kb 1018.6kb
green open wazuh-monitoring-2022.15w nJwCqMiMR4i2eB7y3BUdRg 1 0 5368 0 744.4kb 744.4kb
yellow open security-auditlog-2022.07.10 phPt4Du3TNm9-jGBVYi-RQ 1 1 20 0 195.7kb 195.7kb
yellow open security-auditlog-2022.07.12 HmS4eSy7TbmMByGDApo-UQ 1 1 18 0 156.9kb 156.9kb
yellow open security-auditlog-2022.07.11 0v6BhYDyQHyD0xnyOvMlCQ 1 1 15 0 96.2kb 96.2kb
yellow open security-auditlog-2022.07.14 418EX7t3QOW0G5JWIV1Olg 1 1 15 0 116.8kb 116.8kb
yellow open security-auditlog-2022.07.13 cwbptHEeRXaNkxxwAq365A 1 1 17 0 124.4kb 124.4kb
yellow open security-auditlog-2022.07.16 XAltuHFoRaWuVXsfbEUUOg 1 1 10 0 190.8kb 190.8kb
yellow open security-auditlog-2022.07.15 Sy9Bge2cRbmt6ORg2bkMAQ 1 1 15 0 134.6kb 134.6kb
yellow open security-auditlog-2022.07.18 -UBWeHx5Q-2tQ_iYXPdnqg 1 1 19 0 194.6kb 194.6kb
yellow open security-auditlog-2022.07.17 kaxrgnS4S0SR1aapCf4pIw 1 1 14 0 111kb 111kb
yellow open security-auditlog-2022.07.19 Cc_JfY3CSTGp8KI5_7O27A 1 1 16 0 135.1kb 135.1kb
green open wazuh-monitoring-2022.26w X8AviLZmQsqT8Kg-6o1l1w 1 0 7370 0 944.6kb 944.6kb
green open wazuh-monitoring-2022.14w 7-AWWlsGRGSjgIcgKA5NjQ 1 0 5360 0 642.2kb 642.2kb
yellow open security-auditlog-2022.06.30 ozSZDvr3SvCqyldCd0udQw 1 1 12 0 57.4kb 57.4kb
yellow open security-auditlog-2022.07.01 2kxVUvqUQr2BB0xCi3mDVQ 1 1 16 0 137.5kb 137.5kb
yellow open security-auditlog-2022.07.03 7m4e06P-QkGwUAM6HM37gw 1 1 30 0 177.6kb 177.6kb
yellow open security-auditlog-2022.07.02 uvy2b_jLSnC2q_rWBz4f6Q 1 1 16 0 151.6kb 151.6kb
yellow open security-auditlog-2022.07.05 e_Zgj9ZASRqAPW442QXRoQ 1 1 15 0 133.3kb 133.3kb
yellow open security-auditlog-2022.07.04 1Gku15xsQaKH5y2lZfUSvQ 1 1 19 0 159.2kb 159.2kb
green open wazuh-monitoring-2022.13w Wbpz8QD-SMiYRoujEHzq1A 1 0 4720 0 628kb 628kb
yellow open security-auditlog-2022.07.07 MkeqbpNCTt-v6PR_5Y_yPQ 1 1 15 0 116.2kb 116.2kb
yellow open security-auditlog-2022.07.06 aNn_MNfQTQiHMmseEnjL8g 1 1 10 0 191.1kb 191.1kb
yellow open security-auditlog-2022.07.09 UXRiw2IeSOq57c4E6ksqWg 1 1 18 0 192.4kb 192.4kb
yellow open security-auditlog-2022.07.08 gxHZexytTwuFc6PxRmO-5A 1 1 14 0 96.9kb 96.9kb
yellow open security-auditlog-2022.07.30 TwY4XJNVSsKqovzzMEuzsw 1 1 5 0 75.4kb 75.4kb
green open wazuh-monitoring-2022.25w azh7usCtQk2P36V1DkOyjQ 1 0 7381 0 951.6kb 951.6kb
yellow open security-auditlog-2022.07.31 7KdLerGTStuzPsrlUwqg2A 1 1 15 0 77.8kb 77.8kb
yellow open security-auditlog-2022.08.02 Ynbi2ZN0TOmWum7WUmJiqA 1 1 14 0 77.5kb 77.5kb
yellow open security-auditlog-2022.08.01 rJVa_Ex9SWi0f_AWzzg62Q 1 1 13 0 57.1kb 57.1kb
yellow open security-auditlog-2022.08.04 mUhHjzY8RL28F7zAMK2x4w 1 1 10 0 158.9kb 158.9kb
yellow open security-auditlog-2022.08.03 XWpc-7eNQnqAQ3uyJtFbmA 1 1 15 0 96.9kb 96.9kb
yellow open security-auditlog-2022.08.05 jLQ61Hl8SGKP_lE8q2hViA 1 1 15 0 107.3kb 107.3kb
green open wazuh-monitoring-2022.24w q7r7Xsu7SBOf_e1CLLTzoA 1 0 7337 0 1mb 1mb
green open wazuh-monitoring-2022.12w DMulFwL3SC2KebB43oUcRQ 1 0 5344 0 630.9kb 630.9kb
yellow open security-auditlog-2022.07.21 EmbYfkxkS0OUAyF8Kx4cxA 1 1 23 0 81kb 81kb
yellow open security-auditlog-2022.07.20 QZrnBy3wRgWC0B-LCMN7FA 1 1 12 0 74.7kb 74.7kb
yellow open security-auditlog-2022.07.23 _KOlSv6MR_CSZjCUIHQP8w 1 1 11 0 53.8kb 53.8kb
yellow open security-auditlog-2022.07.22 33NaJEQ6Q4qFBA2onLeE6A 1 1 13 0 94.5kb 94.5kb
yellow open security-auditlog-2022.07.25 lU-4tcaQShOH8XgMJdW1wA 1 1 16 0 117.4kb 117.4kb
yellow open security-auditlog-2022.07.24 Ql5wj6fMRLOho-f_sBdz2w 1 1 14 0 95.3kb 95.3kb
yellow open security-auditlog-2022.07.27 kKCm5MwHRKWmW__z32-GXQ 1 1 16 0 135.9kb 135.9kb
yellow open security-auditlog-2022.07.26 kn_SYbnTQnKNwoereWSM6A 1 1 32 0 188.1kb 188.1kb
yellow open security-auditlog-2022.07.29 EUtiwQrTSnS1Teov6esCfg 1 1 64 0 187.2kb 187.2kb
green open wazuh-monitoring-2022.23w LqapYYrCSyGfKLaFjmoSfw 1 0 7326 0 1mb 1mb
yellow open security-auditlog-2022.07.28 TVsIk29RQuG_jtLKHmpMAQ 1 1 19 0 165.7kb 165.7kb
green open wazuh-monitoring-2022.11w 46nMhio_TcmV95L2zO4XXw 1 0 4920 0 616kb 616kb
green open wazuh-statistics-2022.30w 7dZIh7krRZS84327GbGLwQ 1 0 4022 0 1010.2kb 1010.2kb
green open wazuh-alerts-4.x-2022.06.21 E2dunUItStaTTW014GSurw 3 0 1866 0 1mb 1mb
green open wazuh-alerts-4.x-2022.06.22 f33QgCHUQWaNjZn7vViieg 3 0 1391 0 841.9kb 841.9kb
green open wazuh-alerts-4.x-2022.06.20 ni6N5mKVRgyFUxMwhbBnPA 3 0 1375 0 920.3kb 920.3kb
green open wazuh-alerts-4.x-2022.06.25 5xyOmzUmSYKS4b5J0M1ROQ 3 0 1238 0 677.1kb 677.1kb
green open wazuh-alerts-4.x-2022.06.26 EqQ3OE8zQvevKWNm7HJAcA 3 0 1321 0 873kb 873kb
green open wazuh-alerts-4.x-2022.06.23 hQDwGCpUTUmbI1dLg8Li2g 3 0 1779 0 1.1mb 1.1mb
green open wazuh-alerts-4.x-2022.06.24 0lb83_bYTl6mYnuUQ9U4uA 3 0 1568 0 1mb 1mb
green open wazuh-alerts-4.x-2022.06.29 ZM_uCA-7SdKOeJZk6EAWUw 3 0 1516 0 1.1mb 1.1mb
green open wazuh-alerts-4.x-2022.06.27 Uhq85LWtRwGF3uD_YFLttg 3 0 3285 0 1.4mb 1.4mb
green open wazuh-alerts-4.x-2022.06.28 P_1dEAa7RSy19idRYNoesg 3 0 1659 0 1.1mb 1.1mb
green open wazuh-monitoring-2022.22w NIoF2gJmRAus0MFzHwps4Q 1 0 7381 0 989kb 989kb
green open wazuh-monitoring-2022.10w SJZJuENOT22Xm4JwCRv7rg 1 0 2656 0 469.1kb 469.1kb
green open wazuh-alerts-4.x-2022.07.01 Y2ewVzDPRwixBt1-TFhTdQ 3 0 1526 0 1mb 1mb
green open wazuh-alerts-4.x-2022.06.30 h92dc9YcSVaq5nxULkZ6jg 3 0 1577 0 1.2mb 1.2mb
green open wazuh-alerts-4.x-2022.07.05 JyVc-IJgSO6o69FF6PK-wA 3 0 2431 0 1.3mb 1.3mb
green open wazuh-alerts-4.x-2022.07.04 5TtGP0z4QReZE0UXWRcw_g 3 0 3064 0 2.1mb 2.1mb
green open wazuh-alerts-4.x-2022.07.03 FsqZFilxTm2fs_oT_Zu7BA 3 0 1707 0 1.3mb 1.3mb
green open wazuh-alerts-4.x-2022.07.02 zHcnx92FQa-UNMdt2kuW5Q 3 0 2004 0 1.1mb 1.1mb
green open wazuh-alerts-4.x-2022.07.09 GPpbrdbDQjmyZkk-_sIWhg 3 0 1804 0 1mb 1mb
green open wazuh-alerts-4.x-2022.07.08 iuRVRm2iQw-Wx5EK6shmHA 3 0 1889 0 1.2mb 1.2mb
green open wazuh-alerts-4.x-2022.07.07 X2viLLT6T0Gl-56viWVz8g 3 0 1816 0 860.5kb 860.5kb
green open wazuh-alerts-4.x-2022.07.06 uCqJQ6SITAWdo3gt90h5gA 3 0 1785 0 928.1kb 928.1kb
green open wazuh-monitoring-2022.21w EXuB8UsrT76I2X1Lu2GWIg 1 0 7310 0 1013.6kb 1013.6kb
green open wazuh-alerts-4.x-2022.05.31 oDvy0NHSReOAuqXDrFDT7A 3 0 418 0 734.4kb 734.4kb
green open wazuh-alerts-4.x-2022.05.30 uMCjphmIQcuvMQWxCKlxRw 3 0 339 0 779.9kb 779.9kb
green open wazuh-alerts-4.x-2022.06.03 3dmoTknJTm-ld8WCf--FUA 3 0 3792 0 1.3mb 1.3mb
green open wazuh-alerts-4.x-2022.06.04 cxJ80uXRT0WVxUHdlhKMIw 3 0 813 0 951.3kb 951.3kb
green open wazuh-alerts-4.x-2022.06.01 tsP0vmGjRWSZxc7tABkmVA 3 0 577 0 887.2kb 887.2kb
green open wazuh-alerts-4.x-2022.06.02 G2tpY88bQO28Lbqw5l3DIg 3 0 1907 0 1.1mb 1.1mb
green open wazuh-alerts-4.x-2022.06.07 zLaUBJ9VTs2BhNWLeFl96Q 3 0 613 0 745.1kb 745.1kb
green open wazuh-alerts-4.x-2022.06.08 hREci11JRpSFSJpoMd2SZQ 3 0 716 0 818.7kb 818.7kb
green open wazuh-alerts-4.x-2022.06.05 5AvsosKjSMiLZwGRNS9rBw 3 0 767 0 696.1kb 696.1kb
green open wazuh-alerts-4.x-2022.06.06 EdZe_skxTqShjIXPVlBKjQ 3 0 2368 0 1.3mb 1.3mb
green open wazuh-alerts-4.x-2022.06.09 8r48nQVQTDKQGyLdjQFWMQ 3 0 1338 0 1.1mb 1.1mb
green open wazuh-monitoring-2022.20w nd-jHJOuThaedzAsqL4Pgg 1 0 9408 0 1.1mb 1.1mb
green open wazuh-monitoring-2022.32w wlVjQImNR6SxTkmP3Q_VBg 1 0 2618 0 428.7kb 428.7kb
green open wazuh-alerts-4.x-2022.06.10 xqI-Mp6lQkCxMLg69JW0yA 3 0 496 0 738.3kb 738.3kb
green open wazuh-alerts-4.x-2022.06.11 g4FVDtpvSWylmfQ4Kdd8mQ 3 0 683 0 578.9kb 578.9kb
green open wazuh-alerts-4.x-2022.06.14 zZrNtOUaRuWTPcnrm9Zxkw 3 0 1582 0 1013.7kb 1013.7kb
green open wazuh-alerts-4.x-2022.06.15 7Tn7rSxoRVSKep9i6M_Mog 3 0 1387 0 1mb 1mb
green open wazuh-alerts-4.x-2022.06.12 -iqv6HycQm6O-fG5sXUJFg 3 0 1632 0 1.3mb 1.3mb
green open wazuh-alerts-4.x-2022.06.13 CtaM96ysRhSq-aAPKcz2yg 3 0 1971 0 1.1mb 1.1mb
green open wazuh-alerts-4.x-2022.06.18 BM0ecR3JTtCSsVtJLSzX5w 3 0 1769 0 1mb 1mb
green open wazuh-alerts-4.x-2022.06.19 K8ch5yRzRJ2rs04Dd_yHDg 3 0 3653 0 1.4mb 1.4mb
green open wazuh-alerts-4.x-2022.06.16 OejqlRTuTgCGQFAtVgba7g 3 0 1534 0 1mb 1mb
green open wazuh-alerts-4.x-2022.06.17 lxwfuMMNQhWPJ7GS1_7_0A 3 0 1465 0 1.1mb 1.1mb
green open wazuh-monitoring-2022.31w Pumzw9B-TAiWpa7EWb6X2A 1 0 4900 0 672.5kb 672.5kb
green open wazuh-alerts-4.x-2022.08.02 oHOL8P9JSaiBVPG2phX6xA 3 0 708 0 833.4kb 833.4kb
green open wazuh-alerts-4.x-2022.08.01 3P0oBoazQgiRDbvdtv0pmw 3 0 411 0 625.6kb 625.6kb
green open wazuh-alerts-4.x-2022.07.31 UnXDJtY2R1KRdfBpB8nH7w 3 0 381 0 591.5kb 591.5kb
green open wazuh-alerts-4.x-2022.08.05 01BJPHIWTdayHplO4ZRbGQ 3 0 1139 0 1006kb 1006kb
green open wazuh-alerts-4.x-2022.08.04 9GIxoaVDSCKGBuwL2updXA 3 0 677 0 905.9kb 905.9kb
green open wazuh-alerts-4.x-2022.08.03 NNWXzaRxRNSlwq32wy_5xw 3 0 371 0 540.6kb 540.6kb
green open wazuh-monitoring-2022.30w fb1dKqckT3yxcX5K9axDcQ 1 0 6871 0 991.5kb 991.5kb
green open wazuh-alerts-4.x-2022.07.30 CN96VFWlT3ecAuJlYkDDQg 3 0 66 0 315.3kb 315.3kb
green open wazuh-alerts-4.x-2022.08.12 WE4MludzQvCprVcTB1EcGw 3 0 243 0 969.3kb 969.3kb
green open wazuh-monitoring-2022.9w 3tS0mfUqQC28wefU1EgEZw 1 0 5376 0 714kb 714kb
green open wazuh-alerts-4.x-2022.07.12 BOmmUMhKQW2TZurOENOqQQ 3 0 6425 0 2.9mb 2.9mb
green open wazuh-alerts-4.x-2022.07.11 O8BxztVsTMqLJgHJVWCjtw 3 0 2539 0 1.4mb 1.4mb
green open wazuh-alerts-4.x-2022.07.10 v7JuU_LpQV27AmAj-Trs0A 3 0 1866 0 938.2kb 938.2kb
green open wazuh-alerts-4.x-2022.07.16 VHjKyL2-SlmSgcsGOlpUow 3 0 1254 0 714.2kb 714.2kb
green open wazuh-alerts-4.x-2022.07.15 N38JK43AQIyHykJruXptRQ 3 0 1635 0 1.1mb 1.1mb
green open wazuh-alerts-4.x-2022.07.14 7vPDV5p6TxyRInq_0RjJmg 3 0 1612 0 1mb 1mb
green open wazuh-alerts-4.x-2022.07.13 vkyRIG-iQnyMSUF8CUb0ig 3 0 4908 0 2.2mb 2.2mb
green open wazuh-alerts-4.x-2022.07.19 LgPOms44SNKtmocBrXOSgQ 3 0 2364 0 1.2mb 1.2mb
green open wazuh-alerts-4.x-2022.07.18 3qctgxzmRnmVF9x-4vz9CA 3 0 2076 0 1.4mb 1.4mb
green open wazuh-alerts-4.x-2022.07.17 uNxh9N7gQR-SrwbiUNwUKw 3 0 1335 0 861.5kb 861.5kb
green open wazuh-monitoring-2022.8w ECt9SP-5QaS5BWCFTLk7vA 1 0 5384 0 717.9kb 717.9kb
green open wazuh-alerts-4.x-2022.07.23 Kfe4j5U0Rvi3yHJwVqOqxg 3 0 1385 0 988.1kb 988.1kb
green open wazuh-alerts-4.x-2022.07.22 PzNXzhHCQkinNIi25A4WKg 3 0 1415 0 1mb 1mb
green open wazuh-alerts-4.x-2022.07.21 6AiiBX8FSFqvuliPOLk8Rg 3 0 2896 0 1.9mb 1.9mb
green open wazuh-alerts-4.x-2022.07.20 rNaEom5eSMiKrRwGINheTA 3 0 1551 0 929.2kb 929.2kb
green open wazuh-alerts-4.x-2022.07.27 bMk1D7aZTuOuNc3Gz5se9A 3 0 3318 0 1.4mb 1.4mb
green open wazuh-alerts-4.x-2022.07.26 jSz2MCHPTFaWyR58f0vuUw 3 0 1209 0 884.8kb 884.8kb
green open wazuh-alerts-4.x-2022.07.25 aLmBqvE_Ss6YnmhQPJ7iuQ 3 0 1378 0 953.6kb 953.6kb
green open wazuh-alerts-4.x-2022.07.24 lgEiZEuvSzCAUKM_tq17Fw 3 0 1584 0 1mb 1mb
green open wazuh-alerts-4.x-2022.07.29 s81uQHyKTnmcPit9hKO47A 3 0 104 0 523.9kb 523.9kb
green open wazuh-alerts-4.x-2022.07.28 9WBDT7CTQGuIOKia4Sw9HQ 3 0 618 0 728kb 728kb
green open wazuh-monitoring-2022.7w WFTat-WAQKWBqRe0YQFzng 1 0 5376 0 710.6kb 710.6kb
green open wazuh-alerts-4.x-2022.03.30 D738qDJlSoWzdOMCf0ssmg 3 0 268 0 635kb 635kb
yellow open security-auditlog-2022.03.09 I69Hl8DURmuPw5rBZIjtOw 1 1 6 0 100.5kb 100.5kb
green open wazuh-alerts-4.x-2022.03.31 Dd_BPtqQTaSRbx4cf1M0VQ 3 0 70 0 380.5kb 380.5kb
yellow open security-auditlog-2022.03.08 BzjwOOmiRqWiNQgHkO22VA 1 1 9 0 172kb 172kb
green open wazuh-alerts-4.x-2022.04.02 fzTwS5XcQCSsKoQjdZ8Fyg 3 0 51 0 487.6kb 487.6kb
yellow open security-auditlog-2022.03.07 3uWZape7TceJ8mQJGxY7jQ 1 1 16 0 137.3kb 137.3kb
yellow open security-auditlog-2022.03.06 1y_zN6YGS5aVabZHKGAPcQ 1 1 12 0 73.1kb 73.1kb
green open wazuh-alerts-4.x-2022.04.01 jRrFK9_8SCGWVgp1Tba3wQ 3 0 253 0 698.3kb 698.3kb
green open wazuh-alerts-4.x-2022.04.04 NQvdM2mpSN-dlRYZS_q-eQ 3 0 20 0 275.1kb 275.1kb
yellow open security-auditlog-2022.03.05 BbTmR3JfRPOV4ZbZyGSijA 1 1 9 0 171.8kb 171.8kb
yellow open security-auditlog-2022.03.04 6pkMeyKYTRuSqko_Ezk7qg 1 1 10 0 191.3kb 191.3kb
green open wazuh-alerts-4.x-2022.04.03 SUf5VYOmR2Sy9JGqPNR-7Q 3 0 3 0 62.4kb 62.4kb
green open wazuh-alerts-4.x-2022.04.06 nM-2uW_4Qce--22tWEbF6g 3 0 11 0 150.2kb 150.2kb
yellow open security-auditlog-2022.03.03 GpmRtHwBQZKPNFyDyO7A7A 1 1 7 0 114.2kb 114.2kb
green open wazuh-alerts-4.x-2022.04.05 RPuxCjFhS36li8j5DdtbFA 3 0 1 0 24.5kb 24.5kb
yellow open security-auditlog-2022.03.02 O-6pc6IvSk-refX0aq2JBw 1 1 13 0 94kb 94kb
yellow open security-auditlog-2022.03.01 1bjDzRDqSBGSKvHYop905w 1 1 7 0 133kb 133kb
green open wazuh-alerts-4.x-2022.04.07 NirH5G9QR8CRWFKCFTfGog 3 0 2 0 39kb 39kb
green open wazuh-alerts-4.x-2022.04.09 xSDLC7ynReGn_-dd_oyUCg 3 0 139 0 280.6kb 280.6kb
green open wazuh-statistics-2022.15w OB7szJ8_RCyoIPl0tkm_Ag 2 0 4028 0 1mb 1mb
green open wazuh-statistics-2022.27w qHtYuH0DQsayvxaJLnkbiQ 1 0 4025 0 1mb 1mb
green open wazuh-alerts-4.x-2022.04.11 7O2i3I6JSbeJqwpFHRMLDA 3 0 117 0 489.4kb 489.4kb
green open wazuh-alerts-4.x-2022.04.10 7auUaup5SuCo99__qK3JVw 3 0 337 0 387.7kb 387.7kb
yellow open security-auditlog-2022.03.19 9Q_35i6oRDqOVwY2gap-9g 1 1 9 0 173.4kb 173.4kb
yellow open security-auditlog-2022.03.18 v3aLgXQNTeaQgauKIUZoGQ 1 1 7 0 132.2kb 132.2kb
green open wazuh-alerts-4.x-2022.04.13 5N--R_NJSr-b_MCVoTl7Tg 3 0 267 0 691.4kb 691.4kb
yellow open security-auditlog-2022.03.17 aTDVCvwAS-qOKWRpj9kajw 1 1 12 0 74.2kb 74.2kb
green open wazuh-alerts-4.x-2022.04.12 nED2yeOhRAOBb2VV-9JUow 3 0 156 0 364.5kb 364.5kb
yellow open security-auditlog-2022.03.16 JqtB_OtdT--wbmzLdeCmNw 1 1 17 0 117.6kb 117.6kb
green open wazuh-alerts-4.x-2022.04.15 fX5cZdbuR6mU_wAg_r3zmg 3 0 38 0 360.8kb 360.8kb
yellow open security-auditlog-2022.03.15 MT_g1UD9TCSjMzXxeqzXiw 1 1 14 0 96.4kb 96.4kb
green open wazuh-alerts-4.x-2022.04.14 t1J3nrKDR_qXLOLQDy1KNg 3 0 69 0 329.9kb 329.9kb
green open wazuh-alerts-4.x-2022.04.17 NgJpKWM7Qe2xr95y2b-ufQ 3 0 231 0 477.5kb 477.5kb
yellow open security-auditlog-2022.03.14 lJV9sRlDQT6UwD8HK_xCGA 1 1 42 0 107.8kb 107.8kb
green open wazuh-alerts-4.x-2022.04.16 gjSUOnJuQbSSx3yIRXrJig 3 0 652 0 731.4kb 731.4kb
green open .kibana_112909699_wazuh_1 r-u3cP52TuSAWzfdCjdtFg 1 0 5 1 30.4kb 30.4kb
green open wazuh-alerts-4.x-2022.04.19 RyJEIricRVSppkre0HFvxg 3 0 214 0 585.4kb 585.4kb
green open wazuh-alerts-4.x-2022.04.18 Ubo_OC5ZRxGOt5ly_1O_aA 3 0 315 0 969.5kb 969.5kb
yellow open security-auditlog-2022.03.10 _CDY-6SrTE2PE3nHKpObSw 1 1 13 0 76.9kb 76.9kb
green open wazuh-statistics-2022.5w IyKAk9HVSWaKFqNJhUPq5A 2 0 3214 0 1005.2kb 1005.2kb
green open wazuh-statistics-2022.28w xLmBNXPdREe2ga1ncC9EIA 1 0 3899 0 1mb 1mb
green open wazuh-statistics-2022.16w HezG7lefQ0ecL_FyvTn6dw 2 0 4012 0 1mb 1mb
green open wazuh-alerts-4.x-2022.03.10 L5GHS06ATWOAry1uqnC1XA 3 0 309 0 459.3kb 459.3kb
yellow open security-auditlog-2022.03.29 OhnGbZG_TeaXdgOw_jBREA 1 1 14 0 112.7kb 112.7kb
green open wazuh-alerts-4.x-2022.03.12 Ox-6coafQFu-KDYQAegekQ 3 0 111 0 154.5kb 154.5kb
yellow open security-auditlog-2022.03.28 lOM_En0pTo-vNY1wVmwlZA 1 1 13 0 94.1kb 94.1kb
green open wazuh-alerts-4.x-2022.03.11 JIDY-42VR4-FairX6cTLHg 3 0 9 0 93.8kb 93.8kb
yellow open security-auditlog-2022.03.27 22yq4GjTTFGQYT0VXo93UA 1 1 13 0 75.7kb 75.7kb
green open wazuh-alerts-4.x-2022.03.14 Q7Osy4p0SCa36XJATPWmIw 3 0 53 0 360.8kb 360.8kb
yellow open security-auditlog-2022.03.26 A0-nNs2bSBiCaO81GhDnqA 1 1 11 0 194.4kb 194.4kb
green open wazuh-alerts-4.x-2022.03.13 _vm7P14QSwOX1WOJuZ5dew 3 0 303 0 298.6kb 298.6kb
yellow open security-auditlog-2022.03.25 Gp4XebNXRXKcpDO-DJDveg 1 1 10 0 162.5kb 162.5kb
green open wazuh-alerts-4.x-2022.03.16 QzD_j4qgQj6JwocK2AKLKw 3 0 40 0 389.9kb 389.9kb
green open wazuh-alerts-4.x-2022.03.15 PNaXkOtuRz2LxscvnG94ow 3 0 63 0 346.3kb 346.3kb
yellow open security-auditlog-2022.03.24 FRT6HkYbTou8dy7uHB11LA 1 1 13 0 76.3kb 76.3kb
yellow open security-auditlog-2022.03.23 Ilf318lgTRukfSwbrsKBRg 1 1 8 0 152.5kb 152.5kb
green open wazuh-alerts-4.x-2022.03.18 s3ynpD_rSmeoBKXmIlct8g 3 0 29 0 290.1kb 290.1kb
green open wazuh-statistics-2022.6w 3BSOwTCoQ9a8TTswqEc7vw 2 0 4022 0 1mb 1mb
yellow open security-auditlog-2022.03.22 bd9zGmhyQEig69lvYQRo_Q 1 1 9 0 172.9kb 172.9kb
green open wazuh-alerts-4.x-2022.03.17 hLmtgNfeRMWRBvzjlEl2ow 3 0 467 0 937.4kb 937.4kb
yellow open security-auditlog-2022.03.21 SptrO_HgT_2ayuLy8QTOGg 1 1 12 0 72.6kb 72.6kb
green open wazuh-alerts-4.x-2022.03.19 jaPep3ASRxmYNIZ19_-Gnw 3 0 139 0 545.8kb 545.8kb
yellow open security-auditlog-2022.03.20 p5NF7IMJQMu1Q8WN_CgK4Q 1 1 12 0 74.9kb 74.9kb
yellow open security-auditlog-2022.04.01 _qg1vMt1TxuK0B-pCf9KBQ 1 1 18 0 145.2kb 145.2kb
yellow open security-auditlog-2022.04.02 oBe_XwdlR1CXdHgj0miX-w 1 1 10 0 174kb 174kb
yellow open security-auditlog-2022.04.03 8EhWUOjKRyaY6laTFtApLg 1 1 8 0 135.1kb 135.1kb
yellow open security-auditlog-2022.04.04 Mypmi2weS42riky59TSojQ 1 1 5 0 93.3kb 93.3kb
yellow open security-auditlog-2022.04.05 JNVogjv8SiGGOSf-dmb21w 1 1 3 0 54.7kb 54.7kb
yellow open security-auditlog-2022.04.06 d--ffoFjRZG4E5HCtC0C0A 1 1 4 0 74.3kb 74.3kb
yellow open security-auditlog-2022.04.07 SqvMTXGGRCymrf1x34qXDw 1 1 3 0 52.8kb 52.8kb
yellow open security-auditlog-2022.04.09 acsxNJB_Rdycelo-8i7BVQ 1 1 7 0 133.2kb 133.2kb
green open wazuh-statistics-2022.17w 7-4N3zvyQECS9wPBxojyXA 2 0 3877 0 1mb 1mb
green open wazuh-statistics-2022.29w ILrqV-eBQP-jH3IL4Q3chg 1 0 4014 0 1mb 1mb
green open wazuh-statistics-2022.19w FMdUnJd1RGOuBJEPmj3jdw 2 0 4014 0 1.1mb 1.1mb
green open wazuh-alerts-4.x-2022.03.21 54n7XJfyQmqSRAci1gidbg 3 0 726 0 698.4kb 698.4kb
green open wazuh-alerts-4.x-2022.03.20 PxAbWqeSTeyG2cEA8eJ8Tg 3 0 265 0 388.3kb 388.3kb
green open wazuh-alerts-4.x-2022.03.23 1em597_AS9WjZ18qlg2uzg 3 0 15 0 207.4kb 207.4kb
green open wazuh-alerts-4.x-2022.03.22 gItTpuKSTdiR7YDpr8OU6w 3 0 465 0 630.7kb 630.7kb
green open wazuh-alerts-4.x-2022.03.25 kMS-Gzj5RMW5twDwPJAVAg 3 0 78 0 475.4kb 475.4kb
green open wazuh-alerts-4.x-2022.03.24 T8gL8VWARNOojGisJkQlig 3 0 634 0 717.6kb 717.6kb
green open wazuh-alerts-4.x-2022.03.27 Ff5i95QxSamsNwnmhWBz7g 3 0 268 0 324.5kb 324.5kb
green open wazuh-alerts-4.x-2022.03.26 cHU9yEh4RCOaUA45cGuHgQ 3 0 541 0 676.7kb 676.7kb
green open wazuh-alerts-4.x-2022.03.29 shOqhmVXQfmeBLZgK1J3Lw 3 0 883 0 806.7kb 806.7kb
green open wazuh-alerts-4.x-2022.03.28 gFWDrISrTPO_2zASQ6RWVw 3 0 42 0 380kb 380kb
green open wazuh-statistics-2022.7w IugImnNSQ1qFZw_cXu2lbw 2 0 4030 0 1mb 1mb
yellow open security-auditlog-2022.03.31 imHXof7zR_uxuLQim382Ag 1 1 13 0 76kb 76kb
yellow open security-auditlog-2022.03.30 rQVaGmr1Q0Ol9pO1TxS8pg 1 1 12 0 57.8kb 57.8kb
green open wazuh-statistics-2022.18w gCtox0gzSHa3gU96GvitOw 2 0 4026 0 1.1mb 1.1mb
green open wazuh-alerts-4.x-2022.05.10 iQWIoQltS4-lkZgviDdBVQ 3 0 4664 0 1.8mb 1.8mb
green open wazuh-alerts-4.x-2022.05.13 F7sCgoiKSem_0epH5CoY2g 3 0 5570 0 2.7mb 2.7mb
green open wazuh-alerts-4.x-2022.05.14 kXFSy-z5Scq6BJ0vvbFwtw 3 0 4270 0 1.5mb 1.5mb
green open wazuh-alerts-4.x-2022.05.11 s_8hXkTBRPWz5DYpQg236A 3 0 4573 0 1.6mb 1.6mb
green open wazuh-alerts-4.x-2022.05.12 HI_osM9lT6WkdOm59IkTAg 3 0 4507 0 1.6mb 1.6mb
green open wazuh-alerts-4.x-2022.05.17 F6LDLxTWR760t-fe7xf_KA 3 0 4250 0 1.2mb 1.2mb
green open wazuh-alerts-4.x-2022.05.18 rYHWRNH3SgW524u_IcGNdQ 3 0 4432 0 1.5mb 1.5mb
green open wazuh-alerts-4.x-2022.05.15 2-13epCVQvqE5bN96Avdhw 3 0 4524 0 1.5mb 1.5mb
green open wazuh-alerts-4.x-2022.05.16 56R6bd8ASP2815HVYSjFSQ 3 0 4374 0 1.4mb 1.4mb
green open wazuh-alerts-4.x-2022.05.19 0HZKNQx8QV2BIOhWQaDOAw 3 0 4980 0 1.9mb 1.9mb
green open wazuh-alerts-4.x-2022.05.20 3nSLzyDyRluNjY8Tp_xxcw 3 0 4639 0 1.7mb 1.7mb
green open wazuh-alerts-4.x-2022.05.21 fxqh4w3qSVmAy7NEqB-wfA 3 0 3251 0 1.1mb 1.1mb
yellow open security-auditlog-2022.02.09 i130tWc2STeoH0-vRaYMpg 1 1 18 0 156.3kb 156.3kb
yellow open security-auditlog-2022.02.08 S7o7XtAoQDaZF18TbSDsFg 1 1 10 0 192.7kb 192.7kb
green open wazuh-alerts-4.x-2022.05.24 RmLWbbQLRIqiPGIDMazsTw 3 0 1908 0 1mb 1mb
yellow open security-auditlog-2022.02.07 -8qcPjWGSQmFaLINUfGMMQ 1 1 16 0 148.5kb 148.5kb
green open wazuh-alerts-4.x-2022.05.25 FWHeyquJTDS3WtSxD7nDug 3 0 1243 0 987.8kb 987.8kb
yellow open security-auditlog-2022.02.06 aPlHTDtoQa66Xnv3KxiRzA 1 1 12 0 183.9kb 183.9kb
green open wazuh-alerts-4.x-2022.05.22 qqgoxQDrThSXvO5sXDYQfQ 3 0 4520 0 1.9mb 1.9mb
yellow open security-auditlog-2022.02.05 IAJx_96ISKufaEdciHEg3A 1 1 12 0 50.9kb 50.9kb
green open wazuh-alerts-4.x-2022.05.23 xHvzyqDkREOsrOWCjjLsSQ 3 0 2243 0 1.2mb 1.2mb
yellow open security-auditlog-2022.02.04 WklULXj_QJaAHdgY2s5Rsw 1 1 17 0 164.3kb 164.3kb
green open wazuh-alerts-4.x-2022.05.28 HNR13C1aRTKqGdG7s6SS2g 3 0 479 0 802.3kb 802.3kb
yellow open security-auditlog-2022.02.03 RNl2LKxGRiSNtJpCBAIOJA 1 1 18 0 142.8kb 142.8kb
green open wazuh-alerts-4.x-2022.05.29 MSHH5NBeSGG7HFHoFLiNOg 3 0 415 0 716.5kb 716.5kb
yellow open security-auditlog-2022.02.02 p-6sJyFkSZuRSIZiPs0dGQ 1 1 42 0 99.5kb 99.5kb
green open wazuh-alerts-4.x-2022.05.26 IDsRCuNnQmeWmmevXNxsoA 3 0 135 0 498.3kb 498.3kb
yellow open security-auditlog-2022.02.01 cv-GRkUwQs2IMTUihO4ESQ 1 1 82 0 221.2kb 221.2kb
green open wazuh-alerts-4.x-2022.05.27 Hfh62sUoQ1mPBZDkTI8HuQ 3 0 869 0 1.3mb 1.3mb
green open wazuh-alerts-4.x-2022.04.20 DKsF05S7QSio5EKl7UWcaQ 3 0 118 0 495.9kb 495.9kb
green open wazuh-alerts-4.x-2022.04.22 doBz6U92R-66JyETyduWhQ 3 0 377 0 733.1kb 733.1kb
yellow open security-auditlog-2022.02.19 gswNU28bShejdpHCgu6Ayw 1 1 12 0 55.4kb 55.4kb
green open wazuh-alerts-4.x-2022.04.21 EPqBPklPSuCRvgik6dO2Kg 3 0 166 0 350.3kb 350.3kb
yellow open security-auditlog-2022.02.18 6P2jny49RKOFxAhSeYBYFg 1 1 11 0 181.3kb 181.3kb
green open wazuh-alerts-4.x-2022.04.24 wvzghoFZRVSn3yAIqEM6BQ 3 0 253 0 457.7kb 457.7kb
yellow open security-auditlog-2022.02.17 -ACUoVv1QAaJDoHepP8G2Q 1 1 7 0 132.2kb 132.2kb
yellow open security-auditlog-2022.02.16 YO7lMIL1TkWgxD6Sl5H4Bw 1 1 10 0 174.1kb 174.1kb
green open wazuh-alerts-4.x-2022.04.23 D0jSI5fvT-WFbbpjOPwOKQ 3 0 139 0 484.4kb 484.4kb
yellow open security-auditlog-2022.02.15 kunuLHHATH--jj__QaDslA 1 1 10 0 175kb 175kb
green open wazuh-alerts-4.x-2022.04.26 Ywp_WEe_RbGS1IRpgQqGtQ 3 0 148 0 738.6kb 738.6kb
green open wazuh-alerts-4.x-2022.04.25 vnlukBKlQ--uLkpaK9pIRw 3 0 94 0 342.3kb 342.3kb
yellow open security-auditlog-2022.02.14 U1wzyvBnQxq-Md1T1JX5Zw 1 1 5 0 93.2kb 93.2kb
yellow open security-auditlog-2022.02.13 WEDnJew5TLGf0OIjxPdq7w 1 1 9 0 154.6kb 154.6kb
green open wazuh-alerts-4.x-2022.04.28 _cOFXNwVRCqjESQMefIA-A 3 0 5965 0 2.1mb 2.1mb
green open wazuh-alerts-4.x-2022.04.27 0cE2JiYjTbyijqvkWZ-zVA 3 0 218 0 835.3kb 835.3kb
yellow open security-auditlog-2022.02.12 cbAzfPVQTJWFxpyEs7n9GA 1 1 17 0 102.1kb 102.1kb
yellow open security-auditlog-2022.02.11 m62WBTa7SWCLuA5m8S5mFQ 1 1 7 0 132.2kb 132.2kb
green open wazuh-alerts-4.x-2022.04.29 RfytN2opRBqM-n8CUOLa0g 3 0 1119 0 983.7kb 983.7kb
yellow open security-auditlog-2022.02.10 moMzwdQaRjq9aFzbrz51uQ 1 1 11 0 53.7kb 53.7kb
green open wazuh-alerts-4.x-2022.04.30 oiRCP6l6S9-4AXSEKi4f4w 3 0 129 0 496.7kb 496.7kb
green open wazuh-alerts-4.x-2022.05.02 PYqQLbJHTt-cdlMxsKqnlA 3 0 733 0 1.7mb 1.7mb
green open wazuh-alerts-4.x-2022.05.03 pCUPlsNCQya1OaXbL3l0Qg 3 0 129 0 739.1kb 739.1kb
yellow open security-auditlog-2022.02.28 uCR2HP8YTw2a2PO58L1i7Q 1 1 9 0 153.8kb 153.8kb
yellow open security-auditlog-2022.02.27 CFt7julcTKCv4s1i0nuRJA 1 1 9 0 155.6kb 155.6kb
green open wazuh-alerts-4.x-2022.05.01 IOhDNeaYSZ2MIDQ42BCpNQ 3 0 123 0 366.8kb 366.8kb
yellow open security-auditlog-2022.02.26 Fp0eTkr3Ssa7SHZ3jS-hKw 1 1 9 0 154.6kb 154.6kb
green open wazuh-alerts-4.x-2022.05.06 Phtv70X-RZeHmz-Fv62paw 3 0 5398 0 4mb 4mb
yellow open security-auditlog-2022.02.25 kN7IJRY4TOWYOmi2tNfFfQ 1 1 18 0 175.9kb 175.9kb
green open wazuh-alerts-4.x-2022.05.07 3qh5eFvTSQy5Kcc25fqBoA 3 0 4361 0 1.6mb 1.6mb
green open wazuh-alerts-4.x-2022.05.04 336boXAITf2WWIJOns4EhQ 3 0 142 0 448.8kb 448.8kb
yellow open security-auditlog-2022.02.24 pfDQFtLJS7uBEYOeBomkpQ 1 1 11 0 193.2kb 193.2kb
green open wazuh-alerts-4.x-2022.05.05 kVTFHQbxQNecQgT4lSvJHw 3 0 1059 0 1.4mb 1.4mb
yellow open security-auditlog-2022.02.23 _D4UbmyfR-Wug82MSPndnA 1 1 11 0 55kb 55kb
yellow open security-auditlog-2022.02.22 XA_rbVT8SgOmOZ2nAaNQtQ 1 1 7 0 132.2kb 132.2kb
yellow open security-auditlog-2022.02.21 SIxH2XLrSwqbe8FaePvPvw 1 1 7 0 131.8kb 131.8kb
green open wazuh-alerts-4.x-2022.05.08 8Wu8wygBQRKuAN3yasGPoQ 3 0 4613 0 1.7mb 1.7mb
yellow open security-auditlog-2022.02.20 5EY3piAZSpiPWPuXXk-kcQ 1 1 9 0 154.5kb 154.5kb
green open wazuh-alerts-4.x-2022.05.09 Q9m14CqmQa-ccj6h5MmXpw 3 0 4870 0 1.9mb 1.9mb

GliderSnipping

unread,

Aug 28, 2022, 5:47:02 AM8/28/22

to Wazuh mailing list

Does anyone by any chance have an answer to my previous question?

GliderSnipping

unread,

Aug 31, 2022, 6:21:32 AM8/31/22

to Wazuh mailing list

So yeah, I have no idea what I'm doing, I just copied off of here:

https://groups.google.com/g/wazuh/c/7AA-HkJ3hDA/m/7uM4nVjtLQAJ

My goal is to have 30d hot, 90d warm, 1y total logs.

Shrink apparently doesn't work on 4.3 (4.3.7 in my case) so I did it manually, but before that I had to delete a few months using these commands in devtools:

# Closed 5/6/7

POST wazuh-alerts-4.x-2022.05.*/_close

# Deleted 5/6/7

DELETE wazuh-alerts-4.x-2022.05.*

Now some shell commands which I also have no idea what they do:

curl -k -u <USERNAME>:<PASSWORD> -XPUT "https://localhost:9200/wazuh-alerts-4.x-2022.07.*/_settings" -H 'Content-Type: application/json' -d'

{
"settings": {
"index.number_of_replicas": 0,
"index.blocks.write": true
}
}

'

for i in {00..31};
do
curl -k -u <USERNAME>:<PASSWORD> -X POST "https://localhost:9200/wazuh-alerts-4.x-2022.07.${i}/_shrink/wazuh-alerts-4.x-2022.07.${i}_shrunk?pretty" -H 'Content-Type: application/json' -d'

{
"settings": {
"index.number_of_replicas": 0,
"index.number_of_shards": 1,
"index.blocks.write": true
}
}

';
done

And the final policy (Settings Hamburger > Index Management > Create Policy):

{
"policy": {
"policy_id": "logs_retention",
"description": "Wazuh index state management for OpenDistro to move indices into a cold state after 3 months and delete them after a year.",
"last_updated_time": 1661940491734,
"schema_version": 1,
"error_notification": null,
"default_state": "hot",
"states": [
{
"name": "hot",
"actions": [
{
"replica_count": {
"number_of_replicas": 0
}
}
],
"transitions": [
{
"state_name": "warm",
"conditions": {
"min_index_age": "32d"
}
}
]
},
{
"name": "warm",
"actions": [],
"transitions": [
{
"state_name": "cold",
"conditions": {
"min_index_age": "92d"
}
}
]
},
{
"name": "cold",
"actions": [
{
"read_only": {}
}
],
"transitions": [
{
"state_name": "delete",
"conditions": {
"min_index_age": "366d"
}
}
]
},
{
"name": "delete",
"actions": [
{
"delete": {}
}
],
"transitions": []
}
],
"ism_template": {
"index_patterns": [
"wazuh-statistics*"
],
"priority": 100,
"last_updated_time": 1661940491734
}
}
}

GliderSnipping

unread,

Aug 31, 2022, 6:26:33 AM8/31/22

to Wazuh mailing list

Also updated the ism_template at the bottom:

...

"ism_template": {
"index_patterns": [
"wazuh-statistics*",
"wazuh-alerts*",
"wazuh-monitoring*"
],

...

Reply all

Reply to author

Forward