alert index pattern timeout exceeded
679 views
Skip to first unread message
Vilaysack Vorachack
Jan 19, 2023, 7:41:13 AM1/19/23
to Wazuh mailing list
Hi there,
I have a question about what is happening here during the health check process. I found that my Alerts index pattern has a problem here as the picture shown below
I have a question about what is happening here during the health check process. I found that my Alerts index pattern has a problem here as the picture shown below
Best Regards,
Eduardo Leon Aldazoro
Jan 19, 2023, 2:09:52 PM1/19/23
to Wazuh mailing list
Hi, Thanks for using Wazuh and sorry for the late response!
It looks like the interface is getting a timeout while executing this check: https://github.com/wazuh/wazuh-kibana-app/blob/master/public/components/health-check/services/check-index-pattern/check-template.service.ts#L27.
Probably there is performance/configuration issue in your indexer (wazuh-indexer, elasticsearch or opensearch).
How many fields do you have for the wazuh-alerts index pattern?
Probably there is performance/configuration issue in your indexer (wazuh-indexer, elasticsearch or opensearch).
How many fields do you have for the wazuh-alerts index pattern?
Also, Is this a fresh installation or Wazuh was working properly before this error?
Please tell me. What version of Wazuh are you running?
Please tell me. What version of Wazuh are you running?
I'll wait for your response.
Vilaysack Vorachack
Jan 19, 2023, 9:08:31 PM1/19/23
to Wazuh mailing list
Hi Eduardo,
I'm using the default setting that comes with wazuh docker version and has been running for about 2-3 days since I first deployed. On the first day it deployed, everything works fine, and appeared this issue yesterday.
However, there are some interesting things happening here. Every time I stop the docker-compose and run it again it works fine. In addition, regarding the number of field you requested I'm not pretty sure whether I attach the right one or not here because I'm very new to this technology and if it's not, please let me know.
Best Regards,
Eduardo Leon Aldazoro
Jan 20, 2023, 7:53:09 AM1/20/23
to Wazuh mailing list
Hi there,
Thanks for the response!
I can tell you were able to enter the dashboard.
Did the problem get fixed by itself after the rebuild?
If the problem persists or appears again you can check the index pattern.
In the dashboard, go to Menu > Management > Stack management > Index pattern > wazuh-alerts-*.
How many fields do you have? Do you know if there is any warning?
Hope it helps.
Regards.
Vilaysack Vorachack
Jan 22, 2023, 10:41:28 PM1/22/23
to Wazuh mailing list
Hi eduardo,
The problem get fixed by itself after the rebuild.
The problem get fixed by itself after the rebuild.
there are 440 fields I have and there is no any warnings there.
Best regards,
Eduardo Leon Aldazoro
Jan 23, 2023, 6:35:00 AM1/23/23
to Wazuh mailing list
Hi,
Ok, then the problem getting fixed on rebuild confirms it was a connectivity issue at the moment of the health check on the elastic search indexer, nothing to be concerned about.
Ok, then the problem getting fixed on rebuild confirms it was a connectivity issue at the moment of the health check on the elastic search indexer, nothing to be concerned about.
In case there is an actual issue with the index pattern you will find the warning in the route I mentioned before.
Hope that helps.
Best Regards.
Reply all
Reply to author
Forward
0 new messages