Kibana issue after update
323 views
Skip to first unread message
Sean Roe
Sep 12, 2017, 3:53:14 PM9/12/17
to Wazuh mailing list
Hi All
I just updated kibana/wazuh to the latest via rpm and when I start up Kibana service I get the following issue:
ui settings
I just updated kibana/wazuh to the latest via rpm and when I start up Kibana service I get the following issue:
ui settings
| Elasticsearch plugin is red | |||||||||||||
| plugin:kib...@5.6.0 | Ready | ||||||||||||
| plugin:elasti...@5.6.0 |
[illegal_argument_exception] mapper [hits] cannot be changed from type [long] to [integer] |
||||||||||||
|
Jose Luis Ruiz
Sep 12, 2017, 4:18:41 PM9/12/17
to Sean Roe, Wazuh mailing list
Hi Sean,
Here we have two issues,
1- We don’t have (yet) Wazuh-APP for Elastic 5.6, we are working in this update, so even if we fix this issue you won’t be able to run Wazuh-Kibana-APP in this version.
2- You can dow downgrade to Elastic 5.5.2 (Not only Kibana, need to downgrade Elasticsearch, Logstash and Kibana), in this version all should works nice.
Returning to point 1:
The index .kibana in versions < than 5.6 has different mapping that your actual version 5.6, you can fix that reindexing the .kibana index with the correct mappings.
You can found more information about how fix this issue in the following link (but remember we don’t have Wazuh-APP-Plugin for this version yet):
I hope it helps.
Thanks for your feedback as always Sean.
--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To post to this group, send email to wa...@googlegroups.com.
Visit this group at https://groups.google.com/group/wazuh.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/30cd41f6-62a2-4496-829b-937dff0d6e3b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Sean Roe
Sep 13, 2017, 11:54:10 AM9/13/17
to Wazuh mailing list
So I went ahead and downgraded the kibana, logstash, elasticsearch packages and I went ahead and deleted the wazuh plugin to reinstall it:
[root@mvsc1lx0071 ~]# /usr/share/kibana/bin/kibana-plugin remove wazuh
Removing wazuh...
[root@mvsc1lx0071 ~]# /usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp.zip
Found previous install attempt. Deleting...
Attempting to transfer from https://packages.wazuh.com/wazuhapp/wazuhapp.zip
Transferring 24560704 bytes....................
Transfer complete
Retrieving metadata from plugin archive
Extracting plugin archive
Extraction complete
Plugin installation was unsuccessful due to error "Incorrect Kibana version in plugin [wazuh]. Expected [5.5.3]; found [5.5.2]"
But when I examine the installed package I see:
[root@mvsc1lx0071 ~]# yum info kibana
Loaded plugins: langpacks, rhnplugin, ulninfo
This system is receiving updates from RHN Classic or Red Hat Satellite.
Installed Packages
Name : kibana
Arch : x86_64
Version : 5.5.3
Release : 1
Size : 191 M
Repo : installed
From repo : elastic-5.x
Summary : Explore and visualize your Elasticsearch data
URL : https://www.elastic.co
License : Apache 2.0
Description : Explore and visualize your Elasticsearch data
So I am a little confused. Any insight? Did I not attempt to install the correct plugin?
Sean
[root@mvsc1lx0071 ~]# /usr/share/kibana/bin/kibana-plugin remove wazuh
Removing wazuh...
[root@mvsc1lx0071 ~]# /usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp.zip
Found previous install attempt. Deleting...
Attempting to transfer from https://packages.wazuh.com/wazuhapp/wazuhapp.zip
Transferring 24560704 bytes....................
Transfer complete
Retrieving metadata from plugin archive
Extracting plugin archive
Extraction complete
Plugin installation was unsuccessful due to error "Incorrect Kibana version in plugin [wazuh]. Expected [5.5.3]; found [5.5.2]"
But when I examine the installed package I see:
[root@mvsc1lx0071 ~]# yum info kibana
Loaded plugins: langpacks, rhnplugin, ulninfo
This system is receiving updates from RHN Classic or Red Hat Satellite.
Installed Packages
Name : kibana
Arch : x86_64
Version : 5.5.3
Release : 1
Size : 191 M
Repo : installed
From repo : elastic-5.x
Summary : Explore and visualize your Elasticsearch data
URL : https://www.elastic.co
License : Apache 2.0
Description : Explore and visualize your Elasticsearch data
So I am a little confused. Any insight? Did I not attempt to install the correct plugin?
Sean
Jose Luis Ruiz
Sep 13, 2017, 12:06:05 PM9/13/17
to Sean Roe, Wazuh mailing list
Hi Sean,
Elastic 5.5.3 was released the same day that Elastic 5.6.0, we are working in this Wazuh-Kibana-Plugin for this version as well, this is why in the previous mail, i was talking about downgrade to a specific version 5.5.2. :)
Sean Roe
Sep 13, 2017, 3:11:12 PM9/13/17
to Jose Luis Ruiz, Wazuh mailing list
Well I downgraded one more stop to 5.5.2 and all is right in the stack. Thanks Jose.
SeanJose Luis Ruiz
Sep 13, 2017, 3:27:55 PM9/13/17
to Sean Roe, Wazuh mailing list
Nice, we will send a mail to our Wazuh community when both plugins (5.5.3 and 5.6.0) are available.
Jose Luis Ruiz
Sep 16, 2017, 10:24:49 AM9/16/17
to Sean Roe, Wazuh mailing list
Hi Sean,
The Wazuh APP is now compatible with 5.5.3 and 5.6.0 if you like to use it.
thanks!
Sean Roe
Sep 18, 2017, 11:35:35 AM9/18/17
to Jose Luis Ruiz, Wazuh mailing list
I upgraded to 5.6 and got the following error:
Jose Luis Ruiz
Sep 18, 2017, 11:36:31 AM9/18/17
to Sean Roe, Wazuh mailing list
Hi Sean,
The index .kibana in versions < than 5.6 has different mapping that your actual version 5.6, you can fix that reindexing the .kibana index with the correct mappings.
You can found more information about how fix this issue in the following link (but remember we don’t have Wazuh-APP-Plugin for this version yet):
I hope it helps.
Thanks for your feedback as always Sean.
Hi Sean,Here we have two issues,1- We don’t have (yet) Wazuh-APP for Elastic 5.6, we are working in this update, so even if we fix this issue you won’t be able to run Wazuh-Kibana-APP in this version.
2- You can dow downgrade to Elastic 5.5.2 (Not only Kibana, need to downgrade Elasticsearch, Logstash and Kibana), in this version all should works nice.
Sean Roe
Sep 18, 2017, 12:13:34 PM9/18/17
to Jose Luis Ruiz, Wazuh mailing list
Followed the link and it appears to have fixed the issue.
Thanks for your tireless efforts, Jose. You make this project go.Jose Luis Ruiz
Sep 18, 2017, 12:19:25 PM9/18/17
to Sean Roe, Wazuh mailing list
Thanks for your feedback, all Wazuh team appreciate your suggestions and feedbacks!.
Cheers!!!
Reply all
Reply to author
Forward
0 new messages