Wazuh dashboard has stopped receiving and displaying logs.

49 views

Skip to first unread message

LUAN BRAZ

unread,

Sep 8, 2025, 4:09:41 PM (11 days ago) Sep 8

to Wazuh | Mailing List

Hello, I have Wazuh version 4.9.2 installed on a single host according to the official documentation. I also have 28 agents installed of the same version on Linux and Windows. Everything was working normally for several months, but since the weekend, no logs have been displayed in the Wazuh dashboard (browser). When accessing the dashboard, no errors are displayed, and everything works normally. The status of the manager, indexer, and dashboard services are also active. There were no updates, shutdowns, configurations, or anything that caused the logs to stop displaying. I also verified that it's not a memory, disk, or CPU issue. Can anyone help me find the problem with the logs no longer being displayed on the dashboard? I verified that /var/ossec/logs/alerts/alerts.json records events being filled. Attached are logs that may help with diagnosis.

dashboard-logs-error.PNG

dashboard-homepage.PNG

cat filebeat grep -i -E error warn.PNG

filebeat.PNG

dashboard-status.PNG

dashboard-logs-warning.PNG

journalctl -u wazuh-dashboard grep -i -E error warn.PNG

Message has been deleted

Md. Nazmur Sakib

unread,

Sep 15, 2025, 8:52:24 AM (5 days ago) Sep 15

to Wazuh | Mailing List

Hi Luan,

Try restarting the Wazuh Indexer and Filebeat services with the following commands:

systemctl restart wazuh-indexer

systemctl restart filebeat

I will need some additional information to guide you on this.

After restarting, check if the issue is resolved. If you still don't see alerts for security events, please share the output of the following commands:

Share the output of the cluster health. On the web interface, go to

Indexer management > Dev Tools

And run this command.

GET _cluster/health

Also, share the logs from the following log files.

tail /var/ossec/logs/alerts/alerts.json

cat /var/log/wazuh-indexer/wazuh-cluster.log | grep -i -E "error|warn"

Looking forward to your update on this.

LUAN BRAZ

unread,

Sep 15, 2025, 10:37:05 AM (5 days ago) Sep 15

to Md. Nazmur Sakib, Wazuh | Mailing List

Hello, thank you very much for your attention.

The problem persists. Here are the results of the requested commands:

1. Indexer management > Dev Tools > GET _cluster/health:

{
"cluster_name": "wazuh-cluster",
"status": "green",
"timed_out": false,
"number_of_nodes": 1,
"number_of_data_nodes": 1,
"discovered_master": true,
"discovered_cluster_manager": true,
"active_primary_shards": 1000,
"active_shards": 1000,
"relocating_shards": 0,
"initializing_shards": 0,
"unassigned_shards": 0,
"delayed_unassigned_shards": 0,
"number_of_pending_tasks": 0,
"number_of_in_flight_fetch": 0,
"task_max_waiting_in_queue_millis": 0,
"active_shards_percent_as_number": 100
}

2. tail /var/ossec/logs/alerts/alerts.json:

{"timestamp":"2025-09-15T13:58:28.064+0000","rule":{"level":3,"description":"Auditd: SELinux permission check.","id":"80730","firedtimes":7298,"mail":false,"groups":["audit","audit_selinux"],"gdpr":["IV_30.1.g","IV_35.7.d"],"hipaa":["164.312.b"],"nist_800_53":["AU.6"],"pci_dss":["10.6.1"],"tsc":["CC7.2","CC7.3"]},"agent":{"id":"015","name":"pritunl","ip":"172.16.0.47"},"manager":{"name":"vazo"},"id":"1757944708.211576053","full_log":"type=AVC msg=audit(1757944706.999:3636610): avc: denied { search } for pid=927 comm=\"ftdc\" name=\"fs\" dev=\"proc\" ino=11514 scontext=system_u:system_r:mongod_t:s0 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=dir permissive=0 type=SYSCALL msg=audit(1757944706.999:3636610): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=562a82b3e7e0 a2=0 a3=0 items=0 ppid=1 pid=927 auid=4294967295 uid=979 gid=978 euid=979 suid=979 fsuid=979 egid=978 sgid=978 fsgid=978 tty=(none) ses=4294967295 comm=\"ftdc\" exe=\"/usr/bin/mongod\" subj=system_u:system_r:mongod_t:s0 key=(null)\u001dARCH=x86_64 SYSCALL=openat AUID=\"unset\" UID=\"mongod\" GID=\"mongod\" EUID=\"mongod\" SUID=\"mongod\" FSUID=\"mongod\" EGID=\"mongod\" SGID=\"mongod\" FSGID=\"mongod\" type=PROCTITLE msg=audit(1757944706.999:3636610): proctitle=2F7573722F62696E2F6D6F6E676F64002D66002F6574632F6D6F6E676F642E636F6E66","decoder":{"name":"auditd"},"data":{"audit":{"type":"AVC","id":"3636610","pid":"927","auid":"4294967295","uid":"979","gid":"978","euid":"979","session":"4294967295","command":"ftdc","exe":"/usr/bin/mongod"}},"location":"/var/log/audit/audit.log"}
{"timestamp":"2025-09-15T13:58:28.066+0000","rule":{"level":3,"description":"Auditd: SELinux permission check.","id":"80730","firedtimes":7299,"mail":false,"groups":["audit","audit_selinux"],"gdpr":["IV_30.1.g","IV_35.7.d"],"hipaa":["164.312.b"],"nist_800_53":["AU.6"],"pci_dss":["10.6.1"],"tsc":["CC7.2","CC7.3"]},"agent":{"id":"015","name":"pritunl","ip":"172.16.0.47"},"manager":{"name":"vazo"},"id":"1757944708.211577381","full_log":"type=AVC msg=audit(1757944707.999:3636611): avc: denied { search } for pid=927 comm=\"ftdc\" name=\"fs\" dev=\"proc\" ino=11514 scontext=system_u:system_r:mongod_t:s0 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=dir permissive=0 type=SYSCALL msg=audit(1757944707.999:3636611): arch=c000003e syscall=137 success=no exit=-13 a0=562a82b3f6e0 a1=7fa9db994e50 a2=7fa9db9950e0 a3=20 items=0 ppid=1 pid=927 auid=4294967295 uid=979 gid=978 euid=979 suid=979 fsuid=979 egid=978 sgid=978 fsgid=978 tty=(none) ses=4294967295 comm=\"ftdc\" exe=\"/usr/bin/mongod\" subj=system_u:system_r:mongod_t:s0 key=(null)\u001dARCH=x86_64 SYSCALL=statfs AUID=\"unset\" UID=\"mongod\" GID=\"mongod\" EUID=\"mongod\" SUID=\"mongod\" FSUID=\"mongod\" EGID=\"mongod\" SGID=\"mongod\" FSGID=\"mongod\" type=PROCTITLE msg=audit(1757944707.999:3636611): proctitle=2F7573722F62696E2F6D6F6E676F64002D66002F6574632F6D6F6E676F642E636F6E66","decoder":{"name":"auditd"},"data":{"audit":{"type":"AVC","id":"3636611","pid":"927","auid":"4294967295","uid":"979","gid":"978","euid":"979","session":"4294967295","command":"ftdc","exe":"/usr/bin/mongod"}},"location":"/var/log/audit/audit.log"}
{"timestamp":"2025-09-15T13:58:28.068+0000","rule":{"level":3,"description":"Auditd: SELinux permission check.","id":"80730","firedtimes":7300,"mail":false,"groups":["audit","audit_selinux"],"gdpr":["IV_30.1.g","IV_35.7.d"],"hipaa":["164.312.b"],"nist_800_53":["AU.6"],"pci_dss":["10.6.1"],"tsc":["CC7.2","CC7.3"]},"agent":{"id":"015","name":"pritunl","ip":"172.16.0.47"},"manager":{"name":"vazo"},"id":"1757944708.211578725","full_log":"type=AVC msg=audit(1757944707.999:3636612): avc: denied { search } for pid=927 comm=\"ftdc\" name=\"fs\" dev=\"proc\" ino=11514 scontext=system_u:system_r:mongod_t:s0 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=dir permissive=0 type=SYSCALL msg=audit(1757944707.999:3636612): arch=c000003e syscall=137 success=no exit=-13 a0=562a82b3f6e0 a1=7fa9db994e50 a2=7fa9db9950e0 a3=20 items=0 ppid=1 pid=927 auid=4294967295 uid=979 gid=978 euid=979 suid=979 fsuid=979 egid=978 sgid=978 fsgid=978 tty=(none) ses=4294967295 comm=\"ftdc\" exe=\"/usr/bin/mongod\" subj=system_u:system_r:mongod_t:s0 key=(null)\u001dARCH=x86_64 SYSCALL=statfs AUID=\"unset\" UID=\"mongod\" GID=\"mongod\" EUID=\"mongod\" SUID=\"mongod\" FSUID=\"mongod\" EGID=\"mongod\" SGID=\"mongod\" FSGID=\"mongod\" type=PROCTITLE msg=audit(1757944707.999:3636612): proctitle=2F7573722F62696E2F6D6F6E676F64002D66002F6574632F6D6F6E676F642E636F6E66","decoder":{"name":"auditd"},"data":{"audit":{"type":"AVC","id":"3636612","pid":"927","auid":"4294967295","uid":"979","gid":"978","euid":"979","session":"4294967295","command":"ftdc","exe":"/usr/bin/mongod"}},"location":"/var/log/audit/audit.log"}
{"timestamp":"2025-09-15T13:58:28.070+0000","rule":{"level":3,"description":"Auditd: SELinux permission check.","id":"80730","firedtimes":7301,"mail":false,"groups":["audit","audit_selinux"],"gdpr":["IV_30.1.g","IV_35.7.d"],"hipaa":["164.312.b"],"nist_800_53":["AU.6"],"pci_dss":["10.6.1"],"tsc":["CC7.2","CC7.3"]},"agent":{"id":"015","name":"pritunl","ip":"172.16.0.47"},"manager":{"name":"vazo"},"id":"1757944708.211580069","full_log":"type=AVC msg=audit(1757944707.999:3636613): avc: denied { search } for pid=927 comm=\"ftdc\" name=\"fs\" dev=\"proc\" ino=11514 scontext=system_u:system_r:mongod_t:s0 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=dir permissive=0 type=SYSCALL msg=audit(1757944707.999:3636613): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=562a82b3e7e0 a2=0 a3=0 items=0 ppid=1 pid=927 auid=4294967295 uid=979 gid=978 euid=979 suid=979 fsuid=979 egid=978 sgid=978 fsgid=978 tty=(none) ses=4294967295 comm=\"ftdc\" exe=\"/usr/bin/mongod\" subj=system_u:system_r:mongod_t:s0 key=(null)\u001dARCH=x86_64 SYSCALL=openat AUID=\"unset\" UID=\"mongod\" GID=\"mongod\" EUID=\"mongod\" SUID=\"mongod\" FSUID=\"mongod\" EGID=\"mongod\" SGID=\"mongod\" FSGID=\"mongod\" type=PROCTITLE msg=audit(1757944707.999:3636613): proctitle=2F7573722F62696E2F6D6F6E676F64002D66002F6574632F6D6F6E676F642E636F6E66","decoder":{"name":"auditd"},"data":{"audit":{"type":"AVC","id":"3636613","pid":"927","auid":"4294967295","uid":"979","gid":"978","euid":"979","session":"4294967295","command":"ftdc","exe":"/usr/bin/mongod"}},"location":"/var/log/audit/audit.log"}
{"timestamp":"2025-09-15T13:58:30.064+0000","rule":{"level":3,"description":"Auditd: SELinux permission check.","id":"80730","firedtimes":7302,"mail":false,"groups":["audit","audit_selinux"],"gdpr":["IV_30.1.g","IV_35.7.d"],"hipaa":["164.312.b"],"nist_800_53":["AU.6"],"pci_dss":["10.6.1"],"tsc":["CC7.2","CC7.3"]},"agent":{"id":"015","name":"pritunl","ip":"172.16.0.47"},"manager":{"name":"vazo"},"id":"1757944710.211581397","full_log":"type=AVC msg=audit(1757944708.999:3636614): avc: denied { search } for pid=927 comm=\"ftdc\" name=\"fs\" dev=\"proc\" ino=11514 scontext=system_u:system_r:mongod_t:s0 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=dir permissive=0 type=SYSCALL msg=audit(1757944708.999:3636614): arch=c000003e syscall=137 success=no exit=-13 a0=562a82b3f6e0 a1=7fa9db994e50 a2=7fa9db9950e0 a3=20 items=0 ppid=1 pid=927 auid=4294967295 uid=979 gid=978 euid=979 suid=979 fsuid=979 egid=978 sgid=978 fsgid=978 tty=(none) ses=4294967295 comm=\"ftdc\" exe=\"/usr/bin/mongod\" subj=system_u:system_r:mongod_t:s0 key=(null)\u001dARCH=x86_64 SYSCALL=statfs AUID=\"unset\" UID=\"mongod\" GID=\"mongod\" EUID=\"mongod\" SUID=\"mongod\" FSUID=\"mongod\" EGID=\"mongod\" SGID=\"mongod\" FSGID=\"mongod\" type=PROCTITLE msg=audit(1757944708.999:3636614): proctitle=2F7573722F62696E2F6D6F6E676F64002D66002F6574632F6D6F6E676F642E636F6E66","decoder":{"name":"auditd"},"data":{"audit":{"type":"AVC","id":"3636614","pid":"927","auid":"4294967295","uid":"979","gid":"978","euid":"979","session":"4294967295","command":"ftdc","exe":"/usr/bin/mongod"}},"location":"/var/log/audit/audit.log"}
{"timestamp":"2025-09-15T13:58:30.064+0000","rule":{"level":3,"description":"Auditd: SELinux permission check.","id":"80730","firedtimes":7303,"mail":false,"groups":["audit","audit_selinux"],"gdpr":["IV_30.1.g","IV_35.7.d"],"hipaa":["164.312.b"],"nist_800_53":["AU.6"],"pci_dss":["10.6.1"],"tsc":["CC7.2","CC7.3"]},"agent":{"id":"015","name":"pritunl","ip":"172.16.0.47"},"manager":{"name":"vazo"},"id":"1757944710.211582741","full_log":"type=AVC msg=audit(1757944708.999:3636615): avc: denied { search } for pid=927 comm=\"ftdc\" name=\"fs\" dev=\"proc\" ino=11514 scontext=system_u:system_r:mongod_t:s0 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=dir permissive=0 type=SYSCALL msg=audit(1757944708.999:3636615): arch=c000003e syscall=137 success=no exit=-13 a0=562a82b3f6e0 a1=7fa9db994e50 a2=7fa9db9950e0 a3=20 items=0 ppid=1 pid=927 auid=4294967295 uid=979 gid=978 euid=979 suid=979 fsuid=979 egid=978 sgid=978 fsgid=978 tty=(none) ses=4294967295 comm=\"ftdc\" exe=\"/usr/bin/mongod\" subj=system_u:system_r:mongod_t:s0 key=(null)\u001dARCH=x86_64 SYSCALL=statfs AUID=\"unset\" UID=\"mongod\" GID=\"mongod\" EUID=\"mongod\" SUID=\"mongod\" FSUID=\"mongod\" EGID=\"mongod\" SGID=\"mongod\" FSGID=\"mongod\" type=PROCTITLE msg=audit(1757944708.999:3636615): proctitle=2F7573722F62696E2F6D6F6E676F64002D66002F6574632F6D6F6E676F642E636F6E66","decoder":{"name":"auditd"},"data":{"audit":{"type":"AVC","id":"3636615","pid":"927","auid":"4294967295","uid":"979","gid":"978","euid":"979","session":"4294967295","command":"ftdc","exe":"/usr/bin/mongod"}},"location":"/var/log/audit/audit.log"}
{"timestamp":"2025-09-15T13:58:30.066+0000","rule":{"level":3,"description":"Auditd: SELinux permission check.","id":"80730","firedtimes":7304,"mail":false,"groups":["audit","audit_selinux"],"gdpr":["IV_30.1.g","IV_35.7.d"],"hipaa":["164.312.b"],"nist_800_53":["AU.6"],"pci_dss":["10.6.1"],"tsc":["CC7.2","CC7.3"]},"agent":{"id":"015","name":"pritunl","ip":"172.16.0.47"},"manager":{"name":"vazo"},"id":"1757944710.211584085","full_log":"type=AVC msg=audit(1757944708.999:3636616): avc: denied { search } for pid=927 comm=\"ftdc\" name=\"fs\" dev=\"proc\" ino=11514 scontext=system_u:system_r:mongod_t:s0 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=dir permissive=0 type=SYSCALL msg=audit(1757944708.999:3636616): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=562a82b3e7e0 a2=0 a3=0 items=0 ppid=1 pid=927 auid=4294967295 uid=979 gid=978 euid=979 suid=979 fsuid=979 egid=978 sgid=978 fsgid=978 tty=(none) ses=4294967295 comm=\"ftdc\" exe=\"/usr/bin/mongod\" subj=system_u:system_r:mongod_t:s0 key=(null)\u001dARCH=x86_64 SYSCALL=openat AUID=\"unset\" UID=\"mongod\" GID=\"mongod\" EUID=\"mongod\" SUID=\"mongod\" FSUID=\"mongod\" EGID=\"mongod\" SGID=\"mongod\" FSGID=\"mongod\" type=PROCTITLE msg=audit(1757944708.999:3636616): proctitle=2F7573722F62696E2F6D6F6E676F64002D66002F6574632F6D6F6E676F642E636F6E66","decoder":{"name":"auditd"},"data":{"audit":{"type":"AVC","id":"3636616","pid":"927","auid":"4294967295","uid":"979","gid":"978","euid":"979","session":"4294967295","command":"ftdc","exe":"/usr/bin/mongod"}},"location":"/var/log/audit/audit.log"}
{"timestamp":"2025-09-15T13:58:30.068+0000","rule":{"level":3,"description":"Auditd: SELinux permission check.","id":"80730","firedtimes":7305,"mail":false,"groups":["audit","audit_selinux"],"gdpr":["IV_30.1.g","IV_35.7.d"],"hipaa":["164.312.b"],"nist_800_53":["AU.6"],"pci_dss":["10.6.1"],"tsc":["CC7.2","CC7.3"]},"agent":{"id":"015","name":"pritunl","ip":"172.16.0.47"},"manager":{"name":"vazo"},"id":"1757944710.211585413","full_log":"type=AVC msg=audit(1757944709.999:3636617): avc: denied { search } for pid=927 comm=\"ftdc\" name=\"fs\" dev=\"proc\" ino=11514 scontext=system_u:system_r:mongod_t:s0 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=dir permissive=0 type=SYSCALL msg=audit(1757944709.999:3636617): arch=c000003e syscall=137 success=no exit=-13 a0=562a82b3f6e0 a1=7fa9db994e50 a2=7fa9db9950e0 a3=20 items=0 ppid=1 pid=927 auid=4294967295 uid=979 gid=978 euid=979 suid=979 fsuid=979 egid=978 sgid=978 fsgid=978 tty=(none) ses=4294967295 comm=\"ftdc\" exe=\"/usr/bin/mongod\" subj=system_u:system_r:mongod_t:s0 key=(null)\u001dARCH=x86_64 SYSCALL=statfs AUID=\"unset\" UID=\"mongod\" GID=\"mongod\" EUID=\"mongod\" SUID=\"mongod\" FSUID=\"mongod\" EGID=\"mongod\" SGID=\"mongod\" FSGID=\"mongod\" type=PROCTITLE msg=audit(1757944709.999:3636617): proctitle=2F7573722F62696E2F6D6F6E676F64002D66002F6574632F6D6F6E676F642E636F6E66","decoder":{"name":"auditd"},"data":{"audit":{"type":"AVC","id":"3636617","pid":"927","auid":"4294967295","uid":"979","gid":"978","euid":"979","session":"4294967295","command":"ftdc","exe":"/usr/bin/mongod"}},"location":"/var/log/audit/audit.log"}
{"timestamp":"2025-09-15T13:58:30.070+0000","rule":{"level":3,"description":"Auditd: SELinux permission check.","id":"80730","firedtimes":7306,"mail":false,"groups":["audit","audit_selinux"],"gdpr":["IV_30.1.g","IV_35.7.d"],"hipaa":["164.312.b"],"nist_800_53":["AU.6"],"pci_dss":["10.6.1"],"tsc":["CC7.2","CC7.3"]},"agent":{"id":"015","name":"pritunl","ip":"172.16.0.47"},"manager":{"name":"vazo"},"id":"1757944710.211586757","full_log":"type=AVC msg=audit(1757944709.999:3636618): avc: denied { search } for pid=927 comm=\"ftdc\" name=\"fs\" dev=\"proc\" ino=11514 scontext=system_u:system_r:mongod_t:s0 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=dir permissive=0 type=SYSCALL msg=audit(1757944709.999:3636618): arch=c000003e syscall=137 success=no exit=-13 a0=562a82b3f6e0 a1=7fa9db994e50 a2=7fa9db9950e0 a3=20 items=0 ppid=1 pid=927 auid=4294967295 uid=979 gid=978 euid=979 suid=979 fsuid=979 egid=978 sgid=978 fsgid=978 tty=(none) ses=4294967295 comm=\"ftdc\" exe=\"/usr/bin/mongod\" subj=system_u:system_r:mongod_t:s0 key=(null)\u001dARCH=x86_64 SYSCALL=statfs AUID=\"unset\" UID=\"mongod\" GID=\"mongod\" EUID=\"mongod\" SUID=\"mongod\" FSUID=\"mongod\" EGID=\"mongod\" SGID=\"mongod\" FSGID=\"mongod\" type=PROCTITLE msg=audit(1757944709.999:3636618): proctitle=2F7573722F62696E2F6D6F6E676F64002D66002F6574632F6D6F6E676F642E636F6E66","decoder":{"name":"auditd"},"data":{"audit":{"type":"AVC","id":"3636618","pid":"927","auid":"4294967295","uid":"979","gid":"978","euid":"979","session":"4294967295","command":"ftdc","exe":"/usr/bin/mongod"}},"location":"/var/log/audit/audit.log"}
{"timestamp":"2025-09-15T13:58:30.072+0000","rule":{"level":3,"description":"Auditd: SELinux permission check.","id":"80730","firedtimes":7307,"mail":false,"groups":["audit","audit_selinux"],"gdpr":["IV_30.1.g","IV_35.7.d"],"hipaa":["164.312.b"],"nist_800_53":["AU.6"],"pci_dss":["10.6.1"],"tsc":["CC7.2","CC7.3"]},"agent":{"id":"015","name":"pritunl","ip":"172.16.0.47"},"manager":{"name":"vazo"},"id":"1757944710.211588101","full_log":"type=AVC msg=audit(1757944709.999:3636619): avc: denied { search } for pid=927 comm=\"ftdc\" name=\"fs\" dev=\"proc\" ino=11514 scontext=system_u:system_r:mongod_t:s0 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=dir permissive=0 type=SYSCALL msg=audit(1757944709.999:3636619): arch=c000003e syscall=257 success=no exit=-13 a0=ffffff9c a1=562a82b3e7e0 a2=0 a3=0 items=0 ppid=1 pid=927 auid=4294967295 uid=979 gid=978 euid=979 suid=979 fsuid=979 egid=978 sgid=978 fsgid=978 tty=(none) ses=4294967295 comm=\"ftdc\" exe=\"/usr/bin/mongod\" subj=system_u:system_r:mongod_t:s0 key=(null)\u001dARCH=x86_64 SYSCALL=openat AUID=\"unset\" UID=\"mongod\" GID=\"mongod\" EUID=\"mongod\" SUID=\"mongod\" FSUID=\"mongod\" EGID=\"mongod\" SGID=\"mongod\" FSGID=\"mongod\" type=PROCTITLE msg=audit(1757944709.999:3636619): proctitle=2F7573722F62696E2F6D6F6E676F64002D66002F6574632F6D6F6E676F642E636F6E66","decoder":{"name":"auditd"},"data":{"audit":{"type":"AVC","id":"3636619","pid":"927","auid":"4294967295","uid":"979","gid":"978","euid":"979","session":"4294967295","command":"ftdc","exe":"/usr/bin/mongod"}},"location":"/var/log/audit/audit.log"}

3. cat /var/log/wazuh-indexer/wazuh-cluster.log | grep -i -E "error|warn"

[2025-09-15T05:55:46,352][ERROR][o.o.a.a.AlertIndices ] [node-1] info deleteOldIndices
[2025-09-15T05:55:46,352][ERROR][o.o.a.a.AlertIndices ] [node-1] info deleteOldIndices
[2025-09-15T13:09:30,751][WARN ][o.o.s.a.BackendRegistry ] [node-1] Authentication finally failed for admin from 127.0.0.1:49668
[2025-09-15T13:10:48,368][INFO ][o.o.n.Node ] [node-1] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.security.manager=allow, -Djava.locale.providers=SPI,COMPAT, -Xms4g, -Xmx4g, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/var/log/wazuh-indexer/tmp, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/wazuh-indexer, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Djava.security.manager=allow, -Djava.util.concurrent.ForkJoinPool.common.threadFactory=org.opensearch.secure_sm.SecuredForkJoinWorkerThreadFactory, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///etc/wazuh-indexer/opensearch-performance-analyzer/opensearch_security.policy, --add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED, -XX:MaxDirectMemorySize=2147483648, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/etc/wazuh-indexer, -Dopensearch.distribution.type=deb, -Dopensearch.bundled_jdk=true]
[2025-09-15T13:11:09,798][WARN ][o.o.s.c.Salt ] [node-1] If you plan to use field masking pls configure compliance salt e1ukloTsQlOgPquJ to be a random string of 16 chars length identical on all nodes
[2025-09-15T13:11:09,908][ERROR][o.o.s.a.s.SinkProvider ] [node-1] Default endpoint could not be created, auditlog will not work properly.
[2025-09-15T13:11:09,909][WARN ][o.o.s.a.r.AuditMessageRouter] [node-1] No default storage available, audit log may not work properly. Please check configuration.
[2025-09-15T13:11:11,955][WARN ][o.o.s.p.SQLPlugin ] [node-1] Master key is a required config for using create and update datasource APIs. Please set plugins.query.datasources.encryption.masterkey config in opensearch.yml in all the cluster nodes. More details can be found here: https://github.com/opensearch-project/sql/blob/main/docs/user/ppl/admin/datasources.rst#master-key-config-for-encrypting-credential-information
[2025-09-15T13:11:14,003][WARN ][o.o.g.DanglingIndicesState] [node-1] gateway.auto_import_dangling_indices is disabled, dangling indices will not be automatically detected or imported and must be managed manually
[2025-09-15T13:11:16,882][WARN ][o.o.p.c.s.h.ConfigOverridesClusterSettingHandler] [node-1] Config override setting update called with empty string. Ignoring.
[2025-09-15T13:11:19,874][WARN ][o.o.o.i.ObservabilityIndex] [node-1] message: index [.opensearch-observability/cS_VI92kT-Gn9kizkoJIEg] already exists
[2025-09-15T13:11:19,874][WARN ][o.o.s.SecurityAnalyticsPlugin] [node-1] Failed to initialize LogType config index and builtin log types
[2025-09-15T13:11:19,951][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@7c086c01] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2025-09-15T13:11:19,951][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@7c086c01] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2025-09-15T13:11:19,951][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@7c086c01] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2025-09-15T13:11:19,951][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@7c086c01] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2025-09-15T13:11:19,952][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@7c086c01] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2025-09-15T13:11:19,952][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@7c086c01] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2025-09-15T13:11:19,952][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@7c086c01] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2025-09-15T13:11:19,952][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@7c086c01] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2025-09-15T13:11:19,952][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@7c086c01] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2025-09-15T13:11:19,952][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@7c086c01] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2025-09-15T13:11:20,135][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:11:20,155][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:11:20,157][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:11:20,159][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:11:21,562][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:11:21,564][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:11:21,566][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:11:21,568][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:11:24,062][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:11:24,065][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:11:24,067][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:11:24,069][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:11:26,563][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:11:26,565][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:11:26,567][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:11:26,569][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:11:29,063][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:11:29,065][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:11:29,067][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:11:29,070][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:11:29,121][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:11:30,395][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:11:31,564][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:11:31,566][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:11:31,568][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:11:31,570][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:11:32,945][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:11:32,968][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:11:36,884][WARN ][r.suppressed ] [node-1] path: /.kibana/_doc/config%3A2.13.0, params: {index=.kibana, id=config:2.13.0}
[2025-09-15T13:11:37,835][WARN ][r.suppressed ] [node-1] path: /.kibana/_doc/config%3A2.13.0, params: {index=.kibana, id=config:2.13.0}
[2025-09-15T13:11:37,877][WARN ][r.suppressed ] [node-1] path: /.kibana/_doc/config%3A2.13.0, params: {index=.kibana, id=config:2.13.0}
[2025-09-15T13:11:37,886][WARN ][r.suppressed ] [node-1] path: /.kibana/_doc/config%3A2.13.0, params: {index=.kibana, id=config:2.13.0}
[2025-09-15T13:11:40,076][WARN ][r.suppressed ] [node-1] path: /.kibana/_doc/wazuh-check-updates-user-preferences%3Aadmin, params: {index=.kibana, id=wazuh-check-updates-user-preferences:admin}
[2025-09-15T13:11:40,497][WARN ][r.suppressed ] [node-1] path: /.kibana/_doc/wazuh-check-updates-user-preferences%3Aadmin, params: {index=.kibana, id=wazuh-check-updates-user-preferences:admin}
[2025-09-15T13:11:40,731][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=10000, index=.kibana, from=0, _source=index-pattern.title,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title}
[2025-09-15T13:11:40,740][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:11:40,754][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:11:40,768][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:11:40,805][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:11:41,627][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:11:42,774][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:11:42,879][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:11:43,599][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:11:43,795][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:11:44,630][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:11:45,416][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:11:47,100][WARN ][r.suppressed ] [node-1] path: /.kibana/_doc/config%3A2.13.0, params: {index=.kibana, id=config:2.13.0}
[2025-09-15T13:11:47,113][WARN ][r.suppressed ] [node-1] path: /.kibana/_doc/config%3A2.13.0, params: {index=.kibana, id=config:2.13.0}
[2025-09-15T13:11:47,152][WARN ][r.suppressed ] [node-1] path: /.kibana/_doc/config%3A2.13.0, params: {index=.kibana, id=config:2.13.0}
[2025-09-15T13:11:47,161][WARN ][r.suppressed ] [node-1] path: /.kibana/_doc/config%3A2.13.0, params: {index=.kibana, id=config:2.13.0}
[2025-09-15T13:11:48,671][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=10000, index=.kibana, from=0, _source=index-pattern.title,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title}
[2025-09-15T13:11:48,675][WARN ][r.suppressed ] [node-1] path: /.kibana/_doc/wazuh-check-updates-user-preferences%3Aadmin, params: {index=.kibana, id=wazuh-check-updates-user-preferences:admin}
[2025-09-15T13:11:48,786][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:11:48,813][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:11:48,821][WARN ][r.suppressed ] [node-1] path: /.kibana/_doc/wazuh-check-updates-user-preferences%3Aadmin, params: {index=.kibana, id=wazuh-check-updates-user-preferences:admin}
[2025-09-15T13:11:48,840][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:11:49,949][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:11:50,850][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:11:50,868][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:11:50,879][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:11:51,502][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:11:51,717][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:11:52,430][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:11:52,455][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:11:53,517][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:11:54,176][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:11:54,571][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:11:56,736][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:11:57,431][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:11:58,211][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:11:58,894][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:11:59,941][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:12:12,700][WARN ][r.suppressed ] [node-1] path: /.kibana/_doc/config%3A2.13.0, params: {index=.kibana, id=config:2.13.0}
[2025-09-15T13:12:12,714][WARN ][r.suppressed ] [node-1] path: /.kibana/_doc/config%3A2.13.0, params: {index=.kibana, id=config:2.13.0}
[2025-09-15T13:12:12,777][WARN ][r.suppressed ] [node-1] path: /.kibana/_doc/config%3A2.13.0, params: {index=.kibana, id=config:2.13.0}
[2025-09-15T13:12:12,784][WARN ][r.suppressed ] [node-1] path: /.kibana/_doc/config%3A2.13.0, params: {index=.kibana, id=config:2.13.0}
[2025-09-15T13:12:14,304][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=10000, index=.kibana, from=0, _source=index-pattern.title,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title}
[2025-09-15T13:12:14,316][WARN ][r.suppressed ] [node-1] path: /.kibana/_doc/wazuh-check-updates-user-preferences%3Aadmin, params: {index=.kibana, id=wazuh-check-updates-user-preferences:admin}
[2025-09-15T13:12:14,423][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:12:14,447][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:12:14,456][WARN ][r.suppressed ] [node-1] path: /.kibana/_doc/wazuh-check-updates-user-preferences%3Aadmin, params: {index=.kibana, id=wazuh-check-updates-user-preferences:admin}
[2025-09-15T13:12:14,467][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:12:14,486][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:12:16,483][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:12:16,503][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:12:16,589][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:12:16,896][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:12:17,432][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:12:18,346][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:12:18,365][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:12:18,381][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:12:18,416][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:12:18,430][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:12:18,486][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:12:18,507][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:12:18,534][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:12:18,589][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:12:18,656][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:12:32,064][WARN ][r.suppressed ] [node-1] path: /.kibana/_doc/config%3A2.13.0, params: {index=.kibana, id=config:2.13.0}
[2025-09-15T13:12:32,077][WARN ][r.suppressed ] [node-1] path: /.kibana/_doc/config%3A2.13.0, params: {index=.kibana, id=config:2.13.0}
[2025-09-15T13:12:32,110][WARN ][r.suppressed ] [node-1] path: /.kibana/_doc/config%3A2.13.0, params: {index=.kibana, id=config:2.13.0}
[2025-09-15T13:12:32,116][WARN ][r.suppressed ] [node-1] path: /.kibana/_doc/config%3A2.13.0, params: {index=.kibana, id=config:2.13.0}
[2025-09-15T13:12:33,645][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=10000, index=.kibana, from=0, _source=index-pattern.title,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title}
[2025-09-15T13:12:33,647][WARN ][r.suppressed ] [node-1] path: /.kibana/_doc/wazuh-check-updates-user-preferences%3Aadmin, params: {index=.kibana, id=wazuh-check-updates-user-preferences:admin}
[2025-09-15T13:12:33,761][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:12:33,785][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:12:33,790][WARN ][r.suppressed ] [node-1] path: /.kibana/_doc/wazuh-check-updates-user-preferences%3Aadmin, params: {index=.kibana, id=wazuh-check-updates-user-preferences:admin}
[2025-09-15T13:12:33,810][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:12:33,882][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:12:33,953][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:12:33,969][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:12:33,979][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=10000, index=.kibana, from=0, _source=index-pattern.title,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title}
[2025-09-15T13:12:33,986][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:12:34,028][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:12:34,058][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:12:34,086][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:12:34,131][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:12:34,164][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:12:34,211][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:12:34,230][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:12:34,258][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:12:34,293][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:12:34,312][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:12:34,328][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:12:34,348][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:12:34,360][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:12:42,117][WARN ][r.suppressed ] [node-1] path: /.kibana/_doc/wazuh-check-updates-available-updates%3Awazuh-check-updates-available-updates, params: {refresh=true, index=.kibana, id=wazuh-check-updates-available-updates:wazuh-check-updates-available-updates}
[2025-09-15T13:12:42,854][WARN ][r.suppressed ] [node-1] path: /.kibana/_doc/config%3A2.13.0, params: {index=.kibana, id=config:2.13.0}
[2025-09-15T13:12:42,867][WARN ][r.suppressed ] [node-1] path: /.kibana/_doc/config%3A2.13.0, params: {index=.kibana, id=config:2.13.0}
[2025-09-15T13:12:42,960][WARN ][r.suppressed ] [node-1] path: /.kibana/_doc/config%3A2.13.0, params: {index=.kibana, id=config:2.13.0}
[2025-09-15T13:12:42,967][WARN ][r.suppressed ] [node-1] path: /.kibana/_doc/config%3A2.13.0, params: {index=.kibana, id=config:2.13.0}
[2025-09-15T13:12:44,474][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=10000, index=.kibana, from=0, _source=index-pattern.title,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title}
[2025-09-15T13:12:44,475][WARN ][r.suppressed ] [node-1] path: /.kibana/_doc/wazuh-check-updates-user-preferences%3Aadmin, params: {index=.kibana, id=wazuh-check-updates-user-preferences:admin}
[2025-09-15T13:12:44,591][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:12:44,612][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:12:44,620][WARN ][r.suppressed ] [node-1] path: /.kibana/_doc/wazuh-check-updates-user-preferences%3Aadmin, params: {index=.kibana, id=wazuh-check-updates-user-preferences:admin}
[2025-09-15T13:12:44,631][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:12:45,709][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:12:46,568][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:12:46,577][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:12:46,590][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:12:46,606][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:12:47,557][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:12:48,350][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:12:48,365][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:12:48,392][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:12:50,100][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:12:50,137][WARN ][r.suppressed ] [node-1] path: /.kibana/_doc/wazuh-check-updates-available-updates%3Awazuh-check-updates-available-updates, params: {refresh=true, index=.kibana, id=wazuh-check-updates-available-updates:wazuh-check-updates-available-updates}
[2025-09-15T13:12:50,746][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:12:51,101][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:12:53,301][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:12:53,654][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:12:54,200][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:12:55,145][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:13:15,894][WARN ][r.suppressed ] [node-1] path: /.kibana/_doc/wazuh-check-updates-available-updates%3Awazuh-check-updates-available-updates, params: {refresh=true, index=.kibana, id=wazuh-check-updates-available-updates:wazuh-check-updates-available-updates}
[2025-09-15T13:13:33,951][WARN ][r.suppressed ] [node-1] path: /.kibana/_doc/wazuh-check-updates-available-updates%3Awazuh-check-updates-available-updates, params: {refresh=true, index=.kibana, id=wazuh-check-updates-available-updates:wazuh-check-updates-available-updates}
org.opensearch.action.UnavailableShardsException: [.kibana_1][0] primary shard is not active Timeout: [1m], request: [BulkShardRequest [[.kibana_1][0]] containing [index {[.kibana][wazuh-check-updates-available-updates:wazuh-check-updates-available-updates], source[{"wazuh-check-updates-available-updates":{"apis_available_updates":[{"api_id":"default","status":"error","error":{"title":"Too Many Requests","detail":"Maximum number of requests per minute reached"}}],"last_check_date":"2025-09-15T13:12:33.914Z"},"type":"wazuh-check-updates-available-updates","references":[],"updated_at":"2025-09-15T13:12:33.914Z"}]}] and a refresh]
[2025-09-15T13:13:45,838][WARN ][r.suppressed ] [node-1] path: /.kibana/_doc/wazuh-check-updates-available-updates%3Awazuh-check-updates-available-updates, params: {refresh=true, index=.kibana, id=wazuh-check-updates-available-updates:wazuh-check-updates-available-updates}
[2025-09-15T13:14:03,651][WARN ][r.suppressed ] [node-1] path: /.kibana/_doc/config%3A2.13.0, params: {index=.kibana, id=config:2.13.0}
[2025-09-15T13:14:03,666][WARN ][r.suppressed ] [node-1] path: /.kibana/_doc/config%3A2.13.0, params: {index=.kibana, id=config:2.13.0}
[2025-09-15T13:14:03,715][WARN ][r.suppressed ] [node-1] path: /.kibana/_doc/config%3A2.13.0, params: {index=.kibana, id=config:2.13.0}
[2025-09-15T13:14:03,720][WARN ][r.suppressed ] [node-1] path: /.kibana/_doc/config%3A2.13.0, params: {index=.kibana, id=config:2.13.0}
[2025-09-15T13:14:05,244][WARN ][r.suppressed ] [node-1] path: /.kibana/_doc/wazuh-check-updates-user-preferences%3Aadmin, params: {index=.kibana, id=wazuh-check-updates-user-preferences:admin}
[2025-09-15T13:14:05,246][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=10000, index=.kibana, from=0, _source=index-pattern.title,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title}
[2025-09-15T13:14:05,354][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:14:05,375][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:14:05,388][WARN ][r.suppressed ] [node-1] path: /.kibana/_doc/wazuh-check-updates-user-preferences%3Aadmin, params: {index=.kibana, id=wazuh-check-updates-user-preferences:admin}
[2025-09-15T13:14:05,411][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:14:06,459][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:14:07,382][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:14:07,400][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:14:07,410][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:14:07,502][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:14:08,365][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:14:09,197][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:14:09,211][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:14:10,251][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:14:11,016][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:14:11,046][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:14:12,879][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:15:00,467][WARN ][o.o.c.s.MasterService ] [node-1] took [14.4s], which is over [10s], to compute cluster state update for [shard-started StartedShardEntry{shardId [[wazuh-monitoring-2025.9w][0]], allocationId [j8sumOt5QI-5XkTHkj9xsw], primary term [29], message [after existing store recovery; bootstrap_history_uuid=false]}[StartedShardEntry{shardId [[wazuh-monitoring-2025.9w][0]], allocationId [j8sumOt5QI-5XkTHkj9xsw], primary term [29], message [after existing store recovery; bootstrap_history_uuid=false]}], shard-started StartedShardEntry{shardId [[wazuh-alerts-4.x-2025.02.24][2]], allocationId [_FJ9W3mEQ-a2HPR39FqO8w], primary term [29], message [after existing store recovery; bootstrap_history_uuid=false]}[StartedShardEntry{shardId [[wazuh-alerts-4.x-2025.02.24][2]], allocationId [_FJ9W3mEQ-a2HPR39FqO8w], primary term [29], message [after existing store recovery; bootstrap_history_uuid=false]}], shard-started StartedShardEntry{shardId [[wazuh-alerts-4.x-2025.02.24][2]], allocationId [_FJ9W3mEQ-a2HPR39FqO8w], primary term [29], message [cluster-manager {node-1}{pj_kQQRtTSiShJh_0gD_1A}{HIpx-jbUTxirJLiakxKMoA}{127.0.0.1}{127.0.0.1:9300}{dimr}{shard_indexing_pressure_enabled=true} marked shard as initializing, but shard state is [POST_RECOVERY], mark shard as started]}[StartedShardEntry{shardId [[wazuh-alerts-4.x-2025.02.24][2]], allocationId [_FJ9W3mEQ-a2HPR39FqO8w], primary term [29], message [cluster-manager {node-1}{pj_kQQRtTSiShJh_0gD_1A}{HIpx-jbUTxirJLiakxKMoA}{127.0.0.1}{127.0.0.1:9300}{dimr}{shard_indexing_pressure_enabled=true} marked shard as initializing, but shard state is [POST_RECOVERY], mark shard as started]}], shard-started StartedShardEntry{shardId [[wazuh-monitoring-2025.9w][0]], allocationId [j8sumOt5QI-5XkTHkj9xsw], primary term [29], message [cluster-manager {node-1}{pj_kQQRtTSiShJh_0gD_1A}{HIpx-jbUTxirJLiakxKMoA}{127.0.0.1}{127.0.0.1:9300}{dimr}{shard_indexing_pressure_enabled=true} marked shard as initializing, but shard state is [POST_RECOVERY], mark shard as started]}[StartedShardEntry{shardId [[wazuh-monitoring-2025.9w][0]], allocationId [j8sumOt5QI-5XkTHkj9xsw], primary term [29], message [cluster-manager {node-1}{pj_kQQRtTSiShJh_0gD_1A}{HIpx-jbUTxirJLiakxKMoA}{127.0.0.1}{127.0.0.1:9300}{dimr}{shard_indexing_pressure_enabled=true} marked shard as initializing, but shard state is [POST_RECOVERY], mark shard as started]}]]
[2025-09-15T13:15:00,538][WARN ][o.o.m.j.JvmGcMonitorService] [node-1] [gc][young][211][23] duration [14.4s], collections [1]/[15.3s], total [14.4s]/[15s], memory [2.8gb]->[1.2gb]/[4gb], all_pools {[young] [1.7gb]->[0b]/[0b]}{[old] [904mb]->[1.1gb]/[4gb]}{[survivor] [242mb]->[134mb]/[0b]}
[2025-09-15T13:15:00,539][WARN ][o.o.m.j.JvmGcMonitorService] [node-1] [gc][211] overhead, spent [14.4s] collecting in the last [15.3s]
[2025-09-15T13:15:00,732][WARN ][r.suppressed ] [node-1] path: /.kibana/_doc/config%3A2.13.0, params: {index=.kibana, id=config:2.13.0}
[2025-09-15T13:15:00,745][WARN ][r.suppressed ] [node-1] path: /.kibana/_doc/config%3A2.13.0, params: {index=.kibana, id=config:2.13.0}
[2025-09-15T13:15:00,803][WARN ][r.suppressed ] [node-1] path: /.kibana/_doc/config%3A2.13.0, params: {index=.kibana, id=config:2.13.0}
[2025-09-15T13:15:00,810][WARN ][r.suppressed ] [node-1] path: /.kibana/_doc/config%3A2.13.0, params: {index=.kibana, id=config:2.13.0}
[2025-09-15T13:15:06,605][WARN ][r.suppressed ] [node-1] path: /.kibana/_doc/wazuh-check-updates-available-updates%3Awazuh-check-updates-available-updates, params: {refresh=true, index=.kibana, id=wazuh-check-updates-available-updates:wazuh-check-updates-available-updates}
[2025-09-15T13:15:21,031][WARN ][r.suppressed ] [node-1] path: /.kibana/_doc/config%3A2.13.0, params: {index=.kibana, id=config:2.13.0}
[2025-09-15T13:15:21,043][WARN ][r.suppressed ] [node-1] path: /.kibana/_doc/config%3A2.13.0, params: {index=.kibana, id=config:2.13.0}
[2025-09-15T13:15:21,073][WARN ][r.suppressed ] [node-1] path: /.kibana/_doc/config%3A2.13.0, params: {index=.kibana, id=config:2.13.0}
[2025-09-15T13:15:21,078][WARN ][r.suppressed ] [node-1] path: /.kibana/_doc/config%3A2.13.0, params: {index=.kibana, id=config:2.13.0}
[2025-09-15T13:15:21,996][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:15:22,001][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=10000, index=.kibana, from=0, _source=index-pattern.title,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title}
[2025-09-15T13:15:22,010][WARN ][r.suppressed ] [node-1] path: /.kibana/_doc/wazuh-check-updates-user-preferences%3Aadmin, params: {index=.kibana, id=wazuh-check-updates-user-preferences:admin}
[2025-09-15T13:15:22,017][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:15:22,036][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:15:22,035][WARN ][r.suppressed ] [node-1] path: /.kibana/_doc/wazuh-check-updates-user-preferences%3Aadmin, params: {index=.kibana, id=wazuh-check-updates-user-preferences:admin}
[2025-09-15T13:15:22,054][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:15:22,070][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:15:22,079][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:15:22,088][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:15:22,097][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:15:22,108][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:15:22,118][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:15:22,129][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:15:22,138][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:15:22,542][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:15:22,545][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=10000, index=.kibana, from=0, _source=index-pattern.title,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title}
[2025-09-15T13:15:22,555][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:15:22,569][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:15:23,653][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:15:24,275][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:15:24,610][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:15:24,632][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:15:25,633][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:15:33,643][WARN ][o.o.m.j.JvmGcMonitorService] [node-1] [gc][young][237][24] duration [7.9s], collections [1]/[8s], total [7.9s]/[22.9s], memory [3gb]->[1.3gb]/[4gb], all_pools {[young] [1.8gb]->[0b]/[0b]}{[old] [1.1gb]->[1.2gb]/[4gb]}{[survivor] [134mb]->[144mb]/[0b]}
[2025-09-15T13:15:33,644][WARN ][o.o.m.j.JvmGcMonitorService] [node-1] [gc][237] overhead, spent [7.9s] collecting in the last [8s]
[2025-09-15T13:15:33,674][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:15:33,734][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:15:42,407][WARN ][o.o.m.j.JvmGcMonitorService] [node-1] [gc][young][238][25] duration [8.5s], collections [1]/[8.7s], total [8.5s]/[31.4s], memory [1.3gb]->[1.3gb]/[4gb], all_pools {[young] [0b]->[2mb]/[0b]}{[old] [1.2gb]->[1.3gb]/[4gb]}{[survivor] [144mb]->[8mb]/[0b]}
[2025-09-15T13:15:42,407][WARN ][o.o.m.j.JvmGcMonitorService] [node-1] [gc][238] overhead, spent [8.5s] collecting in the last [8.7s]
[2025-09-15T13:16:15,301][WARN ][r.suppressed ] [node-1] path: /.kibana/_doc/config%3A2.13.0, params: {index=.kibana, id=config:2.13.0}
[2025-09-15T13:16:15,314][WARN ][r.suppressed ] [node-1] path: /.kibana/_doc/config%3A2.13.0, params: {index=.kibana, id=config:2.13.0}
[2025-09-15T13:16:15,366][WARN ][r.suppressed ] [node-1] path: /.kibana/_doc/config%3A2.13.0, params: {index=.kibana, id=config:2.13.0}
[2025-09-15T13:16:15,371][WARN ][r.suppressed ] [node-1] path: /.kibana/_doc/config%3A2.13.0, params: {index=.kibana, id=config:2.13.0}
[2025-09-15T13:16:16,925][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=10000, index=.kibana, from=0, _source=index-pattern.title,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title}
[2025-09-15T13:16:16,927][WARN ][r.suppressed ] [node-1] path: /.kibana/_doc/wazuh-check-updates-user-preferences%3Aadmin, params: {index=.kibana, id=wazuh-check-updates-user-preferences:admin}
[2025-09-15T13:16:17,043][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:16:17,068][WARN ][r.suppressed ] [node-1] path: /.kibana/_doc/wazuh-check-updates-user-preferences%3Aadmin, params: {index=.kibana, id=wazuh-check-updates-user-preferences:admin}
[2025-09-15T13:16:17,083][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:16:17,093][WARN ][r.suppressed ] [node-1] path: /.kibana/_search, params: {rest_total_hits_as_int=true, size=9999, index=.kibana, from=0, _source=index-pattern.title,index-pattern.fields,namespace,namespaces,type,references,migrationVersion,updated_at,originId,title,fields}
[2025-09-15T13:16:22,318][WARN ][r.suppressed ] [node-1] path: /.kibana/_doc/wazuh-check-updates-available-updates%3Awazuh-check-updates-available-updates, params: {refresh=true, index=.kibana, id=wazuh-check-updates-available-updates:wazuh-check-updates-available-updates}
[2025-09-15T13:16:28,990][WARN ][r.suppressed ] [node-1] path: /.kibana/_doc/wazuh-check-updates-available-updates%3Awazuh-check-updates-available-updates, params: {refresh=true, index=.kibana, id=wazuh-check-updates-available-updates:wazuh-check-updates-available-updates}
[2025-09-15T13:16:29,350][WARN ][o.o.c.a.s.ShardStateAction] [node-1] unexpected failure while sending request [internal:cluster/shard/started] to [{node-1}{pj_kQQRtTSiShJh_0gD_1A}{HIpx-jbUTxirJLiakxKMoA}{127.0.0.1}{127.0.0.1:9300}{dimr}{shard_indexing_pressure_enabled=true}] for shard entry [StartedShardEntry{shardId [[wazuh-alerts-4.x-2024.12.19][2]], allocationId [9sGpXOlESHyteXk5SUjt3Q], primary term [31], message [after existing store recovery; bootstrap_history_uuid=false]}]
[2025-09-15T13:16:29,782][WARN ][o.o.c.a.s.ShardStateAction] [node-1] unexpected failure while sending request [internal:cluster/shard/started] to [{node-1}{pj_kQQRtTSiShJh_0gD_1A}{HIpx-jbUTxirJLiakxKMoA}{127.0.0.1}{127.0.0.1:9300}{dimr}{shard_indexing_pressure_enabled=true}] for shard entry [StartedShardEntry{shardId [[wazuh-alerts-4.x-2024.12.19][0]], allocationId [Fa4cj_RjRhmE4nD9Rp5vgA], primary term [31], message [after existing store recovery; bootstrap_history_uuid=false]}]
[2025-09-15T13:16:29,996][WARN ][o.o.c.a.s.ShardStateAction] [node-1] unexpected failure while sending request [internal:cluster/shard/started] to [{node-1}{pj_kQQRtTSiShJh_0gD_1A}{HIpx-jbUTxirJLiakxKMoA}{127.0.0.1}{127.0.0.1:9300}{dimr}{shard_indexing_pressure_enabled=true}] for shard entry [StartedShardEntry{shardId [[wazuh-alerts-4.x-2024.12.18][1]], allocationId [DLO3G46WQQeglXYsxTd2jQ], primary term [31], message [after existing store recovery; bootstrap_history_uuid=false]}]
[2025-09-15T13:16:50,703][INFO ][o.o.n.Node ] [node-1] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.security.manager=allow, -Djava.locale.providers=SPI,COMPAT, -Xms4g, -Xmx4g, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/var/log/wazuh-indexer/tmp, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/wazuh-indexer, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Djava.security.manager=allow, -Djava.util.concurrent.ForkJoinPool.common.threadFactory=org.opensearch.secure_sm.SecuredForkJoinWorkerThreadFactory, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///etc/wazuh-indexer/opensearch-performance-analyzer/opensearch_security.policy, --add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED, -XX:MaxDirectMemorySize=2147483648, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/etc/wazuh-indexer, -Dopensearch.distribution.type=deb, -Dopensearch.bundled_jdk=true]
[2025-09-15T13:17:58,609][WARN ][o.o.s.c.Salt ] [node-1] If you plan to use field masking pls configure compliance salt e1ukloTsQlOgPquJ to be a random string of 16 chars length identical on all nodes
[2025-09-15T13:17:58,964][ERROR][o.o.s.a.s.SinkProvider ] [node-1] Default endpoint could not be created, auditlog will not work properly.
[2025-09-15T13:17:58,965][WARN ][o.o.s.a.r.AuditMessageRouter] [node-1] No default storage available, audit log may not work properly. Please check configuration.
[2025-09-15T13:18:04,702][WARN ][o.o.s.p.SQLPlugin ] [node-1] Master key is a required config for using create and update datasource APIs. Please set plugins.query.datasources.encryption.masterkey config in opensearch.yml in all the cluster nodes. More details can be found here: https://github.com/opensearch-project/sql/blob/main/docs/user/ppl/admin/datasources.rst#master-key-config-for-encrypting-credential-information
[2025-09-15T13:18:09,833][WARN ][o.o.g.DanglingIndicesState] [node-1] gateway.auto_import_dangling_indices is disabled, dangling indices will not be automatically detected or imported and must be managed manually
[2025-09-15T13:18:13,442][WARN ][o.o.p.c.s.h.ConfigOverridesClusterSettingHandler] [node-1] Config override setting update called with empty string. Ignoring.
[2025-09-15T13:18:14,151][WARN ][o.o.o.i.ObservabilityIndex] [node-1] message: index [.opensearch-observability/cS_VI92kT-Gn9kizkoJIEg] already exists
[2025-09-15T13:18:14,153][WARN ][o.o.s.SecurityAnalyticsPlugin] [node-1] Failed to initialize LogType config index and builtin log types
[2025-09-15T13:18:14,544][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@7719a856] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2025-09-15T13:18:14,544][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@7719a856] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2025-09-15T13:18:14,544][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@7719a856] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2025-09-15T13:18:14,544][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@7719a856] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2025-09-15T13:18:14,544][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@7719a856] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2025-09-15T13:18:14,544][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@7719a856] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2025-09-15T13:18:14,544][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@7719a856] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2025-09-15T13:18:14,544][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@7719a856] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2025-09-15T13:18:14,545][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@7719a856] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2025-09-15T13:18:14,545][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@7719a856] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2025-09-15T13:18:16,756][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:18:16,786][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:18:16,789][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:18:16,792][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:18:17,362][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:18:17,365][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:18:17,369][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:18:17,371][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:18:19,863][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:18:19,866][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:18:19,870][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:18:19,872][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:18:21,053][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:18:22,366][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:18:22,369][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:18:22,371][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:18:22,373][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:18:24,869][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:18:24,886][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:18:24,961][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:18:24,964][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:18:27,371][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:18:27,374][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:18:27,378][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:18:27,381][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:18:31,013][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:18:33,533][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:18:36,043][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:18:38,552][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:18:41,063][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:18:43,573][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:18:46,082][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:18:48,591][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:18:51,100][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:18:53,609][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:18:56,118][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:18:58,626][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:19:01,134][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:19:03,643][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:19:06,152][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:19:08,661][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:19:11,169][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:19:13,678][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:19:16,186][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:19:18,694][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:19:21,203][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:19:23,710][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:19:26,217][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:19:28,724][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:19:31,232][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:19:33,739][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:19:36,247][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:19:38,754][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:19:41,262][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:19:43,769][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:19:46,277][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:19:48,784][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:19:51,291][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:19:53,799][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:19:56,306][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:19:58,812][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:20:01,320][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:20:03,827][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:20:06,334][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:20:08,842][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:20:11,348][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:20:13,855][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:20:16,362][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:20:18,869][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:20:21,376][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:20:23,884][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:20:26,391][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:20:28,900][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:20:31,407][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:20:33,913][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:20:36,421][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:20:38,928][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:20:41,435][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:20:43,942][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:20:46,450][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:20:48,957][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:20:51,465][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:20:53,972][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:20:56,487][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:20:58,994][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:21:01,502][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:21:04,009][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:21:06,518][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:21:09,025][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:21:11,533][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:21:14,039][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:21:16,547][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:21:19,053][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:21:21,560][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:21:24,066][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:21:26,574][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:21:29,082][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:21:31,589][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:21:34,096][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:21:36,603][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:21:39,109][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:21:41,616][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:21:44,123][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:21:46,631][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:21:49,138][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:21:51,646][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:21:54,152][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:21:56,659][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:21:59,166][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:22:01,674][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:22:04,182][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:22:06,690][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:22:09,196][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:22:11,703][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:22:14,210][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:22:16,718][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:22:19,226][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:22:21,734][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:22:24,244][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:22:26,752][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:22:29,258][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:22:31,765][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:22:34,272][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:22:36,780][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:22:39,287][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:22:41,794][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:22:44,301][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:22:46,808][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:22:49,314][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:22:51,821][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:22:54,327][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:22:56,835][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:22:59,341][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:23:01,864][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:23:04,386][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:23:06,894][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:23:09,399][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:23:11,907][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:23:14,413][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:23:16,921][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:23:19,428][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:23:21,935][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:23:24,442][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:23:26,949][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:23:29,460][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:23:31,968][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:23:34,475][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:23:36,982][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:23:39,489][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:23:41,997][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:23:44,510][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:23:47,017][WARN ][r.suppressed ] [node-1] path: /.kibana/_count, params: {index=.kibana}
[2025-09-15T13:46:28,681][INFO ][o.o.n.Node ] [node-1] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.security.manager=allow, -Djava.locale.providers=SPI,COMPAT, -Xms4g, -Xmx4g, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/var/log/wazuh-indexer/tmp, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/wazuh-indexer, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Djava.security.manager=allow, -Djava.util.concurrent.ForkJoinPool.common.threadFactory=org.opensearch.secure_sm.SecuredForkJoinWorkerThreadFactory, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///etc/wazuh-indexer/opensearch-performance-analyzer/opensearch_security.policy, --add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED, -XX:MaxDirectMemorySize=2147483648, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/etc/wazuh-indexer, -Dopensearch.distribution.type=deb, -Dopensearch.bundled_jdk=true]
[2025-09-15T13:46:53,402][WARN ][o.o.s.c.Salt ] [node-1] If you plan to use field masking pls configure compliance salt e1ukloTsQlOgPquJ to be a random string of 16 chars length identical on all nodes
[2025-09-15T13:46:53,496][ERROR][o.o.s.a.s.SinkProvider ] [node-1] Default endpoint could not be created, auditlog will not work properly.
[2025-09-15T13:46:53,497][WARN ][o.o.s.a.r.AuditMessageRouter] [node-1] No default storage available, audit log may not work properly. Please check configuration.
[2025-09-15T13:46:55,234][WARN ][o.o.s.p.SQLPlugin ] [node-1] Master key is a required config for using create and update datasource APIs. Please set plugins.query.datasources.encryption.masterkey config in opensearch.yml in all the cluster nodes. More details can be found here: https://github.com/opensearch-project/sql/blob/main/docs/user/ppl/admin/datasources.rst#master-key-config-for-encrypting-credential-information
[2025-09-15T13:46:57,146][WARN ][o.o.g.DanglingIndicesState] [node-1] gateway.auto_import_dangling_indices is disabled, dangling indices will not be automatically detected or imported and must be managed manually
[2025-09-15T13:47:00,035][WARN ][o.o.p.c.s.h.ConfigOverridesClusterSettingHandler] [node-1] Config override setting update called with empty string. Ignoring.
[2025-09-15T13:47:00,889][WARN ][o.o.o.i.ObservabilityIndex] [node-1] message: index [.opensearch-observability/cS_VI92kT-Gn9kizkoJIEg] already exists
[2025-09-15T13:47:00,892][WARN ][o.o.s.SecurityAnalyticsPlugin] [node-1] Failed to initialize LogType config index and builtin log types
[2025-09-15T13:47:01,081][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@40d6874c] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2025-09-15T13:47:01,081][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@40d6874c] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2025-09-15T13:47:01,081][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@40d6874c] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2025-09-15T13:47:01,081][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@40d6874c] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2025-09-15T13:47:01,082][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@40d6874c] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2025-09-15T13:47:01,082][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@40d6874c] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2025-09-15T13:47:01,082][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@40d6874c] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2025-09-15T13:47:01,082][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@40d6874c] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2025-09-15T13:47:01,082][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@40d6874c] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2025-09-15T13:47:01,082][ERROR][o.o.s.c.ConfigurationLoaderSecurity7] [node-1] Failure No shard available for [org.opensearch.action.get.MultiGetShardRequest@40d6874c] retrieving configuration for [INTERNALUSERS, ACTIONGROUPS, CONFIG, ROLES, ROLESMAPPING, TENANTS, NODESDN, WHITELIST, ALLOWLIST, AUDIT] (index=.opendistro_security)
[2025-09-15T13:47:02,527][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:47:02,549][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:47:02,551][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:47:02,554][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:47:03,702][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:47:03,705][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:47:03,707][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:47:03,711][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:47:06,204][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:47:06,206][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:47:06,208][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:47:06,210][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:47:08,703][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:47:08,706][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:47:08,708][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:47:08,709][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:47:11,204][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:47:11,206][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:47:11,208][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:47:11,211][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:47:13,705][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:47:13,708][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:47:13,710][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:47:13,711][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-09-15T13:56:28,731][WARN ][o.o.s.c.SecurityFlsDlsIndexSearcherWrapper] [node-1] search action for .opendistro-reports-definitions is not allowed for a non adminDN user
[2025-09-15T13:56:28,731][WARN ][o.o.s.c.SecurityFlsDlsIndexSearcherWrapper] [node-1] search action for .opensearch-observability is not allowed for a non adminDN user
[2025-09-15T13:56:28,731][WARN ][o.o.s.c.SecurityFlsDlsIndexSearcherWrapper] [node-1] search action for .opendistro-reports-instances is not allowed for a non adminDN user

Thank you again for your attention, I'm really looking forward to resolving this issue and continuing to enjoy wazuh.

--
You received this message because you are subscribed to the Google Groups "Wazuh | Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/wazuh/99dc7e0a-a2a7-4425-9c13-435eae549429n%40googlegroups.com.

Luan Philipe Herculano Braz

Coordenador de Gestão de Tecnologia da Informação

Portaria nº 1949 de 05 de junho de 2023

IFBA Campus Euclides da Cunha

CGTI - IFBA Campus Euclides da Cunha

Avalie nosso atendimento: https://forms.gle/wpqSXXRrUugp1pf28

Envie uma sugestão: https://forms.gle/jJzoPAS1wywcjCwj7

Md. Nazmur Sakib

unread,

Sep 15, 2025, 11:59:21 PM (4 days ago) Sep 15

to Wazuh | Mailing List

It seems that your indexer has reached the maximum shard limit.

"active_primary_shards": 1000,
"active_shards": 1000,

A single-node indexer cluster can have 1000 shards at maximum. If you have one indexer
cluster, you need to add another indexer node or delete some old indices
from your server to free up some space.

To add more Wazuh indexer nodes, follow this document:
https://documentation.wazuh.com/current/user-manual/wazuh-indexer-cluster.html#adding-wazuh-indexer-nodes>

To delete old indices, go to

Index Management > Indices

Search with Wazuh-alerts

Select the indices you want to delete

Click on Action and select Delete from the drop-down.

Check the screenshot for reference.

I will also suggest you check the ILM and snapshot documents for better
Management of your indices.

https://documentation.wazuh.com/current/user-manual/wazuh-indexer/index-life-management.html

https://documentation.wazuh.com/current/user-manual/wazuh-indexer/migrating-wazuh-indices.html

After that, you can recover your missing alerts using this document.

https://wazuh.com/blog/recover-your-data-using-wazuh-alert-backups/

I hope you find this information useful.

LUAN BRAZ

unread,

Sep 16, 2025, 8:30:23 AM (4 days ago) Sep 16

to Md. Nazmur Sakib, Wazuh | Mailing List

Your information was very helpful. The problem was solved. Thank you very much!

To view this discussion visit https://groups.google.com/d/msgid/wazuh/942ffc35-2228-47df-9c8e-d5a830f72abdn%40googlegroups.com.

Reply all

Reply to author

Forward

0 new messages