Wazuh Dashboard Server is not ready yet
39 views
Skip to first unread message
Szymon
Oct 9, 2025, 1:27:04 PM (22 hours ago) Oct 9
to Wazuh | Mailing List
Hello,
Is there anything anyone can pinpoint that I should also have a look at?
When accessing one of my 6 wazuh servers, I'm getting an error that Wazuh dashboard Server is not ready yet.
The rest are all on version 4.12.0, so I assume this one is as well.
I can see that the indexer service itself is not starting, and I cannot restart it:
× wazuh-indexer.service - wazuh-indexer
Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; preset: disabled)
Active: failed (Result: exit-code) since Thu 2025-10-09 16:01:01 UTC; 17min ago
Docs: https://documentation.wazuh.com
Process: 39261 ExecStart=/usr/share/wazuh-indexer/bin/systemd-entrypoint -p ${PID_DIR}/wazuh-indexer.pid --quiet (code=exited, status=1/FAILURE)
Main PID: 39261 (code=exited, status=1/FAILURE)
CPU: 4.447s
Oct 09 16:01:01 srklprsecfim01 systemd-entrypoint[39261]: at org.opensearch.bootstrap.OpenSearch.execute(OpenSearch.java:172)
Oct 09 16:01:01 srklprsecfim01 systemd-entrypoint[39261]: at org.opensearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:104)
Oct 09 16:01:01 srklprsecfim01 systemd-entrypoint[39261]: at org.opensearch.cli.Command.mainWithoutErrorHandling(Command.java:138)
Oct 09 16:01:01 srklprsecfim01 systemd-entrypoint[39261]: at org.opensearch.cli.Command.main(Command.java:101)
Oct 09 16:01:01 srklprsecfim01 systemd-entrypoint[39261]: at org.opensearch.bootstrap.OpenSearch.main(OpenSearch.java:138)
Oct 09 16:01:01 srklprsecfim01 systemd-entrypoint[39261]: at org.opensearch.bootstrap.OpenSearch.main(OpenSearch.java:104)
Oct 09 16:01:01 srklprsecfim01 systemd[1]: wazuh-indexer.service: Main process exited, code=exited, status=1/FAILURE
Oct 09 16:01:01 srklprsecfim01 systemd[1]: wazuh-indexer.service: Failed with result 'exit-code'.
Oct 09 16:01:01 srklprsecfim01 systemd[1]: Failed to start wazuh-indexer.
Oct 09 16:01:01 srklprsecfim01 systemd[1]: wazuh-indexer.service: Consumed 4.447s CPU time.
Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; preset: disabled)
Active: failed (Result: exit-code) since Thu 2025-10-09 16:01:01 UTC; 17min ago
Docs: https://documentation.wazuh.com
Process: 39261 ExecStart=/usr/share/wazuh-indexer/bin/systemd-entrypoint -p ${PID_DIR}/wazuh-indexer.pid --quiet (code=exited, status=1/FAILURE)
Main PID: 39261 (code=exited, status=1/FAILURE)
CPU: 4.447s
Oct 09 16:01:01 srklprsecfim01 systemd-entrypoint[39261]: at org.opensearch.bootstrap.OpenSearch.execute(OpenSearch.java:172)
Oct 09 16:01:01 srklprsecfim01 systemd-entrypoint[39261]: at org.opensearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:104)
Oct 09 16:01:01 srklprsecfim01 systemd-entrypoint[39261]: at org.opensearch.cli.Command.mainWithoutErrorHandling(Command.java:138)
Oct 09 16:01:01 srklprsecfim01 systemd-entrypoint[39261]: at org.opensearch.cli.Command.main(Command.java:101)
Oct 09 16:01:01 srklprsecfim01 systemd-entrypoint[39261]: at org.opensearch.bootstrap.OpenSearch.main(OpenSearch.java:138)
Oct 09 16:01:01 srklprsecfim01 systemd-entrypoint[39261]: at org.opensearch.bootstrap.OpenSearch.main(OpenSearch.java:104)
Oct 09 16:01:01 srklprsecfim01 systemd[1]: wazuh-indexer.service: Main process exited, code=exited, status=1/FAILURE
Oct 09 16:01:01 srklprsecfim01 systemd[1]: wazuh-indexer.service: Failed with result 'exit-code'.
Oct 09 16:01:01 srklprsecfim01 systemd[1]: Failed to start wazuh-indexer.
Oct 09 16:01:01 srklprsecfim01 systemd[1]: wazuh-indexer.service: Consumed 4.447s CPU time.
My opensearch_dashboards.yml is set to the same thing on all hosts, so this shouldn't be an issue:
server.host: 0.0.0.0
opensearch.hosts: https://127.0.0.1:9200
server.port: 443
server.host: 0.0.0.0
opensearch.hosts: https://127.0.0.1:9200
server.port: 443
Journalctl -xe shows this as the only error:
Oct 09 16:25:57 srklprsecfim01 opensearch-dashboards[34776]: {"type":"log","@timestamp":"2025-10-09T16:25:57Z","tags":["error","opensearch","data"],"pid":34776,"message":"[ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200"}
Oct 09 16:25:57 srklprsecfim01 opensearch-dashboards[34776]: {"type":"log","@timestamp":"2025-10-09T16:25:57Z","tags":["error","opensearch","data"],"pid":34776,"message":"[ConnectionError]: connect ECONNREFUSED 127.0.0.1:9200"}
The /etc/wazuh-indexer/jvm.options is already using -Xms4g and -Xmx4g, and have been for a while now. Definitely before the dashboard suddenly broke.
My disk space is fine:
Filesystem Size Used Avail Use% Mounted on
devtmpfs 4.0M 0 4.0M 0% /dev
tmpfs 3.8G 80K 3.8G 1% /dev/shm
tmpfs 1.5G 9.1M 1.5G 1% /run
efivarfs 256K 41K 211K 17% /sys/firmware/efi/efivars
/dev/mapper/vg-root 199G 85G 107G 45% /
/dev/sda2 974M 374M 533M 42% /boot
/dev/sda1 1022M 7.1M 1015M 1% /boot/efi
/dev/mapper/vg-home 2.0G 780K 1.8G 1% /home
/dev/mapper/vg-tmp 2.0G 372K 1.8G 1% /tmp
/dev/mapper/vg-var_log 7.8G 890M 6.5G 12% /var/log
tmpfs 765M 0 765M 0% /run/user/1514
And my memory doesn't seem overly utilized right now:
total used free shared buff/cache available
Mem: 7.5Gi 2.1Gi 4.4Gi 3.0Mi 1.3Gi 5.4Gi
Swap: 4.0Gi 668Mi 3.3Gi
Filesystem Size Used Avail Use% Mounted on
devtmpfs 4.0M 0 4.0M 0% /dev
tmpfs 3.8G 80K 3.8G 1% /dev/shm
tmpfs 1.5G 9.1M 1.5G 1% /run
efivarfs 256K 41K 211K 17% /sys/firmware/efi/efivars
/dev/mapper/vg-root 199G 85G 107G 45% /
/dev/sda2 974M 374M 533M 42% /boot
/dev/sda1 1022M 7.1M 1015M 1% /boot/efi
/dev/mapper/vg-home 2.0G 780K 1.8G 1% /home
/dev/mapper/vg-tmp 2.0G 372K 1.8G 1% /tmp
/dev/mapper/vg-var_log 7.8G 890M 6.5G 12% /var/log
tmpfs 765M 0 765M 0% /run/user/1514
And my memory doesn't seem overly utilized right now:
total used free shared buff/cache available
Mem: 7.5Gi 2.1Gi 4.4Gi 3.0Mi 1.3Gi 5.4Gi
Swap: 4.0Gi 668Mi 3.3Gi
Is there anything anyone can pinpoint that I should also have a look at?
I am not entirely sure when this broke, but I know that my syslog forwarding mechanism is still working fine on this host, meaning only the 'dashboard' itself is not functioning. This host is still getting data from wazuh agents, and forwarding outbound fine.
Fabian Ruiz
Oct 9, 2025, 3:06:45 PM (21 hours ago) Oct 9
to Wazuh | Mailing List
Hi Szymon,
You have a issue with indexer, we need to obtain the Wazuh Indexer logs to determinate what is happening with this component.
You can use this command to check the indexer logs:
cat /var/log/wazuh-indexer/wazuh-cluster.log | grep -iE "error|warn"
Szymon
Oct 9, 2025, 3:25:40 PM (20 hours ago) Oct 9
to Wazuh | Mailing List
Thanks Fabian,
This is the result:
[2025-05-20T00:00:01,234][WARN ][o.o.c.r.a.AllocationService] [node-1] Falling back to single shard assignment since batch mode disable or multiple custom allocators set
But I do not understand why this would show up suddenly on that day a while back as nothing was changed on our end.
Fabian Ruiz
7:43 AM (4 hours ago) 7:43 AM
to Wazuh | Mailing List
That log doesn't contain any clues about your issue, could you share the complete log?
cat /var/log/wazuh-indexer/wazuh-cluster.log
Reply all
Reply to author
Forward
0 new messages