wazuh-monitoring

[MNB_1101]

Hello

I wanted to know what is the wazuh-monitoring  index  and what it does. Also, how can I get the status of agent periodically and keep a index?

[Jesus Linares]

Hi,

> I wanted to know what is the wazuh-monitoring  index  and what it does.

The wazuh-monitoring index is an index generated by the Wazuh dashboard component. The goal of this index is to store historical information about the status of Wazuh agents. Check out the documentation if you need a custom configuration: https://documentation.wazuh.com/current/user-manual/wazuh-dashboard/config-file.html#monitoring.

> Also, how can I get the status of agent periodically and keep a index?

You don't need it, just use the wazuh-monitoring index. In case you need something with more details, you can always use the Wazuh API to get the data and index it.

I hope it helps.

[MNB_1101]

Thank you for your answer
My wazuh-monitoring is enabled but the wazuh-monitoring index does not created in elasticsearch. my wazuh version is 4.3

[MNB_1101]

Thank you for your answer

My wazuh-monitoring is enabled but the wazuh-monitoring index is empty. wazuh version is 4.3

[Jesus Linares]

Hello,

sorry for the late reply.

First of all, let's review the Wazuh dashboard. Please, go to "Discover" and click on "index pattern". Do you see the "wazuh-monitoring-*" index pattern? If you don't see it, go to "Stack management" > "Index pattern" > "Create index pattern" and type "wazuh-monitoring*". I attached 2 screenshots.

Also, you can query the wazuh-indexer in order to see your indices. Example:

$ curl -k -u admin:admin https://localhost:9200/_cat/indices/wazuh-monitoring*?v
health status index                     uuid                   pri rep docs.count docs.deleted store.size pri.store.size
green  open   wazuh-monitoring-2022.20w FeDFJRm0QFyZHee-57YCDQ   1   0          0            0       208b           208b
green  open   wazuh-monitoring-2022.24w Lq7pnckBTya5iNc4pAorHQ   1   0          3            0     49.7kb         49.7kb
green  open   wazuh-monitoring-2022.23w KmFay7DjQV-yIkJgXgCi1A   1   0          0            0       208b           208b
green  open   wazuh-monitoring-2022.22w un-w30ryS9SG4zmEmcmbSQ   1   0          0            0       208b           208b
green  open   wazuh-monitoring-2022.28w qutuB2RoTRGQGiRQiSsfYQ   1   0          1            0       17kb           17kb
green  open   wazuh-monitoring-2022.27w FOX_BLwSS2ayori8Y_vd3w   1   0          2            0     33.9kb         33.9kb
green  open   wazuh-monitoring-2022.26w QXVhh7z9QSSAyMGE2pwlig   1   0          1            0     16.7kb         16.7kb
green  open   wazuh-monitoring-2022.18w b7vauRKxSOmXIX71jV9RKg   1   0          0            0       208b           208b

If the indices are in the wazuh-indexer, you should be able to see them in the wazuh-dashboard by default or by creating the index pattern. In another case, since you say that the monitoring is enabled, you should review the wazuh-indexer logs in order to see if there is an error.

I hope it helps.

[MNB_1101]

Thank you for your answer but I don't use wazuh dashboard.

I used kibana,

I see the "wazuh-monitoring-*" index pattern and after ran below command I saw just header.

$ curl -k -u admin:admin https://localhost:9200/_cat/indices/wazuh-monitoring*?v
health status index                     uuid                   pri rep docs.count docs.deleted store.size pri.store.size

[Jesus Linares]

Hi,

OK, so as you confirmed the wazuh-monitoring is enabled, you have the index pattern, the index exists but it is empty.

In this case, I think you should check two things:

• The Wazuh plugin in Kibana: has it the Wazuh API configured? The plugin uses the Wazuh API to index the data in the wazuh-monitoring index.
• Is there any error in the Elasticsearch logs?

Thanks.

[MNB_1101]

Hi,

Thanks for answer
 I check kibana logs and understood my kibana_system user could not create wazuh-monitoring because don't have index privileges [create_index,manage,all]"