IT Hygiene problem
Tatavolu Sai Viswanadh
"persistent": {
"cluster": {
"blocks": {
"create_index": "true"
}
},
"plugins": {
"index_state_management": {
"metadata_migration": {
"status": "1"
},
"template_migration": {
"control": "-1"
}
}
}
},
"transient": {}
}
Othniel Ebolum
Your GET _cluster/settings output shows a persistent cluster block and may be the likely or related cause of the IT Hygiene problem you are facing.
This setting prevents the automatic creation of new indices in the Indexer cluster. It's not the default and could be causing or related to indexing problems.
You can restore the ability to create indices by reverting the set value to false or null using the same dev tool you presented.
PUT /_cluster/settings
{
"persistent": {
"cluster.blocks.create_index": null
}
}
Other likely causes may be:
1. Incorrect filter values referencing the image you share, probably there is no such agent ID in your environment.
2. No data indexed for that agent.
I recommend going through the system inventory configuration documentation to ensure you have properly configured your environment to process inventory data and ship to your manager:
An example default configuration here of the system inventory wodle in your agent ossec.conf:
<!-- System inventory -->
<wodle name="syscollector">
<disabled>no</disabled>
<interval>1h</interval>
<scan_on_start>yes</scan_on_start>
<hardware>yes</hardware>
<os>yes</os>
<network>yes</network>
<packages>yes</packages>
<ports all="no">yes</ports>
<processes>yes</processes>
<users>yes</users>
<groups>yes</groups>
<services>yes</services>
<browser_extensions>yes</browser_extensions>
<!-- Database synchronization settings -->
<synchronization>
<max_eps>10</max_eps>
</synchronization>
</wodle>
This setting ensures all data is enabled.