Wazuh Dashboard - API is down

[Chittaranjan Poojari]

Hello , 
i am currently getting following issue 

[Bony V John]

Hi,

Apologies for the late response, it seems we missed your post.
From the screenshot you shared, it appears you are facing issues on both the Wazuh Manager and the Wazuh Indexer. Please follow the steps below to troubleshoot the problem.  

Wazuh manager API down issue:

Check the server resource

• Disk usage: df -h
• Memory usage: free -h
• CPU usage: cores=$(nproc); idle=$(vmstat 1 2 | tail -1 | awk '{print $15}'); usage=$((100-idle)); echo "Cores: $cores | Usage: $usage% | Idle: $idle%"

Make sure the server has enough resources to run all services.  

Check Wazuh manager daemons:

/var/ossec/bin/wazuh-control status

Restart the Wzuh manager if the Wazuh-apid is down:

systemctl restart wazuh-manager

Check Wazuh manager log:

cat /var/ossec/logs/ossec.log | grep -iE "error|warn"

Please also share your /var/ossec/etc/ossec.conf file with us for further analysis, and let us know if you made any configuration changes before the issue occurred.  

Wazuh index pattern issue:

Check Wazuh  indexer log file:

cat /var/log/wazuh-indexer/wazuh-cluster.log | grep -iE "error|warn"

Check Wazuh indexer cluster health:

curl -X GET "https://localhost:9200/_cluster/health?pretty" -u admin:<password> --insecure

Replace the <password> with you admin credential and run the above command on Wazuh indexer server.

Check Wazuh  dashboard error logs:

journalctl -u wazuh-dashboard | grep -iE "error|warn"

Please share the outputs of the above commands so we can continue with the analysis.