How use OpenSearch Assistant on Wazuh?
96 views
Skip to first unread message
Marcus Ribeiro
Sep 18, 2024, 9:21:24 AMSep 18
to Wazuh | Mailing List
Hi Guys!
On Wazuh 4.9.0 is use OpenSearch 2.13 that has function OpenSearch Assistant
I'm following the step by step on Opensearch Documentation, but not work.
Erro: Sep 18 13:10:01 wazuh-server opensearch-dashboards[12461]: FATAL Error: Unknown configuration key(s): "assistant.chat.enabled", "observability.query_assist.enabled". Check for spelling errors and ensure that expected plugins are installed.
Reference: https://opensearch.org/docs/2.13/ml-commons-plugin/opensearch-assistant/
Someone got it work?
On Wazuh 4.9.0 is use OpenSearch 2.13 that has function OpenSearch Assistant
I'm following the step by step on Opensearch Documentation, but not work.
Erro: Sep 18 13:10:01 wazuh-server opensearch-dashboards[12461]: FATAL Error: Unknown configuration key(s): "assistant.chat.enabled", "observability.query_assist.enabled". Check for spelling errors and ensure that expected plugins are installed.
Reference: https://opensearch.org/docs/2.13/ml-commons-plugin/opensearch-assistant/
Someone got it work?
Gerardo David Caceres Fleitas
Sep 18, 2024, 12:45:02 PMSep 18
to Wazuh | Mailing List
Hi Marcus,
I researched it but couldn't find an official previous case related to it. From what I could see, it requires enabling the OpenSearch assistant and using/installing the Machine Learning Plugin. Note that although the Wazuh Indexer and Dashboard are based on OpenSearch, it doesn't mean that they are the same so that some things could require a different approach. We might release an official integration for this feature in the future. And for sure, If you are testing it and you can make it work, you are more than welcome to share your results here or create a post about it.
Best regards.
I researched it but couldn't find an official previous case related to it. From what I could see, it requires enabling the OpenSearch assistant and using/installing the Machine Learning Plugin. Note that although the Wazuh Indexer and Dashboard are based on OpenSearch, it doesn't mean that they are the same so that some things could require a different approach. We might release an official integration for this feature in the future. And for sure, If you are testing it and you can make it work, you are more than welcome to share your results here or create a post about it.
Best regards.
Marcus Ribeiro
Sep 24, 2024, 2:43:49 PMSep 24
to Wazuh | Mailing List
Hello!
I installed the OpenSearch Assistant, Observality Module, Machine Lerning Module and I could enabled the plugin.
I did it with this commands:
curl https://artifacts.opensearch.org/releases/bundle/opensearch-dashboards/2.13.0/opensearch-dashboards-2.13.0-linux-x64.tar.gz -o opensearch-dashboards.tar.gz
tar -xvzf opensearch-dashboards.tar.gz
cp -r opensearch-dashboards-2.13.0/plugins/opensearch-observability/ /usr/share/wazuh-dashboard/plugins/
cp -r opensearch-dashboards-2.13.0/plugins/opensearch-ml/ /usr/share/wazuh-dashboard/plugins/
cp -r opensearch-dashboards-2.13.0/plugins/assistantDashboards/ /usr/share/wazuh-dashboard/plugins/
chown -R wazuh-dashboard:wazuh-dashboard /usr/share/wazuh-dashboard/plugins/<PLUGIN_NAME>/
chmod -R 750 /usr/share/wazuh-dashboard/plugins/<PLUGIN_NAME>/
systemctl restart wazuh-dashboard
After that:
I installed the OpenSearch Assistant, Observality Module, Machine Lerning Module and I could enabled the plugin.
I did it with this commands:
curl https://artifacts.opensearch.org/releases/bundle/opensearch-dashboards/2.13.0/opensearch-dashboards-2.13.0-linux-x64.tar.gz -o opensearch-dashboards.tar.gz
tar -xvzf opensearch-dashboards.tar.gz
cp -r opensearch-dashboards-2.13.0/plugins/opensearch-observability/ /usr/share/wazuh-dashboard/plugins/
cp -r opensearch-dashboards-2.13.0/plugins/opensearch-ml/ /usr/share/wazuh-dashboard/plugins/
cp -r opensearch-dashboards-2.13.0/plugins/assistantDashboards/ /usr/share/wazuh-dashboard/plugins/
chown -R wazuh-dashboard:wazuh-dashboard /usr/share/wazuh-dashboard/plugins/<PLUGIN_NAME>/
chmod -R 750 /usr/share/wazuh-dashboard/plugins/<PLUGIN_NAME>/
systemctl restart wazuh-dashboard
After that:
But, when I do the Opensearch Tutorial (https://opensearch.org/docs/latest/ml-commons-plugin/agents-tools/agents-tools-tutorial/) about enabled a model the Wazuh Indexer break and I see a KNN error.
Sep 20 19:06:00 wazuh-server systemd-entrypoint[7265]: fatal error in thread [opensearch[node-1][refresh][T#1]], exiting
Sep 20 19:06:00 wazuh-server systemd-entrypoint[7265]: java.lang.UnsatisfiedLinkError: no opensearchknn_nmslib in java.library.path: /usr/java/packages/lib:/usr/lib64:Sep 20 19:06:00 wazuh-server systemd-entrypoint[7265]: at java.base/java.lang.ClassLoader.loadLibrary(ClassLoader.java:2458)
Sep 20 19:06:00 wazuh-server systemd-entrypoint[7265]: at java.base/java.lang.Runtime.loadLibrary0(Runtime.java:916)
Sep 20 19:06:00 wazuh-server systemd-entrypoint[7265]: at java.base/java.lang.System.loadLibrary(System.java:2063)
Sep 20 19:06:00 wazuh-server systemd-entrypoint[7265]: at org.opensearch.knn.jni.NmslibService.lambda$static$0(NmslibService.java:34)
Sep 20 19:06:00 wazuh-server systemd-entrypoint[7265]: at java.base/java.security.AccessController.doPrivileged(AccessController.java:319)
Sep 20 19:06:00 wazuh-server systemd-entrypoint[7265]: at org.opensearch.knn.jni.NmslibService.<clinit>(NmslibService.java:33)
I stopped in this point.
If anyone has a ideia, please comment
Best Regards,
Marcus
Sep 20 19:06:00 wazuh-server systemd-entrypoint[7265]: fatal error in thread [opensearch[node-1][refresh][T#1]], exiting
Sep 20 19:06:00 wazuh-server systemd-entrypoint[7265]: java.lang.UnsatisfiedLinkError: no opensearchknn_nmslib in java.library.path: /usr/java/packages/lib:/usr/lib64:Sep 20 19:06:00 wazuh-server systemd-entrypoint[7265]: at java.base/java.lang.ClassLoader.loadLibrary(ClassLoader.java:2458)
Sep 20 19:06:00 wazuh-server systemd-entrypoint[7265]: at java.base/java.lang.Runtime.loadLibrary0(Runtime.java:916)
Sep 20 19:06:00 wazuh-server systemd-entrypoint[7265]: at java.base/java.lang.System.loadLibrary(System.java:2063)
Sep 20 19:06:00 wazuh-server systemd-entrypoint[7265]: at org.opensearch.knn.jni.NmslibService.lambda$static$0(NmslibService.java:34)
Sep 20 19:06:00 wazuh-server systemd-entrypoint[7265]: at java.base/java.security.AccessController.doPrivileged(AccessController.java:319)
Sep 20 19:06:00 wazuh-server systemd-entrypoint[7265]: at org.opensearch.knn.jni.NmslibService.<clinit>(NmslibService.java:33)
I stopped in this point.
If anyone has a ideia, please comment
Best Regards,
Marcus
Marcus Ribeiro
Oct 25, 2024, 1:43:46 PM (3 days ago) Oct 25
to Wazuh | Mailing List
Hello Guys.
I did work!!
I will soon publish the tutorial on my LinkedIn.
https://br.linkedin.com/in/marcus-paulo-alves-ribeiro-9a6aa4181
I did work!!
I will soon publish the tutorial on my LinkedIn.
https://br.linkedin.com/in/marcus-paulo-alves-ribeiro-9a6aa4181
Reply all
Reply to author
Forward
0 new messages