Install Opensearch Notbooks and opensearch-anomaly-detection plugin on Wazuh Dashboard

[Ranjith Kesavan]

Hello I want to install both Opensearch Notbooks and opensearch-anomaly-detection plugin on Wazuh Dashboard. When I try to install it using opensearch-plugin command, it fails with error " "No valid url specified.". Have someone performed this or can someone suggest a workaround ? 

rootlab-01:/usr/share/wazuh-dashboard# /usr/share/wazuh-dashboard/bin/opensearch-dashboards-plugin install opensearch-notebooks  --allow-root
Attempting to transfer from opensearch-notebooks
Attempting to transfer from https://artifacts.opensearch.org/downloads/kibana-plugins/opensearch-notebooks/opensearch-notebooks-1.2.0.zip
Plugin installation was unsuccessful due to error "No valid url specified."

Thank you,

Ranjith Kesavan

[Alejandro Ruiz Becerra]

Hello Ranjith

Thanks for using Wazuh. A few things to point out:

1. Wazuh Dashboard is currently bases in OpenSearch Dashboards v1.2.0.

2. The links generated are wrong. If you notice, the plugin's URL points to kibana-plugins, which is not right. It looks like this version of OSD has this bug, and was solved in v1.3.0.

3. We are upgrading to v2.3.0 in the next minor release of Wazuh, so this issue will be solved.

4. Aside from the bug above, the opensearch-notebooks plugin does not exist in v1.2.0, as it was merged into the observability plugin. Check the available plugins for OSD 1.2 here.

5. I'll set up a newer version of OSD where this bug is solved, and share with you the commands to install the opensearch-anomaly-detection and opensearch-observability plugins.

Regards,

Alex

[Alejandro Ruiz Becerra]

Hello again 

There was a mistake in my previous comment. The correct link to the OSD plugins list is this one: https://opensearch.org/docs/1.2/dashboards/install/plugins/

Here's the command to install the anomalyDetectionDashboards plugin:

      bin/opensearch-dashboards-plugin install https://github.com/opensearch-project/anomaly-detection-dashboards-plugin/releases/download/1.2.0.0/anomaly-detection-dashboards-1.2.0.0.zip

However, I was not able to install the observability plugin. It's not listed in the list above, and the installation of the package releases in GitHub failed with the following error:

wazuh-dashboard@wazuh:~$ bin/opensearch-dashboards-plugin install https://github.com/opensearch-project/observability/releases/download/1.2.0.0/opensearch-observability-1.2.0.0.zip
Attempting to transfer from https://github.com/opensearch-project/observability/releases/download/1.2.0.0/opensearch-observability-1.2.0.0.zip
Transferring 5605267 bytes....................
Transfer complete
Retrieving metadata from plugin archive
Plugin installation was unsuccessful due to error "No opensearch-dashboards plugins found in archive"

which made me suspect that the package is missing something, and confirmed that by comparing it with the package for the anomalyDetectionDashboards plugin.

I think there might a workaround, but the package will need some manual crafting. 

[francisco...@gmail.com]

Hello;

 If I remember correctly, in recent tests with Wazuh 4.3, Wazuh Indexer and Wazuh Dashboard, I was able to install the "Anomaly Detection" and "Observability" plugins as follows:

1. Download the full Opensearch Dashboard 1.2 package ( https://opensearch.org/versions/opensearch-1-2-4.html ). The zip for Linux x64: https://artifacts.opensearch.org/releases/bundle/opensearch-dashboards/1.2.0/opensearch-dashboards-1.2.0-linux-x64.tar.gz

2. Unzip the .tar.gz and copy to /usr/share/wazuh-dashboard/plugins/ the directories "anomalyDetectionDashboards" and "observabilityDashboards" (they are inside the 'plugins' directory of the previously downloaded .tar.gz. )  You can also copy the "queryWorkbenchDashboards" directory if you need the "Query Workbench" plugin ( Use the Query Workbench to easily run on-demand SQL queries, translate SQL into its REST equivalent, and view and save results as text, JSON, JDBC, or CSV. )

$ cp -r opensearch-dashboards-1.2.0-linux-x64/plugins/observabilityDashboards/ opensearch-dashboards-1.2.0-linux-x64/plugins/anomalyDetectionDashboards/ /usr/share/wazuh-dashboard/plugins/

 3. Restart wazuh-dashboard

As I say, at least that is how I have been able to do it and that the plugins appear. I hope it works for you.

 PS: Remember to check the owners of /usr/share/wazuh-dashboard/plugins/observabilityDashboards and /usr/share/wazuh-dashboard/plugins/anomalyDetectionDashboards

[Alejandro Ruiz Becerra]

Very interesting.

Thank you for your contribution, Francisco!

[Ranjith Kesavan]

Thank you so much Francisco and Alejandro... That worked.