No matching indices found: No indices match pattern "wazuh-alerts-*"
851 views
Skip to first unread message
Steve Scotter
Oct 4, 2022, 2:58:51 PM10/4/22
to Wazuh mailing list
Hi,
I'm trying to deploy a completely fresh instance of Wazuh on a completely
fresh Debian 11 installation and running into the error No matching indices found: No indices match pattern "wazuh-alerts-*" upon first logon.
I am following the all-in-one deployment guide for v4.3 (https://documentation.wazuh.com/current/deployment-options/elastic-stack/all-in-one-deployment/index.html) but have also tried the older guide for 4.2 (https://documentation.wazuh.com/4.2/installation-guide/more-installation-alternatives/elastic-stack/all-in-one-deployment/all-in-one.html) but experiencing exactly the same result.
I am NOT overall familiar with Wazuh or Elasticsearch but I can follow a guide. I've tried multiple times with fresh VMs and double checking i'm not missing any steps but every time I run into the same issue.
Below is the output from a command I found on one of the many pages I landed on today trying to troubleshoot the issue. This is for 4.2, but the output for a 4.3 attempt is similar but with an additional index...wazuh-archive-2022.40w IF I recall correctly.
An index starting wazuh-alerts- is missing in all cases
curl -k https://localhost:9200/_cat/indices? -u elastic:XXXXXXX
green open .geoip_databases mMdqEFcER2KvAtTqqpDMDQ 1 0 40 0 38.3mb 38.3mb
green open .security-7 Xz7MF7c-SJSL7ADT-znbzg 1 0 57 0 245.6kb 245.6kb
green open wazuh-monitoring-2022.40w flWXcr_fTAql3WdT2IStFw 1 0 0 0 208b 208b
green open .apm-custom-link ZFYFtz9xSRCkkAAbqMAIAQ 1 0 0 0 208b 208b
green open wazuh-statistics-2022.40w xMvSVS6ZSxOk6dE7TfE6zQ 2 0 6 0 75.3kb 75.3kb
green open .fleet-enrollment-api-keys-7 SjoFcG-6Sq2YjV0eszldnw 1 0 2 0 6.6kb 6.6kb
green open .apm-agent-configuration om2q4TE4Q_a_85ka3aC-kQ 1 0 0 0 208b 208b
green open .kibana_task_manager_7.14.2_001 7jolkCwsQmiZ635I1hg8IA 1 0 15 864 164kb 164kb
green open .kibana_7.14.2_001 1nM2iMnYS020sVgKPaBhow 1 0 1345 0 9.1mb 9.1mb
green open .fleet-policies-7 PLRm_nyFRGm91sre08tKPQ 1 0 2 0 8.7kb 8.7kb
green open .kibana-event-log-7.14.2-000001 IMzBhRHWRhGtghK5PGXbeg 1 0 1 0 5.6kb 5.6kb
green open .security-7 Xz7MF7c-SJSL7ADT-znbzg 1 0 57 0 245.6kb 245.6kb
green open wazuh-monitoring-2022.40w flWXcr_fTAql3WdT2IStFw 1 0 0 0 208b 208b
green open .apm-custom-link ZFYFtz9xSRCkkAAbqMAIAQ 1 0 0 0 208b 208b
green open wazuh-statistics-2022.40w xMvSVS6ZSxOk6dE7TfE6zQ 2 0 6 0 75.3kb 75.3kb
green open .fleet-enrollment-api-keys-7 SjoFcG-6Sq2YjV0eszldnw 1 0 2 0 6.6kb 6.6kb
green open .apm-agent-configuration om2q4TE4Q_a_85ka3aC-kQ 1 0 0 0 208b 208b
green open .kibana_task_manager_7.14.2_001 7jolkCwsQmiZ635I1hg8IA 1 0 15 864 164kb 164kb
green open .kibana_7.14.2_001 1nM2iMnYS020sVgKPaBhow 1 0 1345 0 9.1mb 9.1mb
green open .fleet-policies-7 PLRm_nyFRGm91sre08tKPQ 1 0 2 0 8.7kb 8.7kb
green open .kibana-event-log-7.14.2-000001 IMzBhRHWRhGtghK5PGXbeg 1 0 1 0 5.6kb 5.6kb
I've burnt two days on this already. I'm at by wits end. If anyone can offer any assistance I'll be eternally grateful!
Cheers
Steve
Tomas Benitez Vescio
Oct 4, 2022, 3:53:28 PM10/4/22
to Wazuh mailing list
Hi,
Thanks for using Wazuh!
I'm sorry for the inconvenience. A possible cause of the error could be that Filebeat is not functioning correctly thus Elasticsearch is not receiving data. You could try checking the status of the Filebeat process, check if there are any error logs and re-check the configuration file for the service. You can do all these things with the following commands:
- systemctl status filebeat
- cat /var/log/filebeat/filebeat | grep -i -E "error|warn"
- cat /etc/filebeat/filebeat.yml
You may want to share the results of the above commands here so we can also check if there is something wrong. I wait for your answer.
In the meantime, you could also try running Wazuh using docker, you can find how to do this here.
Regards.
Steve Scotter
Oct 4, 2022, 4:07:27 PM10/4/22
to Wazuh mailing list
Hi Tomas,
Thanks for taking the time to reply. Please find below the output from the commands requested. I don't see anything of particular interest which leads me towards the root cause of the problem.
In regards to the docker installation technique, I've looked at that and it does deploy without the the wazuh-index missing error, but I have SSL and proxy based challenges which make that technique less appealing than the all-in-one method.
---
# systemctl status filebeat
● filebeat.service - Filebeat sends log files to Logstash or directly to Elasticsearch.
Loaded: loaded (/lib/systemd/system/filebeat.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2022-10-04 19:18:46 BST; 1h 39min ago
Docs: https://www.elastic.co/beats/filebeat
Main PID: 43550 (filebeat)
Tasks: 7 (limit: 4677)
Memory: 20.4M
CPU: 3.887s
CGroup: /system.slice/filebeat.service
└─43550 /usr/share/filebeat/bin/filebeat --environment systemd -c /etc/filebeat/filebeat.yml --path.home /usr/share/filebeat --path.config /etc/filebeat --path.data /var/lib/filebeat --path.logs /var/log/filebeat
Oct 04 20:53:16 prowler filebeat[43550]: 2022-10-04T20:53:16.158+0100 INFO [monitoring] log/log.go:145 Non-zero metrics in the last 30s {"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":1350,"time":{"ms":3}},"total":{"ticks":3700,"time":{"ms":11},"value":3700},"user":{"ticks":2350,"time":{"ms":8}}},"handles":{"limit":{"hard":524288,"soft":1024},"open":10},"info":{"ephemeral_id":"f68a9d73-b8c9-40b2-a2e7-94b8b9ebe250","uptime":{"ms":5670077},"version":"7.14.2"},"memstats":{"gc_next":18605328,"m>
Oct 04 20:53:46 prowler filebeat[43550]: 2022-10-04T20:53:46.284+0100 INFO [monitoring] log/log.go:145 Non-zero metrics in the last 30s {"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":1350,"time":{"ms":7}},"total":{"ticks":3720,"time":{"ms":27},"value":3720},"user":{"ticks":2370,"time":{"ms":20}}},"handles":{"limit":{"hard":524288,"soft":1024},"open":10},"info":{"ephemeral_id":"f68a9d73-b8c9-40b2-a2e7-94b8b9ebe250","uptime":{"ms":5700079},"version":"7.14.2"},"memstats":{"gc_next":18601472,">
Oct 04 20:54:16 prowler filebeat[43550]: 2022-10-04T20:54:16.164+0100 INFO [monitoring] log/log.go:145 Non-zero metrics in the last 30s {"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":1360,"time":{"ms":3}},"total":{"ticks":3740,"time":{"ms":9},"value":3740},"user":{"ticks":2380,"time":{"ms":6}}},"handles":{"limit":{"hard":524288,"soft":1024},"open":10},"info":{"ephemeral_id":"f68a9d73-b8c9-40b2-a2e7-94b8b9ebe250","uptime":{"ms":5730077},"version":"7.14.2"},"memstats":{"gc_next":18601472,"me>
Oct 04 20:54:46 prowler filebeat[43550]: 2022-10-04T20:54:46.226+0100 INFO [monitoring] log/log.go:145 Non-zero metrics in the last 30s {"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":1360},"total":{"ticks":3750,"time":{"ms":15},"value":3750},"user":{"ticks":2390,"time":{"ms":15}}},"handles":{"limit":{"hard":524288,"soft":1024},"open":10},"info":{"ephemeral_id":"f68a9d73-b8c9-40b2-a2e7-94b8b9ebe250","uptime":{"ms":5760080},"version":"7.14.2"},"memstats":{"gc_next":18601472,"memory_alloc":10>
Oct 04 20:55:16 prowler filebeat[43550]: 2022-10-04T20:55:16.230+0100 INFO [monitoring] log/log.go:145 Non-zero metrics in the last 30s {"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":1360,"time":{"ms":6}},"total":{"ticks":3760,"time":{"ms":11},"value":3760},"user":{"ticks":2400,"time":{"ms":5}}},"handles":{"limit":{"hard":524288,"soft":1024},"open":10},"info":{"ephemeral_id":"f68a9d73-b8c9-40b2-a2e7-94b8b9ebe250","uptime":{"ms":5790150},"version":"7.14.2"},"memstats":{"gc_next":18601472,"m>
Oct 04 20:55:46 prowler filebeat[43550]: 2022-10-04T20:55:46.216+0100 INFO [monitoring] log/log.go:145 Non-zero metrics in the last 30s {"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":1380,"time":{"ms":17}},"total":{"ticks":3800,"time":{"ms":36},"value":3800},"user":{"ticks":2420,"time":{"ms":19}}},"handles":{"limit":{"hard":524288,"soft":1024},"open":10},"info":{"ephemeral_id":"f68a9d73-b8c9-40b2-a2e7-94b8b9ebe250","uptime":{"ms":5820077},"version":"7.14.2"},"memstats":{"gc_next":18605296,>
Oct 04 20:56:16 prowler filebeat[43550]: 2022-10-04T20:56:16.194+0100 INFO [monitoring] log/log.go:145 Non-zero metrics in the last 30s {"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":1390,"time":{"ms":8}},"total":{"ticks":3810,"time":{"ms":14},"value":3810},"user":{"ticks":2420,"time":{"ms":6}}},"handles":{"limit":{"hard":524288,"soft":1024},"open":10},"info":{"ephemeral_id":"f68a9d73-b8c9-40b2-a2e7-94b8b9ebe250","uptime":{"ms":5850077},"version":"7.14.2"},"memstats":{"gc_next":18605296,"m>
Oct 04 20:56:46 prowler filebeat[43550]: 2022-10-04T20:56:46.165+0100 INFO [monitoring] log/log.go:145 Non-zero metrics in the last 30s {"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":1390,"time":{"ms":3}},"total":{"ticks":3820,"time":{"ms":15},"value":3820},"user":{"ticks":2430,"time":{"ms":12}}},"handles":{"limit":{"hard":524288,"soft":1024},"open":10},"info":{"ephemeral_id":"f68a9d73-b8c9-40b2-a2e7-94b8b9ebe250","uptime":{"ms":5880082},"version":"7.14.2"},"memstats":{"gc_next":18605296,">
Oct 04 20:57:16 prowler filebeat[43550]: 2022-10-04T20:57:16.177+0100 INFO [monitoring] log/log.go:145 Non-zero metrics in the last 30s {"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":1390,"time":{"ms":3}},"total":{"ticks":3830,"time":{"ms":9},"value":3830},"user":{"ticks":2440,"time":{"ms":6}}},"handles":{"limit":{"hard":524288,"soft":1024},"open":10},"info":{"ephemeral_id":"f68a9d73-b8c9-40b2-a2e7-94b8b9ebe250","uptime":{"ms":5910096},"version":"7.14.2"},"memstats":{"gc_next":18605296,"me>
Oct 04 20:57:46 prowler filebeat[43550]: 2022-10-04T20:57:46.247+0100 INFO [monitoring] log/log.go:145 Non-zero metrics in the last 30s {"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":1410,"time":{"ms":14}},"total":{"ticks":3880,"time":{"ms":38},"value":3880},"user":{"ticks":2470,"time":{"ms":24}}},"handles":{"limit":{"hard":524288,"soft":1024},"open":10},"info":{"ephemeral_id":"f68a9d73-b8c9-40b2-a2e7-94b8b9ebe250","uptime":{"ms":5940086},"version":"7.14.2"},"memstats":{"gc_next":18586704,>
● filebeat.service - Filebeat sends log files to Logstash or directly to Elasticsearch.
Loaded: loaded (/lib/systemd/system/filebeat.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2022-10-04 19:18:46 BST; 1h 39min ago
Docs: https://www.elastic.co/beats/filebeat
Main PID: 43550 (filebeat)
Tasks: 7 (limit: 4677)
Memory: 20.4M
CPU: 3.887s
CGroup: /system.slice/filebeat.service
└─43550 /usr/share/filebeat/bin/filebeat --environment systemd -c /etc/filebeat/filebeat.yml --path.home /usr/share/filebeat --path.config /etc/filebeat --path.data /var/lib/filebeat --path.logs /var/log/filebeat
Oct 04 20:53:16 prowler filebeat[43550]: 2022-10-04T20:53:16.158+0100 INFO [monitoring] log/log.go:145 Non-zero metrics in the last 30s {"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":1350,"time":{"ms":3}},"total":{"ticks":3700,"time":{"ms":11},"value":3700},"user":{"ticks":2350,"time":{"ms":8}}},"handles":{"limit":{"hard":524288,"soft":1024},"open":10},"info":{"ephemeral_id":"f68a9d73-b8c9-40b2-a2e7-94b8b9ebe250","uptime":{"ms":5670077},"version":"7.14.2"},"memstats":{"gc_next":18605328,"m>
Oct 04 20:53:46 prowler filebeat[43550]: 2022-10-04T20:53:46.284+0100 INFO [monitoring] log/log.go:145 Non-zero metrics in the last 30s {"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":1350,"time":{"ms":7}},"total":{"ticks":3720,"time":{"ms":27},"value":3720},"user":{"ticks":2370,"time":{"ms":20}}},"handles":{"limit":{"hard":524288,"soft":1024},"open":10},"info":{"ephemeral_id":"f68a9d73-b8c9-40b2-a2e7-94b8b9ebe250","uptime":{"ms":5700079},"version":"7.14.2"},"memstats":{"gc_next":18601472,">
Oct 04 20:54:16 prowler filebeat[43550]: 2022-10-04T20:54:16.164+0100 INFO [monitoring] log/log.go:145 Non-zero metrics in the last 30s {"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":1360,"time":{"ms":3}},"total":{"ticks":3740,"time":{"ms":9},"value":3740},"user":{"ticks":2380,"time":{"ms":6}}},"handles":{"limit":{"hard":524288,"soft":1024},"open":10},"info":{"ephemeral_id":"f68a9d73-b8c9-40b2-a2e7-94b8b9ebe250","uptime":{"ms":5730077},"version":"7.14.2"},"memstats":{"gc_next":18601472,"me>
Oct 04 20:54:46 prowler filebeat[43550]: 2022-10-04T20:54:46.226+0100 INFO [monitoring] log/log.go:145 Non-zero metrics in the last 30s {"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":1360},"total":{"ticks":3750,"time":{"ms":15},"value":3750},"user":{"ticks":2390,"time":{"ms":15}}},"handles":{"limit":{"hard":524288,"soft":1024},"open":10},"info":{"ephemeral_id":"f68a9d73-b8c9-40b2-a2e7-94b8b9ebe250","uptime":{"ms":5760080},"version":"7.14.2"},"memstats":{"gc_next":18601472,"memory_alloc":10>
Oct 04 20:55:16 prowler filebeat[43550]: 2022-10-04T20:55:16.230+0100 INFO [monitoring] log/log.go:145 Non-zero metrics in the last 30s {"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":1360,"time":{"ms":6}},"total":{"ticks":3760,"time":{"ms":11},"value":3760},"user":{"ticks":2400,"time":{"ms":5}}},"handles":{"limit":{"hard":524288,"soft":1024},"open":10},"info":{"ephemeral_id":"f68a9d73-b8c9-40b2-a2e7-94b8b9ebe250","uptime":{"ms":5790150},"version":"7.14.2"},"memstats":{"gc_next":18601472,"m>
Oct 04 20:55:46 prowler filebeat[43550]: 2022-10-04T20:55:46.216+0100 INFO [monitoring] log/log.go:145 Non-zero metrics in the last 30s {"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":1380,"time":{"ms":17}},"total":{"ticks":3800,"time":{"ms":36},"value":3800},"user":{"ticks":2420,"time":{"ms":19}}},"handles":{"limit":{"hard":524288,"soft":1024},"open":10},"info":{"ephemeral_id":"f68a9d73-b8c9-40b2-a2e7-94b8b9ebe250","uptime":{"ms":5820077},"version":"7.14.2"},"memstats":{"gc_next":18605296,>
Oct 04 20:56:16 prowler filebeat[43550]: 2022-10-04T20:56:16.194+0100 INFO [monitoring] log/log.go:145 Non-zero metrics in the last 30s {"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":1390,"time":{"ms":8}},"total":{"ticks":3810,"time":{"ms":14},"value":3810},"user":{"ticks":2420,"time":{"ms":6}}},"handles":{"limit":{"hard":524288,"soft":1024},"open":10},"info":{"ephemeral_id":"f68a9d73-b8c9-40b2-a2e7-94b8b9ebe250","uptime":{"ms":5850077},"version":"7.14.2"},"memstats":{"gc_next":18605296,"m>
Oct 04 20:56:46 prowler filebeat[43550]: 2022-10-04T20:56:46.165+0100 INFO [monitoring] log/log.go:145 Non-zero metrics in the last 30s {"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":1390,"time":{"ms":3}},"total":{"ticks":3820,"time":{"ms":15},"value":3820},"user":{"ticks":2430,"time":{"ms":12}}},"handles":{"limit":{"hard":524288,"soft":1024},"open":10},"info":{"ephemeral_id":"f68a9d73-b8c9-40b2-a2e7-94b8b9ebe250","uptime":{"ms":5880082},"version":"7.14.2"},"memstats":{"gc_next":18605296,">
Oct 04 20:57:16 prowler filebeat[43550]: 2022-10-04T20:57:16.177+0100 INFO [monitoring] log/log.go:145 Non-zero metrics in the last 30s {"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":1390,"time":{"ms":3}},"total":{"ticks":3830,"time":{"ms":9},"value":3830},"user":{"ticks":2440,"time":{"ms":6}}},"handles":{"limit":{"hard":524288,"soft":1024},"open":10},"info":{"ephemeral_id":"f68a9d73-b8c9-40b2-a2e7-94b8b9ebe250","uptime":{"ms":5910096},"version":"7.14.2"},"memstats":{"gc_next":18605296,"me>
Oct 04 20:57:46 prowler filebeat[43550]: 2022-10-04T20:57:46.247+0100 INFO [monitoring] log/log.go:145 Non-zero metrics in the last 30s {"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":1410,"time":{"ms":14}},"total":{"ticks":3880,"time":{"ms":38},"value":3880},"user":{"ticks":2470,"time":{"ms":24}}},"handles":{"limit":{"hard":524288,"soft":1024},"open":10},"info":{"ephemeral_id":"f68a9d73-b8c9-40b2-a2e7-94b8b9ebe250","uptime":{"ms":5940086},"version":"7.14.2"},"memstats":{"gc_next":18586704,>
----
# cat /var/log/filebeat/filebeat | grep -i -E "error|warn"
2022-10-04T19:18:33.734+0100 WARN [cfgwarn] tlscommon/config.go:100 DEPRECATED: Treating the CommonName field on X.509 certificates as a host name when no Subject Alternative Names are present is going to be removed. Please update your certificates if needed. Will be removed in version: 8.0.0
2022-10-04T19:18:33.734+0100 WARN [cfgwarn] tlscommon/config.go:100 DEPRECATED: Treating the CommonName field on X.509 certificates as a host name when no Subject Alternative Names are present is going to be removed. Please update your certificates if needed. Will be removed in version: 8.0.0
---
# cat /etc/filebeat/filebeat.yml
# Wazuh - Filebeat configuration file
output.elasticsearch.hosts: ["127.0.0.1:9200"]
output.elasticsearch.password: REDACTED
filebeat.modules:
- module: wazuh
alerts:
enabled: true
archives:
enabled: false
setup.template.json.enabled: true
setup.template.json.path: /etc/filebeat/wazuh-template.json
setup.template.json.name: wazuh
setup.template.overwrite: true
setup.ilm.enabled: false
output.elasticsearch.protocol: https
output.elasticsearch.ssl.certificate: /etc/elasticsearch/certs/elasticsearch.crt
output.elasticsearch.ssl.key: /etc/elasticsearch/certs/elasticsearch.key
output.elasticsearch.ssl.certificate_authorities: /etc/elasticsearch/certs/ca/ca.crt
output.elasticsearch.ssl.verification_mode: strict
output.elasticsearch.username: elastic
# Wazuh - Filebeat configuration file
output.elasticsearch.hosts: ["127.0.0.1:9200"]
output.elasticsearch.password: REDACTED
filebeat.modules:
- module: wazuh
alerts:
enabled: true
archives:
enabled: false
setup.template.json.enabled: true
setup.template.json.path: /etc/filebeat/wazuh-template.json
setup.template.json.name: wazuh
setup.template.overwrite: true
setup.ilm.enabled: false
output.elasticsearch.protocol: https
output.elasticsearch.ssl.certificate: /etc/elasticsearch/certs/elasticsearch.crt
output.elasticsearch.ssl.key: /etc/elasticsearch/certs/elasticsearch.key
output.elasticsearch.ssl.certificate_authorities: /etc/elasticsearch/certs/ca/ca.crt
output.elasticsearch.ssl.verification_mode: strict
output.elasticsearch.username: elastic
--
The contents of
/etc/filebeat/wazuh-template.json is https://raw.githubusercontent.com/wazuh/wazuh/4.2/extensions/elasticsearch/7.x/wazuh-template.json (or https://raw.githubusercontent.com/wazuh/wazuh/4.3/extensions/elasticsearch/7.x/wazuh-template.json when deploying 4.3)
--
# filebeat test output
elasticsearch: https://127.0.0.1:9200...
parse url... OK
connection...
parse host... OK
dns lookup... OK
addresses: 127.0.0.1
dial up... OK
TLS...
security: server's certificate chain verification is enabled
handshake... OK
TLS version: TLSv1.3
dial up... OK
talk to server... OK
version: 7.14.2
elasticsearch: https://127.0.0.1:9200...
parse url... OK
connection...
parse host... OK
dns lookup... OK
addresses: 127.0.0.1
dial up... OK
TLS...
security: server's certificate chain verification is enabled
handshake... OK
TLS version: TLSv1.3
dial up... OK
talk to server... OK
version: 7.14.2
Regards
Steve
Steve Scotter
Oct 4, 2022, 4:13:10 PM10/4/22
to Wazuh mailing list
I don't know if it's pertinent but the contents of /var/log/filebeat/filebeat is only six lines.. the last being Attempting to connect to Elasticsearch version 7.14.2. Makes me think it wasn't ever successful.
2022-10-04T19:18:33.734+0100 WARN [cfgwarn] tlscommon/config.go:100 DEPRECATED: Treating the CommonName field on X.509 certificates as a host name when no Subject Alternative Names are present is going to be removed. Please update your certificates if needed. Will be removed in version: 8.0.0
2022-10-04T19:18:33.723+0100 INFO instance/beat.go:665 Home path: [/usr/share/filebeat] Config path: [/etc/filebeat] Data path: [/var/lib/filebeat] Logs path: [/var/log/filebeat]
2022-10-04T19:18:33.734+0100 INFO instance/beat.go:673 Beat ID: 07985539-eb75-4238-9f06-d3af738eab6b
2022-10-04T19:18:33.734+0100 INFO [index-management] idxmgmt/std.go:184 Set output.elasticsearch.index to 'filebeat-7.14.2' as ILM is enabled.
2022-10-04T19:18:33.734+0100 INFO instance/beat.go:673 Beat ID: 07985539-eb75-4238-9f06-d3af738eab6b
2022-10-04T19:18:33.734+0100 INFO [index-management] idxmgmt/std.go:184 Set output.elasticsearch.index to 'filebeat-7.14.2' as ILM is enabled.
2022-10-04T19:18:33.734+0100 WARN [cfgwarn] tlscommon/config.go:100 DEPRECATED: Treating the CommonName field on X.509 certificates as a host name when no Subject Alternative Names are present is going to be removed. Please update your certificates if needed. Will be removed in version: 8.0.0
2022-10-04T19:18:33.735+0100 INFO [esclientleg] eslegclient/connection.go:100 elasticsearch url: https://127.0.0.1:9200
2022-10-04T19:18:33.824+0100 INFO [esclientleg] eslegclient/connection.go:273 Attempting to connect to Elasticsearch version 7.14.2
2022-10-04T19:18:33.824+0100 INFO [esclientleg] eslegclient/connection.go:273 Attempting to connect to Elasticsearch version 7.14.2
Reply all
Reply to author
Forward
0 new messages