Wazuh not showing alerts on dashboard

[EugenX]

Hello everyone.

I've been using Wazuh for same time and because the logs was growing I was left without space so I've use the "Index lifecycle management" from the manual to set the logs retention policy. But after some time I've discovered that dashboard is not showing any alerts on the dashboard, so I decided to remove the retention policy rule and in a hurry I've deleted maybe by mistake in Reporting, some reports rule.

Can someone help me please solve this issue, I want my dashboard to be populated again.

1. The agents are active and there are events (I receive them in slack)

2. All the services are running fine ( wazuh-manager wazuh-indexer wazuh-dashboard filebeat )

3. sudo journalctl -u open --no-pager | grep -E 'ERROR|WARN - shows no errors

Output from different commands can be found in attached screenshots...

Thank you in advance.

*Using Wazuh OVA 4.14.1

[Javier Medeot]

Hi.

This looks more like Wazuh alerts are being generated but not indexed. You can verify this by:

- Going to  Indexer management > Index management and filtering for the wazuh-alerts-4.x- indices or by

- Running curl -k -u admin:<YOUR_ADMIN_PASSWORD> https://<INDEXER_IP_ADDRESS>:9200/_cat/indices/wazuh-alerts*?v

If it's indexing correctly it should list indices for every day such as wazuh-alerts-4.x-2025.12.05, each with a total docs count other than zero. Look for errors and warnings reported in /var/log/filebeat/filebeat (and /var/log/wazuh-indexer/ logs such as /var/log/wazuh-indexer/wazuh-cluster.log) this could give as a better clue on what could be the cause of this.

Also, check the status of your indexer cluster by running curl -k -u admin:<YOUR_ADMIN_PASSWORD> https://<INDEXER_IP_ADDRESS>:9200/_cluster/health?pretty

and consider tuning the Wazuh indexer.

Let me know what you find.