[validation_exception] Error
175 views
Skip to first unread message
DG
Nov 5, 2022, 12:21:21 PM11/5/22
to Wazuh mailing list
Hello Team,
I am getting the following error message:
[validation_exception] Validation Failed: 1: this action would add [2]
total shards, but this cluster currently has [1000]/[1000] maximum
shards open;
I can no longer see events in the console.
I tried creating a Index Policy as per another previous conversation in this forum.
Thanks
Gustavo Choquevilca
Nov 6, 2022, 4:10:09 PM11/6/22
to Wazuh mailing list
Hello, thank you very much for using Wazuh and its great google community!
Gustavo Choquevilca
Nov 6, 2022, 4:15:23 PM11/6/22
to Wazuh mailing list
Looking at the log you shared, perhaps this problem can be fixed by increasing the shards limits.
curl -X PUT localhost:9200/_cluster/settings -H "Content-Type: application/json" -d '{ "persistent": { "cluster.max_shards_per_node": "3000" } }'
You can review this issue that talks about the topic.
I hope to help you
Regards,
Gustavo.
You can review this issue that talks about the topic.
I hope to help you
Regards,
Gustavo.
Red Team
Nov 10, 2022, 3:06:23 PM11/10/22
to Gustavo Choquevilca, Wazuh mailing list
Whenever I try to enter the curl command as suggested, I get "Empty reply from server"
--
You received this message because you are subscribed to a topic in the Google Groups "Wazuh mailing list" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/wazuh/9UGFqCh_WrM/unsubscribe.
To unsubscribe from this group and all its topics, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/8e5ead11-9869-48aa-8196-4c68ed62899an%40googlegroups.com.
Gustavo Choquevilca
Nov 11, 2022, 12:04:46 PM11/11/22
to Wazuh mailing list
This may be due to missing credentials:
Another option could be to remove the old indexes as discussed here.
I hope to help you with this information,
Regards,
Gustavo.
- Test the credentials and IP/connection: curl -k -u USERNAME:PASSWORD -XGET https://<ELASTICSEARCH_IP>:9200
If you get a valid response, it means that the credentials and the port are correct. - Api call: curl -k -u USERNAME:PASSWORD -XPUT https://<ELASTICSEARCH_IP>:9200/_cluster/settings -H "Content-Type: application/json" -d '{ "persistent": { "cluster.max_shards_per_node": "3000" } }'
If the above does not work, surely some configuration is incorrect (it may be due to a firewall) or the service is not up.
Check status with: systemctl status elasticsearch
Review logs with: journalctl -u elasticsearch --no-pager | grep -E 'ERRO|WARN'
Check status with: systemctl status elasticsearch
Review logs with: journalctl -u elasticsearch --no-pager | grep -E 'ERRO|WARN'
Another option could be to remove the old indexes as discussed here.
I hope to help you with this information,
Regards,
Gustavo.
Red Team
Nov 14, 2022, 9:54:29 AM11/14/22
to Gustavo Choquevilca, Wazuh mailing list
thanks. This has helped.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/35656d59-ae93-4563-9167-121884ed5f8an%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages