Deleted duplicate index pattern, visualization now broken
18 views
Skip to first unread message
exe
4:09 AM (16 hours ago) 4:09 AM
to Wazuh | Mailing List
Hello There,
yes this may sound dumb but we somehhow had 2 exact same index patterns called wazuh-alerts-* and we deleted the duplicate. Now our visualizations dont work anymore (kinda obvious) because most of them were using the duplicate and not the default. Is there a way to save this and change it so it takes up the default indext pattern?
I saw on the bottom that there are references for the index patterns, but i couldnt find the id for the default one.
As always, thank you for your help!
Here the error:
There is a problem with this saved object
The index pattern associated with this object no longer exists.
If you know what this error means, go ahead and fix it — otherwise click the delete button above.
Proceed with caution!
Modifying objects is for advanced users only. Object properties are not validated and invalid objects could cause errors, data loss, or worse. Unless someone with intimate knowledge of the code told you to be in here, you probably shouldn’t be.
Awwal Ishiaku
5:39 AM (15 hours ago) 5:39 AM
to Wazuh | Mailing List
Hello, send this request in the indexer dev tools to get the ID of all indices
GET .kibana/_search
{
"_source": ["index-pattern.title"],
"query": {
"term": {
"type": "index-pattern"
}
}
}
And then we can figure out a workaround for changing the index pattern.
How many visualizations do you have in your dashboard?
We can export the dashboard and all visualizations in it, and edit the index ID in the text file before re-importing.
After this, we can edit the exported files and import.
GET .kibana/_search
{
"_source": ["index-pattern.title"],
"query": {
"term": {
"type": "index-pattern"
}
}
}
And then we can figure out a workaround for changing the index pattern.
How many visualizations do you have in your dashboard?
We can export the dashboard and all visualizations in it, and edit the index ID in the text file before re-importing.
You can navigate to Dashboard management -> Saved Objects
Search for your dashboard, select it, and export all objects
After this, we can edit the exported files and import.
exe
8:23 AM (12 hours ago) 8:23 AM
to Wazuh | Mailing List
Hello Awwal,
GET .kibana/_search
{
"_source": ["index-pattern.title"],
"query": {
"term": {
"type": "index-pattern"
}
}
}
"message": "404 - Not Found"
}
thanks for the quick answer, when i did:
GET .kibana/_search
{
"_source": ["index-pattern.title"],
"query": {
"term": {
"type": "index-pattern"
}
}
}
I got
{
"error": "Not Found","message": "404 - Not Found"
}
I went to Server Management -> Dev Tools, or am i on the wrong one?
I have 16 Visualizations and 3 Dashboards.
Thank you!
Reply all
Reply to author
Forward
0 new messages