No matching indices were found for [wazuh-states-inventory-system-*] index pattern.
207 views
Skip to first unread message
Riccardo Olivetto
Oct 24, 2025, 7:22:09 AMOct 24
to Wazuh | Mailing List
Hi, i'm using a CSS enviroment and after upgrading to 4.13 i am not able to see IT Hygiene.
I check and the indexes *:wazuh-states-inventory-system-* are seen by the Dashboard Node.
I check and the indexes *:wazuh-states-inventory-system-* are seen by the Dashboard Node.
The problem is that Dashboard checks for wazuh-states-inventory-system-* instead of *:wazuh-states-inventory-system-*.
Can you help me?
Can you help me?
Message has been deleted
Ayooluwa Paul Akindeko
Oct 24, 2025, 1:23:25 PMOct 24
to Wazuh | Mailing List
Hi,
The value for the inventory system is a constant in wazuh {WAZUH_IT_HYGIENE_SYSTEM_PATTERN = 'wazuh-states-inventory-system-*'}, which is why it checks for that index by default.
Can you confirm, is the * prefix the remote cluster and what is the actual name of the remote env
To troubleshoot, using the wazuh indexer API from the wazuh dashboard, gather these necessary information:
1. Get the remote registered remote cluster information and confirm the naming, use the URL here
The value for the inventory system is a constant in wazuh {WAZUH_IT_HYGIENE_SYSTEM_PATTERN = 'wazuh-states-inventory-system-*'}, which is why it checks for that index by default.
Can you confirm, is the * prefix the remote cluster and what is the actual name of the remote env
To troubleshoot, using the wazuh indexer API from the wazuh dashboard, gather these necessary information:
1. Get the remote registered remote cluster information and confirm the naming, use the URL here
GET /_remote/info
GET /_cat/indices
3. You can also search the remote index to see if anything gets returned.
GET /*:wazuh-states-inventory-system-*/_search
4. Can I you also include information about your previous version of Wazuh and what the setup is: (OS installed or Docker)
GET /*:wazuh-states-inventory-system-*/_search
4. Can I you also include information about your previous version of Wazuh and what the setup is: (OS installed or Docker)
Riccardo Olivetto
Oct 27, 2025, 9:49:55 AMOct 27
to Wazuh | Mailing List
Hi,
1){
"indexer-alu": {
"connected": true,
"mode": "sniff",
"seeds": [
"alu.proxy:9300"
],
"num_nodes_connected": 1,
"max_connections_per_cluster": 3,
"initial_connect_timeout": "30s",
"skip_unavailable": true
},
"indexer-adr": {
"connected": true,
"mode": "sniff",
"seeds": [
"adr.proxy:9300"
],
"num_nodes_connected": 1,
"max_connections_per_cluster": 3,
"initial_connect_timeout": "30s",
"skip_unavailable": true
}
"indexer-alu": {
"connected": true,
"mode": "sniff",
"seeds": [
"alu.proxy:9300"
],
"num_nodes_connected": 1,
"max_connections_per_cluster": 3,
"initial_connect_timeout": "30s",
"skip_unavailable": true
},
"indexer-adr": {
"connected": true,
"mode": "sniff",
"seeds": [
"adr.proxy:9300"
],
"num_nodes_connected": 1,
"max_connections_per_cluster": 3,
"initial_connect_timeout": "30s",
"skip_unavailable": true
}
2)green open wazuh-statistics-2025.37w zjUkTZ5ATEq_P8Pblbngjg 1 0 4511 0 1.3mb 1.3mb
green open wazuh-monitoring-2025.28w CovbtWJxQo6b_gwTiY0wtQ 1 0 1703 0 1.2mb 1.2mb
green open wazuh-statistics-2025.27w QpP1dWj9Sxepl3gzMhPl1A 1 0 3745 0 1.3mb 1.3mb
green open .ql-datasources AOZNuZMFQCGsvHYl6wiZuA 1 0 0 0 208b 208b
green open wazuh-statistics-2025.29w aBYSYVxfRyiOqpMDwyjHDA 1 0 13726 0 2.9mb 2.9mb
green open wazuh-statistics-2025.31w ojf5va1dQt6h8rGDLMLaPw 1 0 12420 0 3mb 3mb
green open wazuh-statistics-2025.43w p6y99XkkQt2NNraqgPlyvQ 1 0 7114 0 2.7mb 2.7mb
green open .opendistro-reports-definitions 6wTH0goDQq6XaRg6JuHI4Q 1 0 0 0 208b 208b
green open .opendistro_security BcIWENxnRLeqY8ZQ0TtFOQ 1 0 10 0 79.9kb 79.9kb
green open .opendistro-reports-instances zj8XACYlSiuu5S_VAhb05A 1 0 0 0 208b 208b
green open wazuh-statistics-2025.33w -qHH8o9xTkuvnkRQMd06CA 1 0 15344 0 3.1mb 3.1mb
green open wazuh-statistics-2025.35w OYvj2Qb8RXWDl1bbenNRGQ 1 0 11922 0 3.3mb 3.3mb
green open .opensearch-observability EKOOuRcpTrCbMXauHqR1rw 1 0 0 0 208b 208b
yellow open wazuh-states-inventory- JE2un4T-R8qtChyFpe1qxw 1 1 0 0 208b 208b
green open wazuh-monitoring-2025.43w hbfoBU_tRNy6N4r95L4wFg 1 0 4830 0 1.2mb 1.2mb
green open wazuh-monitoring-2025.31w LKIykLrwRxm9CPEFNllH2g 1 0 1114 0 1002.7kb 1002.7kb
green open wazuh-monitoring-2025.33w yUz-J7ETQM6Lv9sYKggU-g 1 0 1184 0 1mb 1mb
green open wazuh-monitoring-2025.35w xu8DbaVYT_O4AXX0fF3iZw 1 0 3983 0 1mb 1mb
green open wazuh-monitoring-2025.27w FNk4mtvjSwWKzqui-8Yy2A 1 0 640 0 614.7kb 614.7kb
green open wazuh-monitoring-2025.37w 2PlCMn-nRsW7DgkDaJDBfA 1 0 2009 0 774.7kb 774.7kb
green open wazuh-monitoring-2025.29w U0cxoWIUTF6XjI7D6a4KCQ 1 0 2271 0 1mb 1mb
green open wazuh-statistics-2025.38w hAmJYMKnRjWA12OLjYHQlQ 1 0 1374 0 967.8kb 967.8kb
green open wazuh-statistics-2025.28w EzdQnuelQHyPuV8y7TJbwg 1 0 8766 0 2mb 2mb
green open wazuh-statistics-2025.40w ENAJepc1S5KsG-bKoj9ctA 1 0 40 0 74.4kb 74.4kb
green open wazuh-statistics-2025.30w lwjS2xJDTQaQOOLXsqcREw 1 0 7433 0 1.8mb 1.8mb
green open wazuh-statistics-2025.42w PmWt2K4bRvG2PXzlZTB4ow 1 0 6578 0 1.9mb 1.9mb
green open wazuh-statistics-2025.32w m9rhHFBPQuabnLT5Uq4pSw 1 0 14290 0 3.1mb 3.1mb
green open wazuh-statistics-2025.44w IlvSrvV_TIaAzL6kPYo5vg 1 0 636 0 672.1kb 672.1kb
green open .kibana_1 CDgQw2cyStyDCDL42Rq8Sw 1 0 19 0 108.1kb 108.1kb
green open wazuh-statistics-2025.34w rWsodXxpRCS4nJgSXtwLUg 1 0 15684 0 3.5mb 3.5mb
green open .plugins-ml-config NYomulhwQV2oXRGnXR2apg 1 0 1 0 4kb 4kb
green open wazuh-monitoring-2025.30w dQN9Z7OxSKeAp2k10zP0vA 1 0 1209 0 1mb 1mb
green open wazuh-monitoring-2025.40w F1_Dfv-STHWkXOMVWll1XQ 1 0 26 0 87.6kb 87.6kb
green open wazuh-monitoring-2025.32w P_ncmzkIRGC44WKCNDX1fw 1 0 1173 0 1001.5kb 1001.5kb
green open wazuh-monitoring-2025.42w fkei0rZ2TmK_eN_81JeIOw 1 0 4393 0 1mb 1mb
green open wazuh-monitoring-2025.34w 8avfaFmvSZa-t2-MWKYt7w 1 0 3316 0 1.3mb 1.3mb
green open wazuh-monitoring-2025.44w x8s-9Ck8Q-Ot94l5i9RWFw 1 0 432 0 383.7kb 383.7kb
green open wazuh-monitoring-2025.38w rlXuRe6eTlSC2C0yNmjTQw 1 0 417 0 422.6kb 422.6kb
green open wazuh-monitoring-2025.28w CovbtWJxQo6b_gwTiY0wtQ 1 0 1703 0 1.2mb 1.2mb
green open wazuh-statistics-2025.27w QpP1dWj9Sxepl3gzMhPl1A 1 0 3745 0 1.3mb 1.3mb
green open .ql-datasources AOZNuZMFQCGsvHYl6wiZuA 1 0 0 0 208b 208b
green open wazuh-statistics-2025.29w aBYSYVxfRyiOqpMDwyjHDA 1 0 13726 0 2.9mb 2.9mb
green open wazuh-statistics-2025.31w ojf5va1dQt6h8rGDLMLaPw 1 0 12420 0 3mb 3mb
green open wazuh-statistics-2025.43w p6y99XkkQt2NNraqgPlyvQ 1 0 7114 0 2.7mb 2.7mb
green open .opendistro-reports-definitions 6wTH0goDQq6XaRg6JuHI4Q 1 0 0 0 208b 208b
green open .opendistro_security BcIWENxnRLeqY8ZQ0TtFOQ 1 0 10 0 79.9kb 79.9kb
green open .opendistro-reports-instances zj8XACYlSiuu5S_VAhb05A 1 0 0 0 208b 208b
green open wazuh-statistics-2025.33w -qHH8o9xTkuvnkRQMd06CA 1 0 15344 0 3.1mb 3.1mb
green open wazuh-statistics-2025.35w OYvj2Qb8RXWDl1bbenNRGQ 1 0 11922 0 3.3mb 3.3mb
green open .opensearch-observability EKOOuRcpTrCbMXauHqR1rw 1 0 0 0 208b 208b
yellow open wazuh-states-inventory- JE2un4T-R8qtChyFpe1qxw 1 1 0 0 208b 208b
green open wazuh-monitoring-2025.43w hbfoBU_tRNy6N4r95L4wFg 1 0 4830 0 1.2mb 1.2mb
green open wazuh-monitoring-2025.31w LKIykLrwRxm9CPEFNllH2g 1 0 1114 0 1002.7kb 1002.7kb
green open wazuh-monitoring-2025.33w yUz-J7ETQM6Lv9sYKggU-g 1 0 1184 0 1mb 1mb
green open wazuh-monitoring-2025.35w xu8DbaVYT_O4AXX0fF3iZw 1 0 3983 0 1mb 1mb
green open wazuh-monitoring-2025.27w FNk4mtvjSwWKzqui-8Yy2A 1 0 640 0 614.7kb 614.7kb
green open wazuh-monitoring-2025.37w 2PlCMn-nRsW7DgkDaJDBfA 1 0 2009 0 774.7kb 774.7kb
green open wazuh-monitoring-2025.29w U0cxoWIUTF6XjI7D6a4KCQ 1 0 2271 0 1mb 1mb
green open wazuh-statistics-2025.38w hAmJYMKnRjWA12OLjYHQlQ 1 0 1374 0 967.8kb 967.8kb
green open wazuh-statistics-2025.28w EzdQnuelQHyPuV8y7TJbwg 1 0 8766 0 2mb 2mb
green open wazuh-statistics-2025.40w ENAJepc1S5KsG-bKoj9ctA 1 0 40 0 74.4kb 74.4kb
green open wazuh-statistics-2025.30w lwjS2xJDTQaQOOLXsqcREw 1 0 7433 0 1.8mb 1.8mb
green open wazuh-statistics-2025.42w PmWt2K4bRvG2PXzlZTB4ow 1 0 6578 0 1.9mb 1.9mb
green open wazuh-statistics-2025.32w m9rhHFBPQuabnLT5Uq4pSw 1 0 14290 0 3.1mb 3.1mb
green open wazuh-statistics-2025.44w IlvSrvV_TIaAzL6kPYo5vg 1 0 636 0 672.1kb 672.1kb
green open .kibana_1 CDgQw2cyStyDCDL42Rq8Sw 1 0 19 0 108.1kb 108.1kb
green open wazuh-statistics-2025.34w rWsodXxpRCS4nJgSXtwLUg 1 0 15684 0 3.5mb 3.5mb
green open .plugins-ml-config NYomulhwQV2oXRGnXR2apg 1 0 1 0 4kb 4kb
green open wazuh-monitoring-2025.30w dQN9Z7OxSKeAp2k10zP0vA 1 0 1209 0 1mb 1mb
green open wazuh-monitoring-2025.40w F1_Dfv-STHWkXOMVWll1XQ 1 0 26 0 87.6kb 87.6kb
green open wazuh-monitoring-2025.32w P_ncmzkIRGC44WKCNDX1fw 1 0 1173 0 1001.5kb 1001.5kb
green open wazuh-monitoring-2025.42w fkei0rZ2TmK_eN_81JeIOw 1 0 4393 0 1mb 1mb
green open wazuh-monitoring-2025.34w 8avfaFmvSZa-t2-MWKYt7w 1 0 3316 0 1.3mb 1.3mb
green open wazuh-monitoring-2025.44w x8s-9Ck8Q-Ot94l5i9RWFw 1 0 432 0 383.7kb 383.7kb
green open wazuh-monitoring-2025.38w rlXuRe6eTlSC2C0yNmjTQw 1 0 417 0 422.6kb 422.6kb
3)
{
"took": 43,
"timed_out": false,
"num_reduce_phases": 3,
"_shards": {
"total": 1,
"successful": 1,
"skipped": 0,
"failed": 0
},
"_clusters": {
"total": 2,
"successful": 2,
"skipped": 0
},
"hits": {
"total": {
"value": 2,
"relation": "eq"
},
"max_score": 1,
"hits": [
{
"_index": "indexer-alu:wazuh-states-inventory-system-smi-monitor",
"_id": "000_Ubuntu",
"_score": 1,
"_source": {
"agent": {
"host": {
"ip": "127.0.0.1"
},
"id": "000",
"name": "localhost",
"version": "v4.13.1"
},
"host": {
"architecture": "x86_64",
"hostname": "smi-monitor",
"os": {
"codename": "noble",
"kernel": {
"name": "Linux",
"release": "6.8.0-60-generic",
"version": "#63-Ubuntu SMP PREEMPT_DYNAMIC Tue Apr 15 19:04:15 UTC 2025"
},
"name": "Ubuntu",
"platform": "ubuntu",
"version": "24.04.2 LTS (Noble Numbat)"
}
},
"wazuh": {
"cluster": {
"name": "smi-monitor"
},
"schema": {
"version": "1.0"
}
}
}
},
{
"_index": "indexer-alu:wazuh-states-inventory-system-smi-monitor",
"_id": "002_Microsoft Windows Server 2019 Standard",
"_score": 1,
"_source": {
"agent": {
"id": "002",
"name": "jspider",
"version": "v4.13.1"
},
"host": {
"architecture": "x86_64",
"hostname": "JSPIDER",
"os": {
"name": "Microsoft Windows Server 2019 Standard",
"platform": "windows",
"version": "10.0.17763.7919"
}
},
"wazuh": {
"cluster": {
"name": "smi-monitor"
},
"schema": {
"version": "1.0"
}
}
}
}
]
}
}
"took": 43,
"timed_out": false,
"num_reduce_phases": 3,
"_shards": {
"total": 1,
"successful": 1,
"skipped": 0,
"failed": 0
},
"_clusters": {
"total": 2,
"successful": 2,
"skipped": 0
},
"hits": {
"total": {
"value": 2,
"relation": "eq"
},
"max_score": 1,
"hits": [
{
"_index": "indexer-alu:wazuh-states-inventory-system-smi-monitor",
"_id": "000_Ubuntu",
"_score": 1,
"_source": {
"agent": {
"host": {
"ip": "127.0.0.1"
},
"id": "000",
"name": "localhost",
"version": "v4.13.1"
},
"host": {
"architecture": "x86_64",
"hostname": "smi-monitor",
"os": {
"codename": "noble",
"kernel": {
"name": "Linux",
"release": "6.8.0-60-generic",
"version": "#63-Ubuntu SMP PREEMPT_DYNAMIC Tue Apr 15 19:04:15 UTC 2025"
},
"name": "Ubuntu",
"platform": "ubuntu",
"version": "24.04.2 LTS (Noble Numbat)"
}
},
"wazuh": {
"cluster": {
"name": "smi-monitor"
},
"schema": {
"version": "1.0"
}
}
}
},
{
"_index": "indexer-alu:wazuh-states-inventory-system-smi-monitor",
"_id": "002_Microsoft Windows Server 2019 Standard",
"_score": 1,
"_source": {
"agent": {
"id": "002",
"name": "jspider",
"version": "v4.13.1"
},
"host": {
"architecture": "x86_64",
"hostname": "JSPIDER",
"os": {
"name": "Microsoft Windows Server 2019 Standard",
"platform": "windows",
"version": "10.0.17763.7919"
}
},
"wazuh": {
"cluster": {
"name": "smi-monitor"
},
"schema": {
"version": "1.0"
}
}
}
}
]
}
}
4) CSS environment, os installed. Previous versione 4.12
Ayooluwa Paul Akindeko
Oct 30, 2025, 2:54:34 PMOct 30
to Wazuh | Mailing List
Thanks for the diagnostics. I wasn’t able to reproduce this issue locally, but based on the logs you provided, it appears that you need to create aliases for your two remote indexers.
You can do this by running the following command in Dev Tools:
POST /_aliases
{
"actions": [
{
"add": {
"index": "indexer-alu:wazuh-states-inventory-*",
"alias": "wazuh-states-inventory-system-local"
}
},
{
"add": {
"index": "indexer-adr:wazuh-states-inventory-*",
"alias": "wazuh-states-inventory-system-local"
}
}
]
Steps:
-
Open Dashboard → Dev Tools (under Index Management).
-
Execute the above command to create the aliases.
-
Go to Dashboard Management → Index Patterns and create a new index pattern:
-
Pattern name: wazuh-states-inventory-system-local
-
Time field: timestamp
-
-
Refresh IT Hygiene — your agents should now appear as expected.
Riccardo Olivetto
Oct 31, 2025, 5:23:24 AMOct 31
to Wazuh | Mailing List
Hi,
I tried to do step 1 but this is the response:
{
"error": {
"root_cause": [
{
"type": "index_not_found_exception",
"reason": "no such index [indexer-alu:wazuh-states-inventory-*]",
"index": "indexer-aluveneta:wazuh-states-inventory-*",
"resource.id": "indexer-aluveneta:wazuh-states-inventory-*",
"resource.type": "index_or_alias",
"index_uuid": "_na_"
}
],
"type": "index_not_found_exception",
"reason": "no such index [indexer-aluveneta:wazuh-states-inventory-*]",
"index": "indexer-aluveneta:wazuh-states-inventory-*",
"resource.id": "indexer-aluveneta:wazuh-states-inventory-*",
"resource.type": "index_or_alias",
"index_uuid": "_na_"
},
"status": 404
}
"error": {
"root_cause": [
{
"type": "index_not_found_exception",
"reason": "no such index [indexer-alu:wazuh-states-inventory-*]",
"index": "indexer-aluveneta:wazuh-states-inventory-*",
"resource.id": "indexer-aluveneta:wazuh-states-inventory-*",
"resource.type": "index_or_alias",
"index_uuid": "_na_"
}
],
"type": "index_not_found_exception",
"reason": "no such index [indexer-aluveneta:wazuh-states-inventory-*]",
"index": "indexer-aluveneta:wazuh-states-inventory-*",
"resource.id": "indexer-aluveneta:wazuh-states-inventory-*",
"resource.type": "index_or_alias",
"index_uuid": "_na_"
},
"status": 404
}
Ayooluwa Paul Akindeko
Nov 5, 2025, 4:56:21 AMNov 5
to Wazuh | Mailing List
Hi Riccardo, On going through the output you sent to me again, I've identified:
You can also clean up the corrupt index:
- Cross-cluster setup is healthy for indexer-alu and indexer-adr.
- Inventory data is available on the remote cluster (indexer-alu:wazuh-states-inventory-system-smi-monitor).
The _search response with _clusters.total = 2 simply confirms both clusters responded; it doesn’t guarantee both hold data.
- Local index wazuh-states-inventory- is empty and in yellow status (this indicate that it is a partially created index with missing replicas).
A good option for you will be
Reindex or replicate data locally- Use the Reindex API from remote to local to populate a wazuh-states-inventory-system-* index without the cluster prefix.
- Sample payload below, (please make changes to suit your scenario). Documentation: ReIndex API (run from the local cluster):
POST /_reindex
{
"source": {
"remote": {
"host": "https://alu.proxy:9200",
"username": "...",
"password": "...",
"socket_timeout": "1m",
"connect_timeout": "30s"
},
"index": "wazuh-states-inventory-system-smi-monitor"
},
"dest": {
"index": "wazuh-states-inventory-system-replicated"
}
}
You can also clean up the corrupt index:
- DELETE /wazuh-states-inventory-
- This removes the incomplete/corrupt index.
- To verify that it works, Run
- GET /_cat/indices/indexer-adr:wazuh-states-inventory-system*?v
to confirm whether the indexer-adr cluster has any inventory indices. If it does, they must be handled separately.
Riccardo Olivetto
Nov 11, 2025, 11:30:31 AMNov 11
to Wazuh | Mailing List
Hi,
now I see "No results match your search criteria. There are not Filters
Riccardo Olivetto
Nov 14, 2025, 9:59:36 AMNov 14
to Wazuh | Mailing List
Goodmorning,
any news?
Ayooluwa Paul Akindeko
Nov 18, 2025, 2:55:20 AMNov 18
to Wazuh | Mailing List
Thanks for sharing the screenshot, but I also want to confirm that the faulty index (the one indicated by yellow in your earlier log) is working as it should now, we want to be sure your cluster works as it should.
Can you please share your logs again. Both the /var/ossec/logs/ossec.log and the /var/log/wazuh-indexer/wazuh-cluster.log logs.
Also from your dashboard, I can see that you might have some wrong inputs.
- First is the index pattern, since you are querying for IT hygiene, then you should continue to query the wazuh-states-inventory-system-* pattern, or better still, query the wazuh-states-* pattern for a broader scope.
- I'll also advise that you clear the filter box to see if you get any report returned.
As I asked earlier, can you run this indexer api request, and share result with me.
GET /_cat/indices/wazuh-states-inventory-*?v.
Also from your dashboard, I can see that you might have some wrong inputs.
- First is the index pattern, since you are querying for IT hygiene, then you should continue to query the wazuh-states-inventory-system-* pattern, or better still, query the wazuh-states-* pattern for a broader scope.
- I'll also advise that you clear the filter box to see if you get any report returned.
As I asked earlier, can you run this indexer api request, and share result with me.
GET /_cat/indices/wazuh-states-inventory-*?v.
Riccardo Olivetto
Nov 18, 2025, 8:48:28 AMNov 18
to Wazuh | Mailing List
Goodmorning,
logs of one node are attached('im in a css enviroment as the guide https://wazuh.com/blog/managing-multiple-wazuh-clusters-with-cross-cluster-search/).
How can i modify the index pattern in order to query wazuh-states-*?
How can i modify the index pattern in order to query wazuh-states-*?
The result of GET /_cat/indices/wazuh-states-inventory-*?v is:
health status index uuid pri rep docs.count docs.deleted store.size pri.store.size
Riccardo Olivetto
Nov 19, 2025, 7:57:21 AMNov 19
to Wazuh | Mailing List
I think the problem is caused to Dashboard management > App Settings > Vulnerabilities not present in wazuh 4.14 anymore so the dashboard doesn't search remote indexes of wazuh-states-vulnerabilities-*.
Can you help me?
Can you help me?
Ayooluwa Paul Akindeko
Nov 19, 2025, 5:29:17 PMNov 19
to Wazuh | Mailing List
Hi Riccardo,
I've reviewed your logs and your cluster is healthy (Green status).The empty result from GET /_cat/indices/wazuh-states-inventory-*?v is expected because that command checks only the local cluster. Your data is on the remote clusters.
Verify your data exists, Run the command with the *: prefix which searches all clusters:
GET /_cat/indices/*:wazuh-states-inventory-*?v.
Please share a screenshot of the result after.
You suspicion is very likely since the dashboard defaults to searching wazuh-states-inventory, but in order to query the remote cluster, it should include the * prefix. Your result from the GET request above will determine the next step of creating the index patter on the dashboard
I've reviewed your logs and your cluster is healthy (Green status).The empty result from GET /_cat/indices/wazuh-states-inventory-*?v is expected because that command checks only the local cluster. Your data is on the remote clusters.
Verify your data exists, Run the command with the *: prefix which searches all clusters:
GET /_cat/indices/*:wazuh-states-inventory-*?v.
Please share a screenshot of the result after.
You suspicion is very likely since the dashboard defaults to searching wazuh-states-inventory, but in order to query the remote cluster, it should include the * prefix. Your result from the GET request above will determine the next step of creating the index patter on the dashboard
Riccardo Olivetto
Nov 24, 2025, 12:05:57 PM (13 days ago) Nov 24
to Wazuh | Mailing List
Hi,
any news??
Ayooluwa Paul Akindeko
Nov 27, 2025, 6:28:01 AM (10 days ago) Nov 27
to Wazuh | Mailing List
Hello Riccardo,
The indexer team has suggested that you create an index pattern in the CCS Wazuh dashboard with title *:wazuh-states-inventory-system-* or anything that matches the indices of the "child" clusters
To do this, follow the steps documented here https://documentation.wazuh.com/current/user-manual/wazuh-indexer/wazuh-indexer-indices.html#checking-indices-information
1. Fix System Inventory
title: *:wazuh-states-inventory-system-*,
time field name: "timestamp"
**2. Fix Vulnerabilities**
title: *:wazuh-states-vulnerabilities-*,
time field name: "timestamp"
3. Verify
After running these commands:
1. Go to Stack Management > Index Patterns in the Dashboard.
2. You should see patterns named *:wazuh-states-inventory-system-* and *:wazuh-states-vulnerabilities-*.
3. Go to the IT Hygiene/Vulnerabilities dashboard. The data from your remote clusters should now be visible.
The indexer team has suggested that you create an index pattern in the CCS Wazuh dashboard with title *:wazuh-states-inventory-system-* or anything that matches the indices of the "child" clusters
To do this, follow the steps documented here https://documentation.wazuh.com/current/user-manual/wazuh-indexer/wazuh-indexer-indices.html#checking-indices-information
1. Fix System Inventory
title: *:wazuh-states-inventory-system-*,
time field name: "timestamp"
**2. Fix Vulnerabilities**
title: *:wazuh-states-vulnerabilities-*,
time field name: "timestamp"
3. Verify
After running these commands:
1. Go to Stack Management > Index Patterns in the Dashboard.
2. You should see patterns named *:wazuh-states-inventory-system-* and *:wazuh-states-vulnerabilities-*.
3. Go to the IT Hygiene/Vulnerabilities dashboard. The data from your remote clusters should now be visible.
Reply all
Reply to author
Forward
0 new messages