Remove (cluster.name: wazuh) default filter on wazuh dashboard

[Unknown]

Hello Team,

It it possible to delete the default filter (cluster.name: wazuh) from wazuh-dashboard?

Thanks

[Unknown]

As I made it hidden in my wazuh-manager, so in my logs this key cluster doesn't exists due to which I am unable to see any logs on wazuh dashboard because of this default filter (cluster.name: wazuh)

[Maximiliano Ibarra]

Hello.
I understand, at this moment it's impossible to remove this default filter. The wazuh plugin uses it to filter the different modules events.
Logically, this should not affect the visibility of the events. But you can try to see the events uses the opensearch discover and check if it's a filter problem.

On the opensearch discover, the cluster.node is not applied. Check if you see events and apply the cluster node filter to check if it is the problem.

[Unknown]

Hello,

Thanks for the quick response.

Yeah, I can see the data in discover option as there is no default filter.

You can help me to remove this filter from wazuh-dashboard code base if it is not possible via UI/ Configuration Changes.

Regards

[Unknown]

Hello Team,

Waiting for the response.

Thanks.

[Maximiliano Ibarra]

Hi. Sorry, but the changes you want to make may bring many unexpected behaviors in Wazuh dashboard modules and features.

Can I ask you if you have modified the cluster configuration to a single node or changed the name of the manager/cluster?

Because it can cause problems in the events filtering.