Check Alerts index pattern error - Could not retrieve templates from Elasticsearch
289 views
Skip to first unread message
Agra Dwi Saputra
Jul 15, 2022, 4:16:50 AM7/15/22
to Wazuh mailing list
Hi Team,
I just deployed Wazuh 4.3.5 on AWS EKS, after successfully deployed
when accessing Wazuh dashboard on health check got an alert for "Check
alerts index pattern" with the error message "ERROR: 4002 - Could not
retrieve templates from Elasticsearch due to An unknown error occurred
when fetching templates from Elasticseach".
Has anyone here experienced it? And can someone help me with this?
Thank you
Best Regards,
Agra Ds
Here I attach the screenshot
I just deployed Wazuh 4.3.5 on AWS EKS, after successfully deployed
when accessing Wazuh dashboard on health check got an alert for "Check
alerts index pattern" with the error message "ERROR: 4002 - Could not
retrieve templates from Elasticsearch due to An unknown error occurred
when fetching templates from Elasticseach".
Has anyone here experienced it? And can someone help me with this?
Thank you
Best Regards,
Agra Ds
Here I attach the screenshot
Agra Dwi Saputra
Jul 15, 2022, 6:38:10 AM7/15/22
to Wazuh mailing list
Hi Team,
Thank you
Best Regards,
Agra Ds
After check, the error because Filebeat does not push the index template to the Elasticsearch cluster (failed on certificate validation).
I try to change the INDEXER_URL to https://wazuh-indexer-0.wazuh-indexer:9200.
The health-check status is all OK, but when accessing dashboard always looping on health-check itself.
The health-check status is all OK, but when accessing dashboard always looping on health-check itself.
Try restart the service from wazuh-control still same.
I try use edge browser, chrome browser and use incognito still looping on health-check.
Can someone help me on this?
Can someone help me on this?
Thank you
Best Regards,
Agra Ds
Victor Carlos Erenu
Jul 19, 2022, 12:14:46 PM7/19/22
to Wazuh mailing list
Hello Agra Ds
Can you tell me how you did the deployment of the kubernetes manifests on the EKS cluster? Are the certificates your own or did you generate them with the scripts that are in the repository?
I also ask you if you can pass me the following data to be able to see how the stack is deployed
kubectl get all -n wazuh
The address that you changed in the filebeat.yml file points directly to the indexer pod, but you need to point to the deployed load balancer so that it can distribute the load in the cluster, with the previous command we should be able to see what services you have deployed in the cluster to know if everything was displayed correctly
Can you tell me how you did the deployment of the kubernetes manifests on the EKS cluster? Are the certificates your own or did you generate them with the scripts that are in the repository?
I also ask you if you can pass me the following data to be able to see how the stack is deployed
kubectl get all -n wazuh
The address that you changed in the filebeat.yml file points directly to the indexer pod, but you need to point to the deployed load balancer so that it can distribute the load in the cluster, with the previous command we should be able to see what services you have deployed in the cluster to know if everything was displayed correctly
Reply all
Reply to author
Forward
0 new messages