vulnerability detection is disabled or has a problem after upgrading to 4.8
297 views
Skip to first unread message
Musakkarul Lambatjing
Sep 5, 2024, 10:33:03 PM9/5/24
to Wazuh | Mailing List
Hello,
i have problem after upgrade to 4.8 version, seems like the wazuh vulnerability detection is not running. after several times trying to reconfigure the ossec conf, i have seen my log start scanning the vulnerability scanner, but still, there is no showing dashboard or anything.
here's what i have change:
1. latest ossec.conf
2. i'm putting my admin and password into keystore
/var/ossec/bin/wazuh-keystore -f indexer -k username -v <admin-username>
/var/ossec/bin/wazuh-keystore -f indexer -k password -v <admin password>
3. latest log showing in my ossec.log
is there any thought and helps regarding this?
ismail....@wazuh.com
Sep 6, 2024, 4:46:20 AM9/6/24
to Wazuh | Mailing List
Hi,Given the recurring issues experienced with version 4.8.x, we have developed a comprehensive troubleshooting document Troubleshooting that includes the most common fixes. Please take a moment to review the document to help address any problems you may encounter.Additionally, please follow the steps below to ensure proper configuration:
- Ensure the old <vulnerability-detector> block is completely removed, run the following commands to verify it.
cat /var/ossec/etc/ossec.conf | grep "<vulnerability-detector>" -A15
- Verify the availability of the new <vulnerability-detection>block:
cat /var/ossec/etc/ossec.conf | grep "<vulnerability-detection>" -A5
- Check for the <indexer> block and ensure there is no duplication:
cat /var/ossec/etc/ossec.conf | grep "<indexer>" -A15
- Ensure the Filebeat certificate and key name match the certificate files in /etc/filebeat/certs.
- Confirm that Filebeat is running correctly by executing:
filebeat test outputTo get more information if the error persists, you can enable it temporarily.To do this, edit the /var/ossec/etc/internal_options.conf file and change wazuh_modules.debug=0 to 2.Then restart the manager using the command systemctl restart wazuh-manager. After that, check if the error persists and see if any DEBUG logging appears.If any errors are found, please share them with us.Hope this helps you. Please feel free to reach out to us if you have any issues.
Musakkarul Lambatjing
Sep 6, 2024, 4:50:44 AM9/6/24
to Wazuh | Mailing List
Hello Ismail,
Thank you for your responds.
i've already found the issue, yes there is duplication of indexer configuration in ossec.conf, but i have deleted it.
now the new issue coming, there is not all of my agent shows up in the dashboard, and the error of the log keep showing like below.
note: wazuh_modules.debug already changed to 2.
2024/09/06 15:49:35 wazuh-modulesd:vulnerability-scanner[66555] osScanner.hpp:346 at handleRequest(): DEBUG: Vulnerability scan for OS 'windows_server_2019' on Agent '071' has completed.
2024/09/06 15:49:35 wazuh-modulesd:vulnerability-scanner[66555] eventDetailsBuilder.hpp:101 at handleRequest(): DEBUG: Building event details for component type: 2
2024/09/06 15:49:35 wazuh-modulesd:vulnerability-scanner[66555] scanOrchestrator.hpp:299 at run(): DEBUG: Event type: 3 processed
2024/09/06 15:49:41 wazuh-modulesd:vulnerability-scanner[66555] scanOrchestrator.hpp:299 at run(): DEBUG: Event type: 11 processed
2024/09/06 15:49:41 indexer-connector[66555] indexerConnector.cpp:437 at operator()(): DEBUG: Syncing agent '071' with the indexer.
2024/09/06 15:49:41 indexer-connector[66555] indexerConnector.cpp:446 at operator()(): WARNING: Failed to sync agent '071' with the indexer.
2024/09/06 15:49:41 indexer-connector[66555] indexerConnector.cpp:447 at operator()(): DEBUG: Error: No available server
2024/09/06 15:49:42 wazuh-modulesd:vulnerability-scanner[66555] scanOrchestrator.hpp:299 at run(): DEBUG: Event type: 11 processed
2024/09/06 15:49:42 indexer-connector[66555] indexerConnector.cpp:129 at abuseControl(): DEBUG: Agent '071' sync omitted due to abuse control.
2024/09/06 15:49:35 wazuh-modulesd:vulnerability-scanner[66555] eventDetailsBuilder.hpp:101 at handleRequest(): DEBUG: Building event details for component type: 2
2024/09/06 15:49:35 wazuh-modulesd:vulnerability-scanner[66555] scanOrchestrator.hpp:299 at run(): DEBUG: Event type: 3 processed
2024/09/06 15:49:41 wazuh-modulesd:vulnerability-scanner[66555] scanOrchestrator.hpp:299 at run(): DEBUG: Event type: 11 processed
2024/09/06 15:49:41 indexer-connector[66555] indexerConnector.cpp:437 at operator()(): DEBUG: Syncing agent '071' with the indexer.
2024/09/06 15:49:41 indexer-connector[66555] indexerConnector.cpp:446 at operator()(): WARNING: Failed to sync agent '071' with the indexer.
2024/09/06 15:49:41 indexer-connector[66555] indexerConnector.cpp:447 at operator()(): DEBUG: Error: No available server
2024/09/06 15:49:42 wazuh-modulesd:vulnerability-scanner[66555] scanOrchestrator.hpp:299 at run(): DEBUG: Event type: 11 processed
2024/09/06 15:49:42 indexer-connector[66555] indexerConnector.cpp:129 at abuseControl(): DEBUG: Agent '071' sync omitted due to abuse control.
any thought?
thank you
Musakkarul Lambatjing
Sep 10, 2024, 9:38:16 PM9/10/24
to Wazuh | Mailing List
Hello All,
after several days trying to figure out what happen with my vulnerability detection, i found several things that could be the issue, but i still don't know how to fix this.
my cluster shows "yellow" status, and i've already make my index replicas to "0". but still there is a yellow status, and have unassigned shards.
curl --cacert <CACERT> --cert <CERT> --key <KEY> -X GET "https://<ip>/_cluster/health"
{"cluster_name":"wazuh-indexer-cluster","status":"yellow","timed_out":false,"number_of_nodes":1,"number_of_data_nodes":1,"discovered_master":true,"discovered_cluster_manager":true,"active_primary_shards":1626,"active_shards":1626,"relocating_shards":0,"initializing_shards":0,"unassigned_shards":4,"delayed_unassigned_shards":0,"number_of_pending_tasks":0,"number_of_in_flight_fetch":0,"task_max_waiting_in_queue_millis":0,"active_shards_percent_as_number":99.75460122699387}
{"cluster_name":"wazuh-indexer-cluster","status":"yellow","timed_out":false,"number_of_nodes":1,"number_of_data_nodes":1,"discovered_master":true,"discovered_cluster_manager":true,"active_primary_shards":1626,"active_shards":1626,"relocating_shards":0,"initializing_shards":0,"unassigned_shards":4,"delayed_unassigned_shards":0,"number_of_pending_tasks":0,"number_of_in_flight_fetch":0,"task_max_waiting_in_queue_millis":0,"active_shards_percent_as_number":99.75460122699387}
and here's unassigned shards that could be the reason why my cluster status is yellow.
index shard prirep state node unassigned.reason
.opendistro-alerting-alerts 0 r UNASSIGNED CLUSTER_RECOVERED
.opendistro-alerting-alert-history-2024.07.14-000025 0 r UNASSIGNED CLUSTER_RECOVERED
.opendistro-alerting-config 0 r UNASSIGNED CLUSTER_RECOVERED
.opendistro-alerting-alert-history-2024.08.13-000026 0 r UNASSIGNED CLUSTER_RECOVERED
.opendistro-alerting-alerts 0 r UNASSIGNED CLUSTER_RECOVERED
.opendistro-alerting-alert-history-2024.07.14-000025 0 r UNASSIGNED CLUSTER_RECOVERED
.opendistro-alerting-config 0 r UNASSIGNED CLUSTER_RECOVERED
.opendistro-alerting-alert-history-2024.08.13-000026 0 r UNASSIGNED CLUSTER_RECOVERED
i tried to found why my shards is unassigned, the reason is like below, "a copy of this shard is already allocated to another node."
{
"index": ".opendistro-alerting-alert-history-2024.08.13-000026",
"node_allocation_decisions": [
{
"node_name": "node-1",
"deciders": [
{
"decider": "same_shard",
"decision": "NO",
"explanation": "a copy of this shard is already allocated to this node [[.opendistro-alerting-alert-history-2024.08.13-000026][0], node[cumBDhcASyidRp07aEknrg], [P], s[STARTED], a[id=6znfpHCwRMKGkiFkf8e42A]]"
}
]
}
]
}
"index": ".opendistro-alerting-alert-history-2024.08.13-000026",
"node_allocation_decisions": [
{
"node_name": "node-1",
"deciders": [
{
"decider": "same_shard",
"decision": "NO",
"explanation": "a copy of this shard is already allocated to this node [[.opendistro-alerting-alert-history-2024.08.13-000026][0], node[cumBDhcASyidRp07aEknrg], [P], s[STARTED], a[id=6znfpHCwRMKGkiFkf8e42A]]"
}
]
}
]
}
so my question is, is it okay if i deleted those shards? and what will happen if i deleted those shards and how to deleted all the unassigned shards?
if i cannot deleted those shards, what recommended action i have to do to fix this?
Thank you.
ismail....@wazuh.com
Sep 12, 2024, 2:35:52 AM9/12/24
to Wazuh | Mailing List
Hi,
Log in as the admin user, and navigate, the Menu icon ☰ → Indexer Management → Dev Tools and execute the following commands.
To confirm the number of replicas. run this command in the Dev Tool:GET opendistro-alerting-*/_settings
To see the shard details, run the below command:GET /_cat/shards
To delete the unassigned index, you can run the following commands in the Dev tool:DELETE <indexname>
Eg:
DELETE .opendistro-alerting-alertsDELETE .opendistro-alerting-alert-history-2024.07.14-000025
Finally, run the below command to check the cluster health:GET /_cluster/health
Hope this helps you. Please feel free to reach out to us if you have any issues.
Regards,
Ismail Chemmala
Log in as the admin user, and navigate, the Menu icon ☰ → Indexer Management → Dev Tools and execute the following commands.
To confirm the number of replicas. run this command in the Dev Tool:GET opendistro-alerting-*/_settings
To see the shard details, run the below command:GET /_cat/shards
To delete the unassigned index, you can run the following commands in the Dev tool:DELETE <indexname>
Eg:
DELETE .opendistro-alerting-alertsDELETE .opendistro-alerting-alert-history-2024.07.14-000025
Finally, run the below command to check the cluster health:GET /_cluster/health
Hope this helps you. Please feel free to reach out to us if you have any issues.
Regards,
Ismail Chemmala
Musakkarul Lambatjing
Sep 12, 2024, 3:21:43 AM9/12/24
to Wazuh | Mailing List
Hello Ismail,
thank you for your reply.
i keep trying to delete the shards but no luck.
it showing error 403.
{
"error": {
"root_cause": [
{
"type": "security_exception",
"reason": "no permissions for [] and User [name=admin, backend_roles=[admin], requestedTenant=null]"
}
],
"type": "security_exception",
"reason": "no permissions for [] and User [name=admin, backend_roles=[admin], requestedTenant=null]"
},
"status": 403
}
"error": {
"root_cause": [
{
"type": "security_exception",
"reason": "no permissions for [] and User [name=admin, backend_roles=[admin], requestedTenant=null]"
}
],
"type": "security_exception",
"reason": "no permissions for [] and User [name=admin, backend_roles=[admin], requestedTenant=null]"
},
"status": 403
}
how to fix this?
thanks
ismail....@wazuh.com
Sep 12, 2024, 4:29:44 AM9/12/24
to Wazuh | Mailing List
Hi,
Please follow the steps below. Make sure to log in as the root user in the server terminal to run the curl commands:
Note: Please replace [username], [password], and [url] with the appropriate values for your environment.
To check the overall health of the cluster, use the following command: curl -XGET -k -u user:pass "https://localhost:9200/_cluster/health"
To identify unassigned shards and their current state, execute the command: curl -XGET -k -u user:pass https://WAZUH_INDEXER_IP:9200/_cat/shards?h=index,shards,state,prirep,unassigned.reason | grep UNASSIGNED
To delete unassigned shards, use the following sequence of commands: curl -k -XGET -u user:pass "https://<WAZUH_INDEXER_IP>:9200/_cat/shards" | grep UNASSIGNED | awk '{print $1}' | xargs -i curl -k -XDELETE -u user:pass "https://<indexer_ip>:9200/{}"
To delete a specific Wazuh index, use: curl -k -u user:pass -XDELETE https://<WAZUH_INDEXER_IP>:9200/wazuh-alerts-4.x-YYYY.MM.DD
Please make sure you have appropriate backups or snapshots before deleting any indices to prevent data loss.
Hope this helps you. Please feel free to reach out to us if you have any issues.Regards,
Please follow the steps below. Make sure to log in as the root user in the server terminal to run the curl commands:
Note: Please replace [username], [password], and [url] with the appropriate values for your environment.
To check the overall health of the cluster, use the following command: curl -XGET -k -u user:pass "https://localhost:9200/_cluster/health"
To identify unassigned shards and their current state, execute the command: curl -XGET -k -u user:pass https://WAZUH_INDEXER_IP:9200/_cat/shards?h=index,shards,state,prirep,unassigned.reason | grep UNASSIGNED
To delete unassigned shards, use the following sequence of commands: curl -k -XGET -u user:pass "https://<WAZUH_INDEXER_IP>:9200/_cat/shards" | grep UNASSIGNED | awk '{print $1}' | xargs -i curl -k -XDELETE -u user:pass "https://<indexer_ip>:9200/{}"
To delete a specific Wazuh index, use: curl -k -u user:pass -XDELETE https://<WAZUH_INDEXER_IP>:9200/wazuh-alerts-4.x-YYYY.MM.DD
Please make sure you have appropriate backups or snapshots before deleting any indices to prevent data loss.
Hope this helps you. Please feel free to reach out to us if you have any issues.Regards,
Musakkarul Lambatjing
Sep 12, 2024, 4:44:01 AM9/12/24
to Wazuh | Mailing List
Hello Ismail,
i'm still didn't get to delete the unassigned shards, and the reason is still the same
{"error":{"root_cause":[{"type":"security_exception","reason":"no permissions for [] and User [name=admin, backend_roles=[admin], requestedTenant=null]"}],"type":"security_exception","reason":"no permissions for [] and User [name=admin, backend_roles=[admin], requestedTenant=null]"},"status":403}
i've already using root account delete with my admin account but still didn't get to delete the shards.
any thought?
ismail....@wazuh.com
Sep 12, 2024, 6:51:46 AM9/12/24
to Wazuh | Mailing List
Hi,
Could you please share some complete screenshots of where you are encountering these errors? This would help us understand the issue better and provide more accurate assistance.
Regards,
Could you please share some complete screenshots of where you are encountering these errors? This would help us understand the issue better and provide more accurate assistance.
Regards,
Трезвый Дворник
Sep 12, 2024, 12:56:43 PM9/12/24
to Wazuh | Mailing List
Hello!
Today i got this error also. I have 4.8.2 -> 4.9.0 update and it worked several days.
Suddenly morniing i got the same situation - cluster status (single node btw) is in yellow state.
There are some duplicated shards with unassigned state:
```
curl -s --cacert /etc/filebeat/certs/root-ca.pem --cert /etc/filebeat/certs/filebeat.pem --key /etc/filebeat/certs/filebeat-key.pem -u admin:$PASS -XGET https://${indexer_node}:9200/_cat/shards?v | grep '.opendistro-\|.opensearch-'
.opendistro-reports-definitions 0 p STARTED 0 208b 10.100.95.2 CEC-Wazuh-Indexer-01P
.opendistro-reports-instances 0 p STARTED 2 13.2kb 10.100.95.2 CEC-Wazuh-Indexer-01P
.opendistro-alerting-config 0 p STARTED 10.100.95.2 CEC-Wazuh-Indexer-01P
.opendistro-alerting-config 0 r UNASSIGNED
.opensearch-observability 0 p STARTED 0 208b 10.100.95.2 CEC-Wazuh-Indexer-01P
.opensearch-sap-log-types-config 0 p STARTED 10.100.95.2 CEC-Wazuh-Indexer-01P
.opensearch-alerting-config-lock 0 p STARTED 10.100.95.2 CEC-Wazuh-Indexer-01P
.opensearch-alerting-config-lock 0 r UNASSIGNED
.opendistro-alerting-alerts 0 p STARTED 10.100.95.2 CEC-Wazuh-Indexer-01P
.opendistro-alerting-alerts 0 r UNASSIGNED
.opendistro-alerting-alert-history-2024.09.12-1 0 p STARTED 10.100.95.2 CEC-Wazuh-Indexer-01P
.opendistro-alerting-alert-history-2024.09.12-1 0 r UNASSIGNED
.opensearch-notifications-config 0 p STARTED 10.100.95.2 CEC-Wazuh-Indexer-01P
```
If I try to forcce number of replicas I get access error:
```
curl -s -X PUT "https://${indexer_node}:9200/.opendistro-alerting-config/_settings" -H 'Content-Type: application/json' -d'
{
"index": {
"number_of_replicas": 0
}
}' --cacert /etc/filebeat/certs/root-ca.pem --cert /etc/filebeat/certs/filebeat.pem --key /etc/filebeat/certs/filebeat-key.pem -u admin:$PASS | jq
{
"error": {
"root_cause": [
{
"type": "security_exception",
"reason": "no permissions for [] and User [name=admin, backend_roles=[admin], requestedTenant=null]"
}
],
"type": "security_exception",
"reason": "no permissions for [] and User [name=admin, backend_roles=[admin], requestedTenant=null]"
},
"status": 403
}
```
When I try force reroute:
```
POST _cluster/reroute?retry_failed
{
"acknowledged": true,
"state": {
"cluster_uuid": "9_cZjCvsSuKxAOqEW2qFBg",
"version": 3063,
"state_uuid": "90UOGno_TBOjuBOwtf8RSQ",
"master_node": "O2G31Nf_QOif78I2OKkUZg",
"cluster_manager_node": "O2G31Nf_QOif78I2OKkUZg",
"blocks": {},
"nodes": {
"O2G31Nf_QOif78I2OKkUZg": {
"name": "CEC-Wazuh-Indexer-01P",
"ephemeral_id": "PE-RnKCxRHyBCXCoUPSDAw",
"transport_address": "10.100.95.2:9300",
"attributes": {
"shard_indexing_pressure_enabled": "true"
}
}
},
"routing_table": {
"indices": {
"wazuh-states-vulnerabilities-wazuh": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-states-vulnerabilities-wazuh",
"allocation_id": {
"id": "aGy9uAdbQuyXgei7upjX5g"
}
}
]
}
},
".opendistro-reports-definitions": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": ".opendistro-reports-definitions",
"allocation_id": {
"id": "ZRIhTYwaTQ-y60qserasUg"
}
}
]
}
},
".opendistro_security": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": ".opendistro_security",
"allocation_id": {
"id": "wN6Sw_xvQLiHr3M7F0hY2Q"
}
}
]
}
},
".opendistro-reports-instances": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": ".opendistro-reports-instances",
"allocation_id": {
"id": "pC6tnmeIRBiYsWSaoKYAPQ"
}
}
]
}
},
".opendistro-alerting-config": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": ".opendistro-alerting-config",
"allocation_id": {
"id": "lzYKdochRJKgHWnX23ftpA"
}
},
{
"state": "UNASSIGNED",
"primary": false,
"node": null,
"relocating_node": null,
"shard": 0,
"index": ".opendistro-alerting-config",
"recovery_source": {
"type": "PEER"
},
"unassigned_info": {
"reason": "CLUSTER_RECOVERED",
"at": "2024-09-12T13:42:07.999Z",
"delayed": false,
"allocation_status": "no_attempt"
}
}
]
}
},
"wazuh-alerts-4.x-2024.08.30": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.08.30",
"allocation_id": {
"id": "TMq1w1o7Q2Sf5vStOabkFQ"
}
}
],
"1": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.08.30",
"allocation_id": {
"id": "ENPl4QkHTdiCYTelrUjhFQ"
}
}
],
"2": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.08.30",
"allocation_id": {
"id": "fOeCHz4gSZCRmSNz3AADnw"
}
}
]
}
},
"wazuh-alerts-4.x-2024.08.31": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.08.31",
"allocation_id": {
"id": "AbNuqA9_S8C8oqqZo5fBdg"
}
}
],
"1": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.08.31",
"allocation_id": {
"id": "zFzsec-gQ1y5CfeO6CP22A"
}
}
],
"2": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.08.31",
"allocation_id": {
"id": "7gg6QjgwRmiToe7sbOZ42Q"
}
}
]
}
},
"wazuh-monitoring-2024.35w": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-monitoring-2024.35w",
"allocation_id": {
"id": "PuNAwR6yTq2O6JNXe0y18g"
}
}
]
}
},
".opensearch-observability": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": ".opensearch-observability",
"allocation_id": {
"id": "y76TQcR8QnSq-kAc6ew74Q"
}
}
]
}
},
"wazuh-alerts-4.x-2024.09.01": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.09.01",
"allocation_id": {
"id": "kq2YQIvKTSKQxOfDiPyycQ"
}
}
],
"1": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.09.01",
"allocation_id": {
"id": "jIHl0k3HQwG2IwfKz11kiw"
}
}
],
"2": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.09.01",
"allocation_id": {
"id": "NxdLsUW2Sm-tICl2gELuOQ"
}
}
]
}
},
"wazuh-statistics-2024.32w": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-statistics-2024.32w",
"allocation_id": {
"id": "QKl6oAmfRBGrBkFscihBJw"
}
}
]
}
},
"wazuh-alerts-4.x-2024.09.02": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.09.02",
"allocation_id": {
"id": "dn9RdwVJRfW0HHwUKKmlaQ"
}
}
],
"1": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.09.02",
"allocation_id": {
"id": "ekttltbcSi-9RvtX7ld1KA"
}
}
],
"2": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.09.02",
"allocation_id": {
"id": "Y8ELBTLUR9ONE8eIVhsXiQ"
}
}
]
}
},
"wazuh-alerts-4.x-2024.09.03": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.09.03",
"allocation_id": {
"id": "56pb-GHfQOOVrBmN1AJCNg"
}
}
],
"1": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.09.03",
"allocation_id": {
"id": "aLW5IWslR2yCqjiBCBsvEA"
}
}
],
"2": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.09.03",
"allocation_id": {
"id": "maJAAbFrT5K205ZktqcWug"
}
}
]
}
},
".opensearch-sap-log-types-config": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": ".opensearch-sap-log-types-config",
"allocation_id": {
"id": "RL_WJxzYTdqq98cXZcuuCQ"
}
}
]
}
},
"wazuh-alerts-4.x-2024.09.04": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.09.04",
"allocation_id": {
"id": "Ov2B_LlHRN-kTjq8ImmZVQ"
}
}
],
"1": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.09.04",
"allocation_id": {
"id": "mqMypr-zRoOn_p8nZQ4L-w"
}
}
],
"2": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.09.04",
"allocation_id": {
"id": "nUxNSXr1QnOIfm5iiFDWRQ"
}
}
]
}
},
"wazuh-monitoring-2024.31w": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-monitoring-2024.31w",
"allocation_id": {
"id": "YKNCc6ozRBW6Iz_EpYlFCg"
}
}
]
}
},
".opensearch-alerting-config-lock": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": ".opensearch-alerting-config-lock",
"allocation_id": {
"id": "sLXWVCwMSICCN4_vGgl0WQ"
}
},
{
"state": "UNASSIGNED",
"primary": false,
"node": null,
"relocating_node": null,
"shard": 0,
"index": ".opensearch-alerting-config-lock",
"recovery_source": {
"type": "PEER"
},
"unassigned_info": {
"reason": "CLUSTER_RECOVERED",
"at": "2024-09-12T13:42:08.000Z",
"delayed": false,
"allocation_status": "no_attempt"
}
}
]
}
},
"wazuh-alerts-4.x-2024.09.05": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.09.05",
"allocation_id": {
"id": "oqN949wWSu2X-VlxPiH8dA"
}
}
],
"1": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.09.05",
"allocation_id": {
"id": "3YWzm6yNT6SwfVhIjtZHFw"
}
}
],
"2": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.09.05",
"allocation_id": {
"id": "x61ETW2CQBuBSHQrkxgz_w"
}
}
]
}
},
"wazuh-alerts-4.x-2024.09.06": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.09.06",
"allocation_id": {
"id": "eKYpkefaQpa_KsdeaqT8uA"
}
}
],
"1": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.09.06",
"allocation_id": {
"id": "qZp1E0yWRqOnZbqN_dqPCw"
}
}
],
"2": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.09.06",
"allocation_id": {
"id": "njKh8T-DQnGUfkR1tkbVHA"
}
}
]
}
},
"wazuh-alerts-4.x-2024.09.07": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.09.07",
"allocation_id": {
"id": "fYEDtDs6SEW8VIZHzmKoWw"
}
}
],
"1": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.09.07",
"allocation_id": {
"id": "AxhloJDRRaOjaWIE8_-gPA"
}
}
],
"2": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.09.07",
"allocation_id": {
"id": "OGh_w3nGTeiWcBjyF-2uig"
}
}
]
}
},
"wazuh-alerts-4.x-2024.09.08": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.09.08",
"allocation_id": {
"id": "lDiZxq5eTimXX-H9n601gA"
}
}
],
"1": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.09.08",
"allocation_id": {
"id": "HaapDkJST0mljR14vaTOaQ"
}
}
],
"2": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.09.08",
"allocation_id": {
"id": "Y0-fbSFERcKIKhxg3-CF2Q"
}
}
]
}
},
"wazuh-alerts-4.x-2024.09.09": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.09.09",
"allocation_id": {
"id": "WJeJVHkVR66CQ0XkmaS7NA"
}
}
],
"1": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.09.09",
"allocation_id": {
"id": "SuY8o3-gT3Kdb5WBfS32IA"
}
}
],
"2": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.09.09",
"allocation_id": {
"id": "jrlaxh6lSrGaRvMXjZdmCQ"
}
}
]
}
},
"wazuh-statistics-2024.36w": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-statistics-2024.36w",
"allocation_id": {
"id": "EyBvM7koRQOGgIoA2Ouwhg"
}
}
]
}
},
".kibana_-152937574_admintenant_1": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": ".kibana_-152937574_admintenant_1",
"allocation_id": {
"id": "xo-hOXdFSlqIkx0gnfxEtQ"
}
}
]
}
},
".opendistro-alerting-alerts": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": ".opendistro-alerting-alerts",
"allocation_id": {
"id": "h9ggkF4dRCaclXW7fmS4MA"
}
},
{
"state": "UNASSIGNED",
"primary": false,
"node": null,
"relocating_node": null,
"shard": 0,
"index": ".opendistro-alerting-alerts",
"recovery_source": {
"type": "PEER"
},
"unassigned_info": {
"reason": "CLUSTER_RECOVERED",
"at": "2024-09-12T13:42:08.000Z",
"delayed": false,
"allocation_status": "no_attempt"
}
}
]
}
},
".tasks": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": ".tasks",
"allocation_id": {
"id": "1rtQK59lTO2edBbQERcNpA"
}
}
]
}
},
"wazuh-monitoring-2024.36w": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-monitoring-2024.36w",
"allocation_id": {
"id": "ZG8a1UNtTPitVKrAeXp_EA"
}
}
]
}
},
"wazuh-alerts-4.x-2024.08.20": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.08.20",
"allocation_id": {
"id": "rD1NPn9yTD22nd-P0ZATJw"
}
}
],
"1": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.08.20",
"allocation_id": {
"id": "ovp5DNIYRNm0aTAXSVOFkQ"
}
}
],
"2": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.08.20",
"allocation_id": {
"id": "cWouBlS-RbmMm005kbkklA"
}
}
]
}
},
"wazuh-alerts-4.x-2024.08.21": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.08.21",
"allocation_id": {
"id": "0CbwWkKoTN-nsS6TeN9tnA"
}
}
],
"1": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.08.21",
"allocation_id": {
"id": "zUs_Kke9SCKOmMM3iQOEqQ"
}
}
],
"2": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.08.21",
"allocation_id": {
"id": "RhwBOg7MS4Cw9jF1DDK_kg"
}
}
]
}
},
"wazuh-statistics-2024.31w": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-statistics-2024.31w",
"allocation_id": {
"id": "3D5rWRZcSc2P-BsVr5gIwg"
}
}
]
}
},
"wazuh-alerts-4.x-2024.08.22": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.08.22",
"allocation_id": {
"id": "SZ8AA4sWRrKsaajg4__VjQ"
}
}
],
"1": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.08.22",
"allocation_id": {
"id": "0osOHgzBRLa0Szw_7dWmUw"
}
}
],
"2": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.08.22",
"allocation_id": {
"id": "K5UnXxr6Sgev-QYsHKfsvA"
}
}
]
}
},
"wazuh-alerts-4.x-2024.08.23": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.08.23",
"allocation_id": {
"id": "dpNaZ9ePQmyW53q0lS6Eqg"
}
}
],
"1": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.08.23",
"allocation_id": {
"id": "pLYspMGFS0WQE2Toh5xPYw"
}
}
],
"2": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.08.23",
"allocation_id": {
"id": "nwCNAHW9RjaRvalXHVrEFA"
}
}
]
}
},
"wazuh-alerts-4.x-2024.08.24": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.08.24",
"allocation_id": {
"id": "uOkMyuNPTA6WiLAo-NOt2A"
}
}
],
"1": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.08.24",
"allocation_id": {
"id": "DdMefaWXRS6Oa5jR0kAx5Q"
}
}
],
"2": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.08.24",
"allocation_id": {
"id": "20_j0qJQSKSLdNUxJ-4EYg"
}
}
]
}
},
"wazuh-monitoring-2024.32w": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-monitoring-2024.32w",
"allocation_id": {
"id": "KYSbwWTdQf-7DbzEH3jM7w"
}
}
]
}
},
"wazuh-alerts-4.x-2024.08.25": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.08.25",
"allocation_id": {
"id": "NEgYdCYVRpGCHw5-LEKfeA"
}
}
],
"1": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.08.25",
"allocation_id": {
"id": "8Ziz09bzRtSgBKRqIe0lag"
}
}
],
"2": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.08.25",
"allocation_id": {
"id": "cJ0C5wY2QcCKcfBI7My7eQ"
}
}
]
}
},
"wazuh-alerts-4.x-2024.08.26": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.08.26",
"allocation_id": {
"id": "vNdCTVUKRcG9sv09leM7wQ"
}
}
],
"1": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.08.26",
"allocation_id": {
"id": "znNMs_r0QXS0xgP5pGOvZA"
}
}
],
"2": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.08.26",
"allocation_id": {
"id": "N1BcmzpMRFmLhy-1u8XHjw"
}
}
]
}
},
"wazuh-alerts-4.x-2024.08.27": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.08.27",
"allocation_id": {
"id": "cjPeKqARS3qorRI67GqRCA"
}
}
],
"1": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.08.27",
"allocation_id": {
"id": "9m_uYRJLRsKGqXwH52kDPg"
}
}
],
"2": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.08.27",
"allocation_id": {
"id": "4QudsVt_RkiAKqK4cm7zTQ"
}
}
]
}
},
"wazuh-alerts-4.x-2024.08.28": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.08.28",
"allocation_id": {
"id": "ziaMW6vtS6ynz20vSYamDg"
}
}
],
"1": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.08.28",
"allocation_id": {
"id": "E-ZIb7NHQYWNIqab7zbDsQ"
}
}
],
"2": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.08.28",
"allocation_id": {
"id": "D1wJX-jwTdKBwjqa8HEquA"
}
}
]
}
},
"wazuh-alerts-4.x-2024.08.29": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.08.29",
"allocation_id": {
"id": "xRuPoV7wRiCimfMfU6vtPg"
}
}
],
"1": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.08.29",
"allocation_id": {
"id": "HSFaMSjoTsm0ouUD77nrpA"
}
}
],
"2": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.08.29",
"allocation_id": {
"id": "wBGRh2nXQaGQWCfmrRIDzQ"
}
}
]
}
},
"wazuh-statistics-2024.35w": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-statistics-2024.35w",
"allocation_id": {
"id": "8_b7XltQQRiubmYFxUkQIg"
}
}
]
}
},
"wazuh-monitoring-2024.37w": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-monitoring-2024.37w",
"allocation_id": {
"id": "EcS-ZhOTRa-ifeg5Id6yaA"
}
}
]
}
},
"wazuh-statistics-2024.34w": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-statistics-2024.34w",
"allocation_id": {
"id": "1xJyynbSRzC4e1PuuaIt9Q"
}
}
]
}
},
"wazuh-monitoring-2024.33w": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-monitoring-2024.33w",
"allocation_id": {
"id": "f8zAUKXiSumynMRmGbBs5Q"
}
}
]
}
},
"wazuh-alerts-4.x-2024.08.19": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.08.19",
"allocation_id": {
"id": "-f3iPNDFQqOH9GJGgtsYtw"
}
}
],
"1": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.08.19",
"allocation_id": {
"id": "lypaSm4FTbe8iGz0ojqplg"
}
}
],
"2": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.08.19",
"allocation_id": {
"id": "OfcQnx9ATA6Xz7bjSzWYxw"
}
}
]
}
},
".opendistro-alerting-alert-history-2024.09.12-1": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": ".opendistro-alerting-alert-history-2024.09.12-1",
"allocation_id": {
"id": "GieRSJJ-QwKcO9r8uH7g-g"
}
},
{
"state": "UNASSIGNED",
"primary": false,
"node": null,
"relocating_node": null,
"shard": 0,
"index": ".opendistro-alerting-alert-history-2024.09.12-1",
"recovery_source": {
"type": "PEER"
},
"unassigned_info": {
"reason": "CLUSTER_RECOVERED",
"at": "2024-09-12T13:42:08.000Z",
"delayed": false,
"allocation_status": "no_attempt"
}
}
]
}
},
".kibana_2": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": ".kibana_2",
"allocation_id": {
"id": "GIePkwQ3RJWVryAkRUYLQg"
}
}
]
}
},
".kibana_1": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": ".kibana_1",
"allocation_id": {
"id": "yiy3zCF5RWqY9WXELOLTRA"
}
}
]
}
},
"wazuh-statistics-2024.33w": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-statistics-2024.33w",
"allocation_id": {
"id": "n7vhGTrXQs6_o4X8vU_UWA"
}
}
]
}
},
"wazuh-alerts-4.x-2024.09.10": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.09.10",
"allocation_id": {
"id": "Kcogc6baQDC6isJ8MLndNQ"
}
}
],
"1": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.09.10",
"allocation_id": {
"id": "ZKbnvkPzSYi2oDMqF-gdtw"
}
}
],
"2": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.09.10",
"allocation_id": {
"id": "ZGbZwe4sSTqcPzuXH1blFA"
}
}
]
}
},
"wazuh-alerts-4.x-2024.09.11": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.09.11",
"allocation_id": {
"id": "80AePtPkSP2D8yTfNyCAtw"
}
}
],
"1": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.09.11",
"allocation_id": {
"id": "fyrnv5BPTjSvQ6T5twhC4A"
}
}
],
"2": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.09.11",
"allocation_id": {
"id": "jFiowBQZRJ2EMeJtE-z34w"
}
}
]
}
},
".plugins-ml-config": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": ".plugins-ml-config",
"allocation_id": {
"id": "15MV8UrOQs2-ifxjiIt5kg"
}
}
]
}
},
"wazuh-alerts-4.x-2024.09.12": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.09.12",
"allocation_id": {
"id": "Cs5wxfmpSDK3-6FPrDNZfA"
}
}
],
"1": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.09.12",
"allocation_id": {
"id": "TLviiDnQTUq_qHhc5SB5ew"
}
}
],
"2": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.09.12",
"allocation_id": {
"id": "O04quEIKRUy1TkD4-_XgrQ"
}
}
]
}
},
"wazuh-monitoring-2024.34w": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-monitoring-2024.34w",
"allocation_id": {
"id": "JQl3BGUBQrGkzgZ3m8x5_g"
}
}
]
}
},
"wazuh-statistics-2024.37w": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-statistics-2024.37w",
"allocation_id": {
"id": "Ofxiq_JOTOWP8fOP3Q8RIQ"
}
}
]
}
},
".opensearch-notifications-config": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": ".opensearch-notifications-config",
"allocation_id": {
"id": "WPlbjMHCR2eq6T0aX6uaBw"
}
}
]
}
}
}
},
"routing_nodes": {
"unassigned": [
{
"state": "UNASSIGNED",
"primary": false,
"node": null,
"relocating_node": null,
"shard": 0,
"index": ".opendistro-alerting-config",
"recovery_source": {
"type": "PEER"
},
"unassigned_info": {
"reason": "CLUSTER_RECOVERED",
"at": "2024-09-12T13:42:07.999Z",
"delayed": false,
"allocation_status": "no_attempt"
}
},
{
"state": "UNASSIGNED",
"primary": false,
"node": null,
"relocating_node": null,
"shard": 0,
"index": ".opensearch-alerting-config-lock",
"recovery_source": {
"type": "PEER"
},
"unassigned_info": {
"reason": "CLUSTER_RECOVERED",
"at": "2024-09-12T13:42:08.000Z",
"delayed": false,
"allocation_status": "no_attempt"
}
},
{
"state": "UNASSIGNED",
"primary": false,
"node": null,
"relocating_node": null,
"shard": 0,
"index": ".opendistro-alerting-alerts",
"recovery_source": {
"type": "PEER"
},
"unassigned_info": {
"reason": "CLUSTER_RECOVERED",
"at": "2024-09-12T13:42:08.000Z",
"delayed": false,
"allocation_status": "no_attempt"
}
},
{
"state": "UNASSIGNED",
"primary": false,
"node": null,
"relocating_node": null,
"shard": 0,
"index": ".opendistro-alerting-alert-history-2024.09.12-1",
"recovery_source": {
"type": "PEER"
},
"unassigned_info": {
"reason": "CLUSTER_RECOVERED",
"at": "2024-09-12T13:42:08.000Z",
"delayed": false,
"allocation_status": "no_attempt"
}
}
],
"nodes": {
"O2G31Nf_QOif78I2OKkUZg": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-states-vulnerabilities-wazuh",
"allocation_id": {
"id": "aGy9uAdbQuyXgei7upjX5g"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": ".opendistro-reports-definitions",
"allocation_id": {
"id": "ZRIhTYwaTQ-y60qserasUg"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": ".opendistro_security",
"allocation_id": {
"id": "wN6Sw_xvQLiHr3M7F0hY2Q"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": ".opendistro-reports-instances",
"allocation_id": {
"id": "pC6tnmeIRBiYsWSaoKYAPQ"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": ".opendistro-alerting-config",
"allocation_id": {
"id": "lzYKdochRJKgHWnX23ftpA"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.08.30",
"allocation_id": {
"id": "TMq1w1o7Q2Sf5vStOabkFQ"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.08.30",
"allocation_id": {
"id": "ENPl4QkHTdiCYTelrUjhFQ"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.08.30",
"allocation_id": {
"id": "fOeCHz4gSZCRmSNz3AADnw"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.08.31",
"allocation_id": {
"id": "AbNuqA9_S8C8oqqZo5fBdg"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.08.31",
"allocation_id": {
"id": "zFzsec-gQ1y5CfeO6CP22A"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.08.31",
"allocation_id": {
"id": "7gg6QjgwRmiToe7sbOZ42Q"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-monitoring-2024.35w",
"allocation_id": {
"id": "PuNAwR6yTq2O6JNXe0y18g"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": ".opensearch-observability",
"allocation_id": {
"id": "y76TQcR8QnSq-kAc6ew74Q"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.09.01",
"allocation_id": {
"id": "kq2YQIvKTSKQxOfDiPyycQ"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.09.01",
"allocation_id": {
"id": "jIHl0k3HQwG2IwfKz11kiw"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.09.01",
"allocation_id": {
"id": "NxdLsUW2Sm-tICl2gELuOQ"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-statistics-2024.32w",
"allocation_id": {
"id": "QKl6oAmfRBGrBkFscihBJw"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.09.02",
"allocation_id": {
"id": "dn9RdwVJRfW0HHwUKKmlaQ"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.09.02",
"allocation_id": {
"id": "ekttltbcSi-9RvtX7ld1KA"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.09.02",
"allocation_id": {
"id": "Y8ELBTLUR9ONE8eIVhsXiQ"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.09.03",
"allocation_id": {
"id": "56pb-GHfQOOVrBmN1AJCNg"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.09.03",
"allocation_id": {
"id": "aLW5IWslR2yCqjiBCBsvEA"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.09.03",
"allocation_id": {
"id": "maJAAbFrT5K205ZktqcWug"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": ".opensearch-sap-log-types-config",
"allocation_id": {
"id": "RL_WJxzYTdqq98cXZcuuCQ"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.09.04",
"allocation_id": {
"id": "Ov2B_LlHRN-kTjq8ImmZVQ"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.09.04",
"allocation_id": {
"id": "mqMypr-zRoOn_p8nZQ4L-w"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.09.04",
"allocation_id": {
"id": "nUxNSXr1QnOIfm5iiFDWRQ"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-monitoring-2024.31w",
"allocation_id": {
"id": "YKNCc6ozRBW6Iz_EpYlFCg"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": ".opensearch-alerting-config-lock",
"allocation_id": {
"id": "sLXWVCwMSICCN4_vGgl0WQ"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.09.05",
"allocation_id": {
"id": "oqN949wWSu2X-VlxPiH8dA"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.09.05",
"allocation_id": {
"id": "3YWzm6yNT6SwfVhIjtZHFw"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.09.05",
"allocation_id": {
"id": "x61ETW2CQBuBSHQrkxgz_w"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.09.06",
"allocation_id": {
"id": "eKYpkefaQpa_KsdeaqT8uA"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.09.06",
"allocation_id": {
"id": "qZp1E0yWRqOnZbqN_dqPCw"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.09.06",
"allocation_id": {
"id": "njKh8T-DQnGUfkR1tkbVHA"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.09.07",
"allocation_id": {
"id": "fYEDtDs6SEW8VIZHzmKoWw"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.09.07",
"allocation_id": {
"id": "AxhloJDRRaOjaWIE8_-gPA"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.09.07",
"allocation_id": {
"id": "OGh_w3nGTeiWcBjyF-2uig"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.09.08",
"allocation_id": {
"id": "lDiZxq5eTimXX-H9n601gA"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.09.08",
"allocation_id": {
"id": "HaapDkJST0mljR14vaTOaQ"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.09.08",
"allocation_id": {
"id": "Y0-fbSFERcKIKhxg3-CF2Q"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.09.09",
"allocation_id": {
"id": "WJeJVHkVR66CQ0XkmaS7NA"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.09.09",
"allocation_id": {
"id": "SuY8o3-gT3Kdb5WBfS32IA"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.09.09",
"allocation_id": {
"id": "jrlaxh6lSrGaRvMXjZdmCQ"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-statistics-2024.36w",
"allocation_id": {
"id": "EyBvM7koRQOGgIoA2Ouwhg"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": ".kibana_-152937574_admintenant_1",
"allocation_id": {
"id": "xo-hOXdFSlqIkx0gnfxEtQ"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": ".opendistro-alerting-alerts",
"allocation_id": {
"id": "h9ggkF4dRCaclXW7fmS4MA"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": ".tasks",
"allocation_id": {
"id": "1rtQK59lTO2edBbQERcNpA"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-monitoring-2024.36w",
"allocation_id": {
"id": "ZG8a1UNtTPitVKrAeXp_EA"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.08.20",
"allocation_id": {
"id": "rD1NPn9yTD22nd-P0ZATJw"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.08.20",
"allocation_id": {
"id": "ovp5DNIYRNm0aTAXSVOFkQ"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.08.20",
"allocation_id": {
"id": "cWouBlS-RbmMm005kbkklA"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.08.21",
"allocation_id": {
"id": "0CbwWkKoTN-nsS6TeN9tnA"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.08.21",
"allocation_id": {
"id": "zUs_Kke9SCKOmMM3iQOEqQ"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.08.21",
"allocation_id": {
"id": "RhwBOg7MS4Cw9jF1DDK_kg"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-statistics-2024.31w",
"allocation_id": {
"id": "3D5rWRZcSc2P-BsVr5gIwg"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.08.22",
"allocation_id": {
"id": "SZ8AA4sWRrKsaajg4__VjQ"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.08.22",
"allocation_id": {
"id": "0osOHgzBRLa0Szw_7dWmUw"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.08.22",
"allocation_id": {
"id": "K5UnXxr6Sgev-QYsHKfsvA"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.08.23",
"allocation_id": {
"id": "dpNaZ9ePQmyW53q0lS6Eqg"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.08.23",
"allocation_id": {
"id": "pLYspMGFS0WQE2Toh5xPYw"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.08.23",
"allocation_id": {
"id": "nwCNAHW9RjaRvalXHVrEFA"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.08.24",
"allocation_id": {
"id": "uOkMyuNPTA6WiLAo-NOt2A"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.08.24",
"allocation_id": {
"id": "DdMefaWXRS6Oa5jR0kAx5Q"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.08.24",
"allocation_id": {
"id": "20_j0qJQSKSLdNUxJ-4EYg"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-monitoring-2024.32w",
"allocation_id": {
"id": "KYSbwWTdQf-7DbzEH3jM7w"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.08.25",
"allocation_id": {
"id": "NEgYdCYVRpGCHw5-LEKfeA"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.08.25",
"allocation_id": {
"id": "8Ziz09bzRtSgBKRqIe0lag"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.08.25",
"allocation_id": {
"id": "cJ0C5wY2QcCKcfBI7My7eQ"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.08.26",
"allocation_id": {
"id": "vNdCTVUKRcG9sv09leM7wQ"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.08.26",
"allocation_id": {
"id": "znNMs_r0QXS0xgP5pGOvZA"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.08.26",
"allocation_id": {
"id": "N1BcmzpMRFmLhy-1u8XHjw"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.08.27",
"allocation_id": {
"id": "cjPeKqARS3qorRI67GqRCA"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.08.27",
"allocation_id": {
"id": "9m_uYRJLRsKGqXwH52kDPg"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.08.27",
"allocation_id": {
"id": "4QudsVt_RkiAKqK4cm7zTQ"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.08.28",
"allocation_id": {
"id": "ziaMW6vtS6ynz20vSYamDg"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.08.28",
"allocation_id": {
"id": "E-ZIb7NHQYWNIqab7zbDsQ"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.08.28",
"allocation_id": {
"id": "D1wJX-jwTdKBwjqa8HEquA"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.08.29",
"allocation_id": {
"id": "xRuPoV7wRiCimfMfU6vtPg"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.08.29",
"allocation_id": {
"id": "HSFaMSjoTsm0ouUD77nrpA"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.08.29",
"allocation_id": {
"id": "wBGRh2nXQaGQWCfmrRIDzQ"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-statistics-2024.35w",
"allocation_id": {
"id": "8_b7XltQQRiubmYFxUkQIg"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-monitoring-2024.37w",
"allocation_id": {
"id": "EcS-ZhOTRa-ifeg5Id6yaA"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-statistics-2024.34w",
"allocation_id": {
"id": "1xJyynbSRzC4e1PuuaIt9Q"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-monitoring-2024.33w",
"allocation_id": {
"id": "f8zAUKXiSumynMRmGbBs5Q"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.08.19",
"allocation_id": {
"id": "-f3iPNDFQqOH9GJGgtsYtw"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.08.19",
"allocation_id": {
"id": "lypaSm4FTbe8iGz0ojqplg"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.08.19",
"allocation_id": {
"id": "OfcQnx9ATA6Xz7bjSzWYxw"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": ".opendistro-alerting-alert-history-2024.09.12-1",
"allocation_id": {
"id": "GieRSJJ-QwKcO9r8uH7g-g"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": ".kibana_2",
"allocation_id": {
"id": "GIePkwQ3RJWVryAkRUYLQg"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": ".kibana_1",
"allocation_id": {
"id": "yiy3zCF5RWqY9WXELOLTRA"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-statistics-2024.33w",
"allocation_id": {
"id": "n7vhGTrXQs6_o4X8vU_UWA"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.09.10",
"allocation_id": {
"id": "Kcogc6baQDC6isJ8MLndNQ"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.09.10",
"allocation_id": {
"id": "ZKbnvkPzSYi2oDMqF-gdtw"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.09.10",
"allocation_id": {
"id": "ZGbZwe4sSTqcPzuXH1blFA"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.09.11",
"allocation_id": {
"id": "80AePtPkSP2D8yTfNyCAtw"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.09.11",
"allocation_id": {
"id": "fyrnv5BPTjSvQ6T5twhC4A"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.09.11",
"allocation_id": {
"id": "jFiowBQZRJ2EMeJtE-z34w"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": ".plugins-ml-config",
"allocation_id": {
"id": "15MV8UrOQs2-ifxjiIt5kg"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.09.12",
"allocation_id": {
"id": "Cs5wxfmpSDK3-6FPrDNZfA"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.09.12",
"allocation_id": {
"id": "TLviiDnQTUq_qHhc5SB5ew"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.09.12",
"allocation_id": {
"id": "O04quEIKRUy1TkD4-_XgrQ"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-monitoring-2024.34w",
"allocation_id": {
"id": "JQl3BGUBQrGkzgZ3m8x5_g"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-statistics-2024.37w",
"allocation_id": {
"id": "Ofxiq_JOTOWP8fOP3Q8RIQ"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": ".opensearch-notifications-config",
"allocation_id": {
"id": "WPlbjMHCR2eq6T0aX6uaBw"
}
}
]
}
}
}
}
```
As I can see - there shards are duplicated somehow and I've tried multiply users and access roles (like "*" ".*" for index etc) without success.
I tried to delete files physically on disk (like lzYKdochRJKgHWnX23ftpA for .opendistro-alerting-config), but then I got UNASSIGNED for both items in shard.
First time I saw the issue is:
```
/var/ossec/logs/wazuh/2024/Sep/ossec-12.log.gz:2024/09/12 08:48:45 indexer-connector[2219075] indexerConnector.cpp:447 at operator()(): DEBUG: Error: No available server
```
What I can see in logs for that minute:
```
zgrep '2024/09/12 08:48:' /var/ossec/logs/wazuh/2024/Sep/ossec-12*.gz
/var/ossec/logs/wazuh/2024/Sep/ossec-12-001.log.gz:2024/09/12 11:48:00 wazuh-modulesd:syscollector[2235869] logging_helper.c:40 at taggedLogFunction(): DEBUG: Sync sent: {"component":"syscollector_processes","data":{"attributes":{"argvs":null,"checksum":"587b2e08c195430c4b32c2c41c5b8bca512df81f","cmd":null,"egroup":"root","euser":"root","fgroup":"root","name":"kworker/3:1H-xf","nice":-20,"nlwp":1,"pgrp":0,"pid":"366","ppid":2,"priority":0,"processor":3,"resident":0,"rgroup":"root","ruser":"root","scan_time":"2024/09/12 08:48:00","session":0,"sgroup":"root","share":0,"size":0,"start_time":1725883180,"state":"I","stime":1574,"suser":"root","tgid":366,"tty":0,"utime":0,"vm_size":0},"index":"366","timestamp":""},"type":"state"}
/var/ossec/logs/wazuh/2024/Sep/ossec-12-001.log.gz:2024/09/12 11:48:00 wazuh-modulesd:syscollector[2235869] logging_helper.c:40 at taggedLogFunction(): DEBUG: Sync sent: {"component":"syscollector_processes","data":{"attributes":{"argvs":null,"checksum":"863bc6b666ac3f540ff0c69bf3160f8120bdfaf7","cmd":null,"egroup":"root","euser":"root","fgroup":"root","name":"kworker/0:3-eve","nice":0,"nlwp":1,"pgrp":0,"pid":"2234519","ppid":2,"priority":20,"processor":0,"resident":0,"rgroup":"root","ruser":"root","scan_time":"2024/09/12 08:48:00","session":0,"sgroup":"root","share":0,"size":0,"start_time":1726126070,"state":"I","stime":15,"suser":"root","tgid":2234519,"tty":0,"utime":10,"vm_size":0},"index":"2234519","timestamp":""},"type":"state"}
/var/ossec/logs/wazuh/2024/Sep/ossec-12-001.log.gz:2024/09/12 11:48:00 wazuh-modulesd:syscollector[2235869] logging_helper.c:40 at taggedLogFunction(): DEBUG: Sync sent: {"component":"syscollector_processes","data":{"attributes":{"argvs":null,"checksum":"66f6ef72bdc651da10a02e63ddfb4e1a7edb7108","cmd":"/usr/libexec/fwupd/fwupd","egroup":"root","euser":"root","fgroup":"root","name":"fwupd","nice":0,"nlwp":5,"pgrp":2234481,"pid":"2234481","ppid":1,"priority":20,"processor":2,"resident":88064,"rgroup":"root","ruser":"root","scan_time":"2024/09/12 08:48:00","session":2234481,"sgroup":"root","share":6722,"size":111433,"start_time":1726126068,"state":"S","stime":12,"suser":"root","tgid":2234481,"tty":0,"utime":103,"vm_size":445732},"index":"2234481","timestamp":""},"type":"state"}
/var/ossec/logs/wazuh/2024/Sep/ossec-12-001.log.gz:2024/09/12 11:48:00 wazuh-modulesd:syscollector[2235869] logging_helper.c:40 at taggedLogFunction(): DEBUG: Sync sent: {"component":"syscollector_processes","data":{"attributes":{"argvs":null,"checksum":"0654bba8aef35dc57227baf48ff8fcbbd59a411c","cmd":null,"egroup":"root","euser":"root","fgroup":"root","name":"kworker/u256:1-","nice":0,"nlwp":1,"pgrp":0,"pid":"2234750","ppid":2,"priority":20,"processor":5,"resident":0,"rgroup":"root","ruser":"root","scan_time":"2024/09/12 08:48:00","session":0,"sgroup":"root","share":0,"size":0,"start_time":1726128686,"state":"I","stime":24,"suser":"root","tgid":2234750,"tty":0,"utime":0,"vm_size":0},"index":"2234750","timestamp":""},"type":"state"}
/var/ossec/logs/wazuh/2024/Sep/ossec-12-001.log.gz:2024/09/12 11:48:00 wazuh-modulesd:syscollector[2235869] logging_helper.c:40 at taggedLogFunction(): DEBUG: Sync sent: {"component":"syscollector_processes","data":{"attributes":{"argvs":null,"checksum":"22b2953e43aa1555eed1c2b97c67f5799b50cb16","cmd":null,"egroup":"root","euser":"root","fgroup":"root","name":"xfsaild/dm-2","nice":0,"nlwp":1,"pgrp":0,"pid":"507","ppid":2,"priority":20,"processor":5,"resident":0,"rgroup":"root","ruser":"root","scan_time":"2024/09/12 08:48:00","session":0,"sgroup":"root","share":0,"size":0,"start_time":1725883182,"state":"S","stime":5730,"suser":"root","tgid":507,"tty":0,"utime":0,"vm_size":0},"index":"507","timestamp":""},"type":"state"}
/var/ossec/logs/wazuh/2024/Sep/ossec-12-001.log.gz:2024/09/12 11:48:00 wazuh-modulesd:syscollector[2235869] logging_helper.c:40 at taggedLogFunction(): DEBUG: Sync sent: {"component":"syscollector_processes","data":{"attributes":{"argvs":null,"checksum":"660791db23fa0062e4549f6b6f7103fe8195bfe6","cmd":null,"egroup":"root","euser":"root","fgroup":"root","name":"kworker/u256:2-","nice":0,"nlwp":1,"pgrp":0,"pid":"2234839","ppid":2,"priority":20,"processor":5,"resident":0,"rgroup":"root","ruser":"root","scan_time":"2024/09/12 08:48:00","session":0,"sgroup":"root","share":0,"size":0,"start_time":1726129527,"state":"I","stime":17,"suser":"root","tgid":2234839,"tty":0,"utime":0,"vm_size":0},"index":"2234839","timestamp":""},"type":"state"}
/var/ossec/logs/wazuh/2024/Sep/ossec-12-001.log.gz:2024/09/12 11:48:00 wazuh-modulesd:syscollector[2235869] logging_helper.c:40 at taggedLogFunction(): DEBUG: Sync sent: {"component":"syscollector_processes","data":{"attributes":{"argvs":"--environment systemd -c /etc/filebeat/filebeat.yml --path.home /usr/share/filebeat --path.config /etc/filebeat --path.data /var/lib/filebeat --path.logs /var/log/filebeat","checksum":"7ad1646f77012a78488682bfdb75aaa73c295298","cmd":"/usr/share/filebeat/bin/filebeat","egroup":"root","euser":"root","fgroup":"root","name":"filebeat","nice":0,"nlwp":13,"pgrp":2235121,"pid":"2235121","ppid":1,"priority":20,"processor":2,"resident":47952,"rgroup":"root","ruser":"root","scan_time":"2024/09/12 08:48:00","session":2235121,"sgroup":"root","share":8862,"size":413557,"start_time":1726130007,"state":"S","stime":22,"suser":"root","tgid":2235121,"tty":0,"utime":62,"vm_size":1654228},"index":"2235121","timestamp":""},"type":"state"}
/var/ossec/logs/wazuh/2024/Sep/ossec-12-001.log.gz:2024/09/12 11:48:00 wazuh-modulesd:syscollector[2235869] logging_helper.c:40 at taggedLogFunction(): DEBUG: Sync sent: {"component":"syscollector_processes","data":{"attributes":{"argvs":null,"checksum":"8de3ed984624f8c3c183ffbb6cf8355ef06bb0fb","cmd":"/lib/systemd/systemd-journald","egroup":"root","euser":"root","fgroup":"root","name":"systemd-journal","nice":-1,"nlwp":1,"pgrp":576,"pid":"576","ppid":1,"priority":19,"processor":1,"resident":5716,"rgroup":"root","ruser":"root","scan_time":"2024/09/12 08:48:00","session":576,"sgroup":"root","share":1309,"size":9389,"start_time":1725883183,"state":"S","stime":56,"suser":"root","tgid":576,"tty":0,"utime":48,"vm_size":37556},"index":"576","timestamp":""},"type":"state"}
/var/ossec/logs/wazuh/2024/Sep/ossec-12-001.log.gz:2024/09/12 11:48:00 wazuh-modulesd:syscollector[2235869] logging_helper.c:40 at taggedLogFunction(): DEBUG: Sync sent: {"component":"syscollector_processes","data":{"attributes":{"argvs":null,"checksum":"b1ab7bb116cf3b634c46d3444ec9f0d4acd8a87c","cmd":"/lib/systemd/systemd-udevd","egroup":"root","euser":"root","fgroup":"root","name":"systemd-udevd","nice":0,"nlwp":1,"pgrp":607,"pid":"607","ppid":1,"priority":20,"processor":5,"resident":2452,"rgroup":"root","ruser":"root","scan_time":"2024/09/12 08:48:00","session":607,"sgroup":"root","share":513,"size":5713,"start_time":1725883183,"state":"S","stime":52,"suser":"root","tgid":607,"tty":0,"utime":51,"vm_size":22852},"index":"607","timestamp":""},"type":"state"}
/var/ossec/logs/wazuh/2024/Sep/ossec-12-001.log.gz:2024/09/12 11:48:00 wazuh-modulesd:syscollector[2235869] logging_helper.c:40 at taggedLogFunction(): DEBUG: Sync sent: {"component":"syscollector_processes","data":{"attributes":{"argvs":null,"checksum":"7ac0a5091f040b2b1cc124a15e34aabc4c3d3e99","cmd":null,"egroup":"root","euser":"root","fgroup":"root","name":"kswapd0","nice":0,"nlwp":1,"pgrp":0,"pid":"134","ppid":2,"priority":20,"processor":0,"resident":0,"rgroup":"root","ruser":"root","scan_time":"2024/09/12 08:48:00","session":0,"sgroup":"root","share":0,"size":0,"start_time":1725883180,"state":"S","stime":4271,"suser":"root","tgid":134,"tty":0,"utime":0,"vm_size":0},"index":"134","timestamp":""},"type":"state"}
/var/ossec/logs/wazuh/2024/Sep/ossec-12-001.log.gz:2024/09/12 11:48:00 wazuh-modulesd:syscollector[2235869] logging_helper.c:40 at taggedLogFunction(): DEBUG: Sync sent: {"component":"syscollector_processes","data":{"attributes":{"argvs":"-i","checksum":"dc0a65121ce5bb850bc761e16efb52e1dbe15cf0","cmd":"sudo","egroup":"root","euser":"root","fgroup":"root","name":"sudo","nice":0,"nlwp":1,"pgrp":2215755,"pid":"2215755","ppid":2215450,"priority":20,"processor":0,"resident":3252,"rgroup":"root","ruser":"root","scan_time":"2024/09/12 08:48:00","session":2215450,"sgroup":"root","share":666,"size":2344,"start_time":1726040806,"state":"S","stime":0,"suser":"root","tgid":2215755,"tty":34818,"utime":0,"vm_size":9376},"index":"2215755","timestamp":""},"type":"state"}
/var/ossec/logs/wazuh/2024/Sep/ossec-12-001.log.gz:2024/09/12 11:48:00 wazuh-modulesd:syscollector[2235869] logging_helper.c:40 at taggedLogFunction(): DEBUG: Sync sent: {"component":"syscollector_processes","data":{"attributes":{"argvs":null,"checksum":"a5dcee3343c369787d9b315b274c5ee1b5b19262","cmd":"/usr/bin/vmtoolsd","egroup":"root","euser":"root","fgroup":"root","name":"vmtoolsd","nice":0,"nlwp":3,"pgrp":841,"pid":"841","ppid":1,"priority":20,"processor":7,"resident":4112,"rgroup":"root","ruser":"root","scan_time":"2024/09/12 08:48:00","session":841,"sgroup":"root","share":668,"size":59306,"start_time":1725883185,"state":"S","stime":8833,"suser":"root","tgid":841,"tty":0,"utime":9182,"vm_size":237224},"index":"841","timestamp":""},"type":"state"}
/var/ossec/logs/wazuh/2024/Sep/ossec-12-001.log.gz:2024/09/12 11:48:00 wazuh-modulesd:syscollector[2235869] logging_helper.c:40 at taggedLogFunction(): DEBUG: Sync sent: {"component":"syscollector_processes","data":{"attributes":{"argvs":null,"checksum":"9b9851702ade5bb4d476f91062e4953fb9661862","cmd":null,"egroup":"root","euser":"root","fgroup":"root","name":"xfsaild/dm-1","nice":0,"nlwp":1,"pgrp":0,"pid":"783","ppid":2,"priority":20,"processor":7,"resident":0,"rgroup":"root","ruser":"root","scan_time":"2024/09/12 08:48:00","session":0,"sgroup":"root","share":0,"size":0,"start_time":1725883183,"state":"S","stime":1112,"suser":"root","tgid":783,"tty":0,"utime":104,"vm_size":0},"index":"783","timestamp":""},"type":"state"}
/var/ossec/logs/wazuh/2024/Sep/ossec-12-001.log.gz:2024/09/12 11:48:00 wazuh-modulesd:syscollector[2235869] logging_helper.c:40 at taggedLogFunction(): DEBUG: Sync sent: {"component":"syscollector_processes","data":{"attributes":{"argvs":null,"checksum":"3c16bc5f14dd4f3588696b8197cbbd619fa8de94","cmd":null,"egroup":"root","euser":"root","fgroup":"root","name":"kworker/5:1H-kb","nice":-20,"nlwp":1,"pgrp":0,"pid":"762","ppid":2,"priority":0,"processor":5,"resident":0,"rgroup":"root","ruser":"root","scan_time":"2024/09/12 08:48:00","session":0,"sgroup":"root","share":0,"size":0,"start_time":1725883183,"state":"I","stime":3109,"suser":"root","tgid":762,"tty":0,"utime":0,"vm_size":0},"index":"762","timestamp":""},"type":"state"}
/var/ossec/logs/wazuh/2024/Sep/ossec-12-001.log.gz:2024/09/12 11:48:00 wazuh-modulesd:syscollector[2235869] logging_helper.c:40 at taggedLogFunction(): DEBUG: Sync sent: {"component":"syscollector_processes","data":{"attributes":{"argvs":null,"checksum":"65c36dd6e63bcad603e6bbb8c7c4046b29d9f16c","cmd":null,"egroup":"root","euser":"root","fgroup":"root","name":"kworker/4:0-eve","nice":0,"nlwp":1,"pgrp":0,"pid":"2229188","ppid":2,"priority":20,"processor":4,"resident":0,"rgroup":"root","ruser":"root","scan_time":"2024/09/12 08:48:00","session":0,"sgroup":"root","share":0,"size":0,"start_time":1726118222,"state":"I","stime":232,"suser":"root","tgid":2229188,"tty":0,"utime":7,"vm_size":0},"index":"2229188","timestamp":""},"type":"state"}
/var/ossec/logs/wazuh/2024/Sep/ossec-12-001.log.gz:2024/09/12 11:48:00 wazuh-modulesd:syscollector[2235869] logging_helper.c:40 at taggedLogFunction(): DEBUG: Sync sent: {"component":"syscollector_processes","data":{"attributes":{"argvs":null,"checksum":"25311952f71a674894f3b52853d2800f7d8e496b","cmd":null,"egroup":"root","euser":"root","fgroup":"root","name":"kworker/1:1H-xf","nice":-20,"nlwp":1,"pgrp":0,"pid":"845","ppid":2,"priority":0,"processor":1,"resident":0,"rgroup":"root","ruser":"root","scan_time":"2024/09/12 08:48:00","session":0,"sgroup":"root","share":0,"size":0,"start_time":1725883185,"state":"I","stime":1597,"suser":"root","tgid":845,"tty":0,"utime":0,"vm_size":0},"index":"845","timestamp":""},"type":"state"}
/var/ossec/logs/wazuh/2024/Sep/ossec-12-001.log.gz:2024/09/12 11:48:00 wazuh-modulesd:syscollector[2235869] logging_helper.c:40 at taggedLogFunction(): DEBUG: Sync sent: {"component":"syscollector_processes","data":{"attributes":{"argvs":null,"checksum":"afd88564ce2dd214a1fc96fb64fa3ba1d0804263","cmd":"-bash","egroup":"root","euser":"root","fgroup":"root","name":"bash","nice":0,"nlwp":1,"pgrp":2215756,"pid":"2215756","ppid":2215755,"priority":20,"processor":4,"resident":5316,"rgroup":"root","ruser":"root","scan_time":"2024/09/12 08:48:00","session":2215450,"sgroup":"root","share":781,"size":2253,"start_time":1726040806,"state":"S","stime":22,"suser":"root","tgid":2215756,"tty":34818,"utime":21,"vm_size":9012},"index":"2215756","timestamp":""},"type":"state"}
/var/ossec/logs/wazuh/2024/Sep/ossec-12-001.log.gz:2024/09/12 11:48:00 wazuh-modulesd:syscollector[2235869] logging_helper.c:40 at taggedLogFunction(): DEBUG: Sync sent: {"component":"syscollector_processes","data":{"attributes":{"argvs":null,"checksum":"77b725481327b093e2b99ec36c675ebc03bb61e9","cmd":null,"egroup":"root","euser":"root","fgroup":"root","name":"ksoftirqd/2","nice":0,"nlwp":1,"pgrp":0,"pid":"24","ppid":2,"priority":20,"processor":2,"resident":0,"rgroup":"root","ruser":"root","scan_time":"2024/09/12 08:48:00","session":0,"sgroup":"root","share":0,"size":0,"start_time":1725883179,"state":"S","stime":145,"suser":"root","tgid":24,"tty":0,"utime":0,"vm_size":0},"index":"24","timestamp":""},"type":"state"}
/var/ossec/logs/wazuh/2024/Sep/ossec-12-001.log.gz:2024/09/12 11:48:00 wazuh-modulesd:syscollector[2235869] logging_helper.c:40 at taggedLogFunction(): DEBUG: Sync sent: {"component":"syscollector_processes","data":{"attributes":{"argvs":null,"checksum":"809befc474cf9592d2a4f9c6a4ed7f61436d79bd","cmd":null,"egroup":"root","euser":"root","fgroup":"root","name":"kworker/5:2-cgr","nice":0,"nlwp":1,"pgrp":0,"pid":"2229579","ppid":2,"priority":20,"processor":5,"resident":0,"rgroup":"root","ruser":"root","scan_time":"2024/09/12 08:48:00","session":0,"sgroup":"root","share":0,"size":0,"start_time":1726120985,"state":"I","stime":240,"suser":"root","tgid":2229579,"tty":0,"utime":0,"vm_size":0},"index":"2229579","timestamp":""},"type":"state"}
/var/ossec/logs/wazuh/2024/Sep/ossec-12-001.log.gz:2024/09/12 11:48:00 wazuh-modulesd:syscollector[2235869] logging_helper.c:40 at taggedLogFunction(): DEBUG: Sync sent: {"component":"syscollector_processes","data":{"attributes":{"argvs":"-n -iNONE","checksum":"2dc89bf91b7814ef882090455986159bd880779f","cmd":"/usr/sbin/rsyslogd","egroup":"syslog","euser":"syslog","fgroup":"syslog","name":"rsyslogd","nice":0,"nlwp":4,"pgrp":908,"pid":"908","ppid":1,"priority":20,"processor":2,"resident":3284,"rgroup":"syslog","ruser":"syslog","scan_time":"2024/09/12 08:48:00","session":908,"sgroup":"syslog","share":470,"size":56135,"start_time":1725883188,"state":"S","stime":28,"suser":"syslog","tgid":908,"tty":0,"utime":27,"vm_size":224540},"index":"908","timestamp":""},"type":"state"}
/var/ossec/logs/wazuh/2024/Sep/ossec-12-001.log.gz:2024/09/12 11:48:00 wazuh-modulesd:syscollector[2235869] logging_helper.c:40 at taggedLogFunction(): DEBUG: Sync sent: {"component":"syscollector_processes","data":{"attributes":{"argvs":"-c /etc/zabbix/zabbix_agent2.conf","checksum":"747c0ff8f6dc26765dd47b4be700e5139270752f","cmd":"/usr/sbin/zabbix_agent2","egroup":"zabbix","euser":"zabbix","fgroup":"zabbix","name":"zabbix_agent2","nice":0,"nlwp":15,"pgrp":920,"pid":"920","ppid":1,"priority":20,"processor":2,"resident":12772,"rgroup":"zabbix","ruser":"zabbix","scan_time":"2024/09/12 08:48:00","session":920,"sgroup":"zabbix","share":1423,"size":571224,"start_time":1725883188,"state":"S","stime":27087,"suser":"zabbix","tgid":920,"tty":0,"utime":15947,"vm_size":2284896},"index":"920","timestamp":""},"type":"state"}
/var/ossec/logs/wazuh/2024/Sep/ossec-12-001.log.gz:2024/09/12 11:48:00 wazuh-modulesd:syscollector[2235869] logging_helper.c:40 at taggedLogFunction(): DEBUG: Sync sent: {"component":"syscollector_processes","data":{"attributes":{"argvs":"--foreground","checksum":"e21a538957c9037fcc16aecc459db6f16b550b7c","cmd":"/usr/sbin/irqbalance","egroup":"root","euser":"root","fgroup":"root","name":"irqbalance","nice":0,"nlwp":2,"pgrp":884,"pid":"884","ppid":1,"priority":20,"processor":7,"resident":1996,"rgroup":"root","ruser":"root","scan_time":"2024/09/12 08:48:00","session":884,"sgroup":"root","share":424,"size":20493,"start_time":1725883188,"state":"S","stime":471,"suser":"root","tgid":884,"tty":0,"utime":309,"vm_size":81972},"index":"884","timestamp":""},"type":"state"}
/var/ossec/logs/wazuh/2024/Sep/ossec-12-001.log.gz:2024/09/12 11:48:00 wazuh-modulesd:syscollector[2235869] logging_helper.c:40 at taggedLogFunction(): DEBUG: Sync sent: {"component":"syscollector_processes","data":{"attributes":{"argvs":null,"checksum":"c2874c2276834c4a88d5d592add0aea7e16e7881","cmd":null,"egroup":"root","euser":"root","fgroup":"root","name":"kworker/2:0-eve","nice":0,"nlwp":1,"pgrp":0,"pid":"2234517","ppid":2,"priority":20,"processor":2,"resident":0,"rgroup":"root","ruser":"root","scan_time":"2024/09/12 08:48:00","session":0,"sgroup":"root","share":0,"size":0,"start_time":1726126070,"state":"I","stime":20,"suser":"root","tgid":2234517,"tty":0,"utime":3,"vm_size":0},"index":"2234517","timestamp":""},"type":"state"}
/var/ossec/logs/wazuh/2024/Sep/ossec-12-001.log.gz:2024/09/12 11:48:00 wazuh-modulesd:syscollector[2235869] logging_helper.c:40 at taggedLogFunction(): DEBUG: Sync sent: {"component":"syscollector_processes","data":{"attributes":{"argvs":null,"checksum":"852fc990bdfb0df5fb6be55a886b143419c0196c","cmd":null,"egroup":"root","euser":"root","fgroup":"root","name":"irq/16-vmwgfx","nice":0,"nlwp":1,"pgrp":0,"pid":"389","ppid":2,"priority":-51,"processor":5,"resident":0,"rgroup":"root","ruser":"root","scan_time":"2024/09/12 08:48:00","session":0,"sgroup":"root","share":0,"size":0,"start_time":1725883181,"state":"S","stime":358,"suser":"root","tgid":389,"tty":0,"utime":1226,"vm_size":0},"index":"389","timestamp":""},"type":"state"}
/var/ossec/logs/wazuh/2024/Sep/ossec-12-001.log.gz:2024/09/12 11:48:00 wazuh-modulesd:syscollector[2235869] logging_helper.c:40 at taggedLogFunction(): DEBUG: Sync sent: {"component":"syscollector_processes","data":{"attributes":{"argvs":null,"checksum":"73ac0b7a9774906e3fd30a84e801e1d44d011cf6","cmd":null,"egroup":"root","euser":"root","fgroup":"root","name":"kworker/6:2-xfs","nice":0,"nlwp":1,"pgrp":0,"pid":"2234822","ppid":2,"priority":20,"processor":6,"resident":0,"rgroup":"root","ruser":"root","scan_time":"2024/09/12 08:48:00","session":0,"sgroup":"root","share":0,"size":0,"start_time":1726129404,"state":"I","stime":9,"suser":"root","tgid":2234822,"tty":0,"utime":0,"vm_size":0},"index":"2234822","timestamp":""},"type":"state"}
/var/ossec/logs/wazuh/2024/Sep/ossec-12-001.log.gz:2024/09/12 11:48:00 wazuh-modulesd:syscollector[2235869] logging_helper.c:40 at taggedLogFunction(): DEBUG: Sync sent: {"component":"syscollector_processes","data":{"attributes":{"argvs":null,"checksum":"42f9aae4f1891aa0bb067dcee2e0e2ffe5a9d11d","cmd":null,"egroup":"root","euser":"root","fgroup":"root","name":"kworker/7:1-eve","nice":0,"nlwp":1,"pgrp":0,"pid":"2235226","ppid":2,"priority":20,"processor":7,"resident":0,"rgroup":"root","ruser":"root","scan_time":"2024/09/12 08:48:00","session":0,"sgroup":"root","share":0,"size":0,"start_time":1726130295,"state":"I","stime":0,"suser":"root","tgid":2235226,"tty":0,"utime":3,"vm_size":0},"index":"2235226","timestamp":""},"type":"state"}
/var/ossec/logs/wazuh/2024/Sep/ossec-12-001.log.gz:2024/09/12 11:48:00 wazuh-modulesd:syscollector[2235869] logging_helper.c:40 at taggedLogFunction(): DEBUG: Sync sent: {"component":"syscollector_processes","data":{"attributes":{"argvs":null,"checksum":"fb3cee3707ba7979c0afc347d0f38bd476873dc3","cmd":null,"egroup":"root","euser":"root","fgroup":"root","name":"kworker/0:1H-kb","nice":-20,"nlwp":1,"pgrp":0,"pid":"734","ppid":2,"priority":0,"processor":0,"resident":0,"rgroup":"root","ruser":"root","scan_time":"2024/09/12 08:48:00","session":0,"sgroup":"root","share":0,"size":0,"start_time":1725883183,"state":"I","stime":1675,"suser":"root","tgid":734,"tty":0,"utime":0,"vm_size":0},"index":"734","timestamp":""},"type":"state"}
/var/ossec/logs/wazuh/2024/Sep/ossec-12-001.log.gz:2024/09/12 11:48:00 wazuh-modulesd:syscollector[2235869] logging_helper.c:40 at taggedLogFunction(): DEBUG: Sync sent: {"component":"syscollector_processes","data":{"attributes":{"argvs":null,"checksum":"9d7200a21445e80f098c568b1486b869c4ba0852","cmd":null,"egroup":"root","euser":"root","fgroup":"root","name":"kworker/4:1H-kb","nice":-20,"nlwp":1,"pgrp":0,"pid":"427","ppid":2,"priority":0,"processor":4,"resident":0,"rgroup":"root","ruser":"root","scan_time":"2024/09/12 08:48:00","session":0,"sgroup":"root","share":0,"size":0,"start_time":1725883181,"state":"I","stime":2666,"suser":"root","tgid":427,"tty":0,"utime":0,"vm_size":0},"index":"427","timestamp":""},"type":"state"}
/var/ossec/logs/wazuh/2024/Sep/ossec-12-001.log.gz:2024/09/12 11:48:00 wazuh-modulesd:syscollector[2235869] logging_helper.c:40 at taggedLogFunction(): DEBUG: Sync sent: {"component":"syscollector_processes","data":{"attributes":{"argvs":null,"checksum":"d30b49abced9af6de857fa291a8d2af1a37ebaea","cmd":"/lib/systemd/systemd-resolved","egroup":"systemd-resolve","euser":"systemd-resolve","fgroup":"systemd-resolve","name":"systemd-resolve","nice":0,"nlwp":1,"pgrp":866,"pid":"866","ppid":1,"priority":20,"processor":7,"resident":3284,"rgroup":"systemd-resolve","ruser":"systemd-resolve","scan_time":"2024/09/12 08:48:00","session":866,"sgroup":"systemd-resolve","share":576,"size":6171,"start_time":1725883185,"state":"S","stime":24,"suser":"systemd-resolve","tgid":866,"tty":0,"utime":24,"vm_size":24684},"index":"866","timestamp":""},"type":"state"}
/var/ossec/logs/wazuh/2024/Sep/ossec-12-001.log.gz:2024/09/12 11:48:00 wazuh-modulesd:syscollector[2235869] logging_helper.c:40 at taggedLogFunction(): DEBUG: Sync sent: {"component":"syscollector_processes","data":{"attributes":{"argvs":null,"checksum":"3c85c85da2256b991de9e4c3b560158bc2fe2b33","cmd":null,"egroup":"root","euser":"root","fgroup":"root","name":"kworker/u256:0-","nice":0,"nlwp":1,"pgrp":0,"pid":"2235262","ppid":2,"priority":20,"processor":1,"resident":0,"rgroup":"root","ruser":"root","scan_time":"2024/09/12 08:48:00","session":0,"sgroup":"root","share":0,"size":0,"start_time":1726130756,"state":"I","stime":0,"suser":"root","tgid":2235262,"tty":0,"utime":1,"vm_size":0},"index":"2235262","timestamp":""},"type":"state"}
/var/ossec/logs/wazuh/2024/Sep/ossec-12-001.log.gz:2024/09/12 11:48:00 wazuh-modulesd:syscollector[2235869] logging_helper.c:40 at taggedLogFunction(): DEBUG: Sync sent: {"component":"syscollector_processes","data":{"attributes":{"argvs":null,"checksum":"ad01fc856c09f3a51196eb9efad457ea012b6515","cmd":"-bash","egroup":"dsinitin","euser":"dsinitin","fgroup":"dsinitin","name":"bash","nice":0,"nlwp":1,"pgrp":2197982,"pid":"2197982","ppid":2197979,"priority":20,"processor":0,"resident":1904,"rgroup":"dsinitin","ruser":"dsinitin","scan_time":"2024/09/12 08:48:00","session":2197982,"sgroup":"dsinitin","share":362,"size":2132,"start_time":1725963660,"state":"S","stime":3,"suser":"dsinitin","tgid":2197982,"tty":34817,"utime":3,"vm_size":8528},"index":"2197982","timestamp":""},"type":"state"}
/var/ossec/logs/wazuh/2024/Sep/ossec-12-001.log.gz:2024/09/12 11:48:00 wazuh-modulesd:syscollector[2235869] logging_helper.c:40 at taggedLogFunction(): DEBUG: Sync sent: {"component":"syscollector_processes","data":{"attributes":{"argvs":null,"checksum":"b765b0b5304a1304c6fd1ff318a07831ca6db130","cmd":"nginx: worker process","egroup":"www-data","euser":"www-data","fgroup":"www-data","name":"nginx","nice":0,"nlwp":1,"pgrp":928,"pid":"933","ppid":928,"priority":20,"processor":7,"resident":2104,"rgroup":"www-data","ruser":"www-data","scan_time":"2024/09/12 08:48:00","session":928,"sgroup":"www-data","share":367,"size":6076,"start_time":1725883188,"state":"S","stime":0,"suser":"www-data","tgid":933,"tty":0,"utime":0,"vm_size":24304},"index":"933","timestamp":""},"type":"state"}
/var/ossec/logs/wazuh/2024/Sep/ossec-12-001.log.gz:2024/09/12 11:48:00 wazuh-modulesd:syscollector[2235869] logging_helper.c:40 at taggedLogFunction(): DEBUG: Sync sent: {"component":"syscollector_processes","data":{"attributes":{"argvs":"-p /var/run/ntpd.pid -g -u 118:121","checksum":"3dd6e9a6e11c7eacdda3f529b07b7998fe085c92","cmd":"/usr/sbin/ntpd","egroup":"ntp","euser":"ntp","fgroup":"ntp","name":"ntpd","nice":0,"nlwp":2,"pgrp":944,"pid":"944","ppid":1,"priority":20,"processor":0,"resident":2448,"rgroup":"ntp","ruser":"ntp","scan_time":"2024/09/12 08:48:00","session":944,"sgroup":"ntp","share":463,"size":18714,"start_time":1725883188,"state":"S","stime":0,"suser":"ntp","tgid":944,"tty":0,"utime":1075,"vm_size":74856},"index":"944","timestamp":""},"type":"state"}
/var/ossec/logs/wazuh/2024/Sep/ossec-12-001.log.gz:2024/09/12 11:48:01 wazuh-modulesd:syscollector[2235869] logging_helper.c:40 at taggedLogFunction(): DEBUG: Sync sent: {"component":"syscollector_processes","data":{"attributes":{"argvs":null,"checksum":"e03dfb93a93b20f561e4222d32c25caa901c8075","cmd":"/usr/lib/accountsservice/accounts-daemon","egroup":"root","euser":"root","fgroup":"root","name":"accounts-daemon","nice":0,"nlwp":3,"pgrp":875,"pid":"875","ppid":1,"priority":20,"processor":3,"resident":3804,"rgroup":"root","ruser":"root","scan_time":"2024/09/12 08:48:00","session":875,"sgroup":"root","share":615,"size":59069,"start_time":1725883188,"state":"S","stime":137,"suser":"root","tgid":875,"tty":0,"utime":207,"vm_size":236276},"index":"875","timestamp":""},"type":"state"}
/var/ossec/logs/wazuh/2024/Sep/ossec-12-001.log.gz:2024/09/12 11:48:01 wazuh-modulesd:syscollector[2235869] logging_helper.c:40 at taggedLogFunction(): DEBUG: Sync sent: {"component":"syscollector_processes","data":{"attributes":{"argvs":null,"checksum":"d11f13da3f58364ccbecffbfbe6d87d1e4a76e87","cmd":"/lib/systemd/systemd-logind","egroup":"root","euser":"root","fgroup":"root","name":"systemd-logind","nice":0,"nlwp":1,"pgrp":913,"pid":"913","ppid":1,"priority":20,"processor":1,"resident":3968,"rgroup":"root","ruser":"root","scan_time":"2024/09/12 08:48:00","session":913,"sgroup":"root","share":768,"size":4433,"start_time":1725883188,"state":"S","stime":23,"suser":"root","tgid":913,"tty":0,"utime":18,"vm_size":17732},"index":"913","timestamp":""},"type":"state"}
/var/ossec/logs/wazuh/2024/Sep/ossec-12-001.log.gz:2024/09/12 11:48:01 wazuh-modulesd:syscollector[2235869] logging_helper.c:40 at taggedLogFunction(): DEBUG: Sync sent: {"component":"syscollector_processes","data":{"attributes":{"argvs":null,"checksum":"e961d054762071b3011b562b13da19650ca6b25b","cmd":"/usr/lib/udisks2/udisksd","egroup":"root","euser":"root","fgroup":"root","name":"udisksd","nice":0,"nlwp":5,"pgrp":916,"pid":"916","ppid":1,"priority":20,"processor":2,"resident":3988,"rgroup":"root","ruser":"root","scan_time":"2024/09/12 08:48:00","session":916,"sgroup":"root","share":524,"size":98395,"start_time":1725883188,"state":"S","stime":14,"suser":"root","tgid":916,"tty":0,"utime":16,"vm_size":393580},"index":"916","timestamp":""},"type":"state"}
/var/ossec/logs/wazuh/2024/Sep/ossec-12.log.gz:2024/09/12 08:48:03 wazuh-modulesd:osquery[2219075] wm_osquery_monitor.c:88 at Read_Log(): WARNING: Results file '/var/log/osquery/osqueryd.results.log' not available: No such file or directory (2). Retrying in 60 sec.
/var/ossec/logs/wazuh/2024/Sep/ossec-12.log.gz:2024/09/12 08:48:41 wazuh-modulesd:vulnerability-scanner[2219075] osScanner.hpp:346 at handleRequest(): DEBUG: Vulnerability scan for OS 'Ubuntu' on Agent '138' has completed.
/var/ossec/logs/wazuh/2024/Sep/ossec-12.log.gz:2024/09/12 08:48:41 wazuh-modulesd:vulnerability-scanner[2219075] eventDetailsBuilder.hpp:101 at handleRequest(): DEBUG: Building event details for component type: 2
/var/ossec/logs/wazuh/2024/Sep/ossec-12.log.gz:2024/09/12 08:48:41 wazuh-modulesd:vulnerability-scanner[2219075] scanOrchestrator.hpp:299 at run(): DEBUG: Event type: 3 processed
/var/ossec/logs/wazuh/2024/Sep/ossec-12.log.gz:2024/09/12 08:48:45 wazuh-modulesd:vulnerability-scanner[2219075] scanOrchestrator.hpp:299 at run(): DEBUG: Event type: 11 processed
/var/ossec/logs/wazuh/2024/Sep/ossec-12.log.gz:2024/09/12 08:48:45 indexer-connector[2219075] indexerConnector.cpp:437 at operator()(): DEBUG: Syncing agent '138' with the indexer.
/var/ossec/logs/wazuh/2024/Sep/ossec-12.log.gz:2024/09/12 08:48:45 indexer-connector[2219075] indexerConnector.cpp:446 at operator()(): WARNING: Failed to sync agent '138' with the indexer.
/var/ossec/logs/wazuh/2024/Sep/ossec-12.log.gz:2024/09/12 08:48:45 indexer-connector[2219075] indexerConnector.cpp:447 at operator()(): DEBUG: Error: No available server
```
```
/var/log/wazuh-indexer/wazuh-cluster_deprecation.log:[2024-09-12T08:48:56,637][DEPRECATION][o.o.d.s.a.b.h.DateHistogramAggregationBuilder] [CEC-Wazuh-Indexer-01P] [interval] on [date_histogram] is deprecated, use [fixed_interval] or [calendar_interval] in the future.
/var/log/wazuh-indexer/wazuh-cluster_deprecation.log:[2024-09-12T08:48:57,205][DEPRECATION][o.o.d.s.a.b.h.DateHistogramAggregationBuilder] [CEC-Wazuh-Indexer-01P] [interval] on [date_histogram] is deprecated, use [fixed_interval] or [calendar_interval] in the future.
/var/log/wazuh-indexer/wazuh-cluster_deprecation.log:[2024-09-12T08:48:57,384][DEPRECATION][o.o.d.s.a.b.h.DateHistogramAggregationBuilder] [CEC-Wazuh-Indexer-01P] [interval] on [date_histogram] is deprecated, use [fixed_interval] or [calendar_interval] in the future.
/var/log/wazuh-indexer/wazuh-cluster_deprecation.log:[2024-09-12T08:48:57,511][DEPRECATION][o.o.d.s.a.b.h.DateHistogramAggregationBuilder] [CEC-Wazuh-Indexer-01P] [interval] on [date_histogram] is deprecated, use [fixed_interval] or [calendar_interval] in the future.
/var/log/wazuh-indexer/wazuh-cluster_deprecation.log:[2024-09-12T08:48:57,573][DEPRECATION][o.o.d.s.a.b.h.DateHistogramAggregationBuilder] [CEC-Wazuh-Indexer-01P] [interval] on [date_histogram] is deprecated, use [fixed_interval] or [calendar_interval] in the future.
/var/log/wazuh-indexer/wazuh-cluster_deprecation.log:[2024-09-12T08:48:57,815][DEPRECATION][o.o.d.s.a.b.h.DateHistogramAggregationBuilder] [CEC-Wazuh-Indexer-01P] [interval] on [date_histogram] is deprecated, use [fixed_interval] or [calendar_interval] in the future.
/var/log/wazuh-indexer/wazuh-cluster_deprecation.log:[2024-09-12T08:48:57,935][DEPRECATION][o.o.d.s.a.b.h.DateHistogramAggregationBuilder] [CEC-Wazuh-Indexer-01P] [interval] on [date_histogram] is deprecated, use [fixed_interval] or [calendar_interval] in the future.
/var/log/wazuh-indexer/wazuh-cluster_deprecation.log:[2024-09-12T08:48:58,104][DEPRECATION][o.o.d.s.a.b.h.DateHistogramAggregationBuilder] [CEC-Wazuh-Indexer-01P] [interval] on [date_histogram] is deprecated, use [fixed_interval] or [calendar_interval] in the future.
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:00,936][WARN ][o.o.p.c.u.JsonConverter ] [CEC-Wazuh-Indexer-01P] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:05,936][WARN ][o.o.p.c.u.JsonConverter ] [CEC-Wazuh-Indexer-01P] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:10,937][WARN ][o.o.p.c.u.JsonConverter ] [CEC-Wazuh-Indexer-01P] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:15,938][WARN ][o.o.p.c.u.JsonConverter ] [CEC-Wazuh-Indexer-01P] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:20,939][WARN ][o.o.p.c.u.JsonConverter ] [CEC-Wazuh-Indexer-01P] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:25,939][WARN ][o.o.p.c.u.JsonConverter ] [CEC-Wazuh-Indexer-01P] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:30,939][WARN ][o.o.p.c.u.JsonConverter ] [CEC-Wazuh-Indexer-01P] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:35,940][WARN ][o.o.p.c.u.JsonConverter ] [CEC-Wazuh-Indexer-01P] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:40,940][WARN ][o.o.p.c.u.JsonConverter ] [CEC-Wazuh-Indexer-01P] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:45,941][WARN ][o.o.p.c.u.JsonConverter ] [CEC-Wazuh-Indexer-01P] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:50,941][WARN ][o.o.p.c.u.JsonConverter ] [CEC-Wazuh-Indexer-01P] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:55,942][WARN ][o.o.p.c.u.JsonConverter ] [CEC-Wazuh-Indexer-01P] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:56,638][INFO ][o.o.a.t.TransportExecuteMonitorAction] [CEC-Wazuh-Indexer-01P] Executing monitor from API - id: , type: QUERY_LEVEL_MONITOR, periodStart: 2024-09-12T05:47:56.637Z, periodEnd: 2024-09-12T05:48:56.637Z, dryrun: true
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:56,638][INFO ][o.o.a.t.TransportExecuteMonitorAction] [CEC-Wazuh-Indexer-01P] Executing monitor from API - id: , type: QUERY_LEVEL_MONITOR, periodStart: 2024-09-12T05:47:56.637Z, periodEnd: 2024-09-12T05:48:56.637Z, dryrun: true
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:56,638][INFO ][o.o.a.MonitorRunnerService] [CEC-Wazuh-Indexer-01P] Executing scheduled monitor - id: , type: QUERY_LEVEL_MONITOR, periodStart: 2024-09-12T05:47:56.637Z, periodEnd: 2024-09-12T05:48:56.637Z, dryrun: true, executionId: _2024-09-12T05:48:56.638859061_77bc38e7-1cfd-401a-be80-9eedb706ce78
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:56,640][INFO ][o.o.a.MonitorRunnerService] [CEC-Wazuh-Indexer-01P] Executing scheduled monitor - id: , type: QUERY_LEVEL_MONITOR, periodStart: 2024-09-12T05:47:56.637Z, periodEnd: 2024-09-12T05:48:56.637Z, dryrun: true, executionId: _2024-09-12T05:48:56.640478979_2a0e7be5-8918-4967-be06-b30d69a0096e
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:57,206][INFO ][o.o.a.t.TransportExecuteMonitorAction] [CEC-Wazuh-Indexer-01P] Executing monitor from API - id: , type: QUERY_LEVEL_MONITOR, periodStart: 2024-09-12T05:47:57.204Z, periodEnd: 2024-09-12T05:48:57.204Z, dryrun: true
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:57,206][INFO ][o.o.a.t.TransportExecuteMonitorAction] [CEC-Wazuh-Indexer-01P] Executing monitor from API - id: , type: QUERY_LEVEL_MONITOR, periodStart: 2024-09-12T05:47:57.204Z, periodEnd: 2024-09-12T05:48:57.204Z, dryrun: true
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:57,206][INFO ][o.o.a.MonitorRunnerService] [CEC-Wazuh-Indexer-01P] Executing scheduled monitor - id: , type: QUERY_LEVEL_MONITOR, periodStart: 2024-09-12T05:47:57.204Z, periodEnd: 2024-09-12T05:48:57.204Z, dryrun: true, executionId: _2024-09-12T05:48:57.206689963_83e90ba2-bbfe-455e-9b5b-9c667776fe19
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:57,207][INFO ][o.o.a.MonitorRunnerService] [CEC-Wazuh-Indexer-01P] Executing scheduled monitor - id: , type: QUERY_LEVEL_MONITOR, periodStart: 2024-09-12T05:47:57.204Z, periodEnd: 2024-09-12T05:48:57.204Z, dryrun: true, executionId: _2024-09-12T05:48:57.207082809_326e49aa-2e30-474b-8509-9356b1516e51
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:57,385][INFO ][o.o.a.t.TransportExecuteMonitorAction] [CEC-Wazuh-Indexer-01P] Executing monitor from API - id: , type: QUERY_LEVEL_MONITOR, periodStart: 2024-09-12T05:47:57.384Z, periodEnd: 2024-09-12T05:48:57.384Z, dryrun: true
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:57,385][INFO ][o.o.a.MonitorRunnerService] [CEC-Wazuh-Indexer-01P] Executing scheduled monitor - id: , type: QUERY_LEVEL_MONITOR, periodStart: 2024-09-12T05:47:57.384Z, periodEnd: 2024-09-12T05:48:57.384Z, dryrun: true, executionId: _2024-09-12T05:48:57.385601799_076552ff-ab0a-4c65-bc8a-9026b6a0d3bf
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:57,385][INFO ][o.o.a.t.TransportExecuteMonitorAction] [CEC-Wazuh-Indexer-01P] Executing monitor from API - id: , type: QUERY_LEVEL_MONITOR, periodStart: 2024-09-12T05:47:57.384Z, periodEnd: 2024-09-12T05:48:57.384Z, dryrun: true
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:57,386][INFO ][o.o.a.MonitorRunnerService] [CEC-Wazuh-Indexer-01P] Executing scheduled monitor - id: , type: QUERY_LEVEL_MONITOR, periodStart: 2024-09-12T05:47:57.384Z, periodEnd: 2024-09-12T05:48:57.384Z, dryrun: true, executionId: _2024-09-12T05:48:57.386550983_7db6777c-eed8-4aee-8d9c-54d1208904f3
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:57,513][INFO ][o.o.a.t.TransportExecuteMonitorAction] [CEC-Wazuh-Indexer-01P] Executing monitor from API - id: , type: QUERY_LEVEL_MONITOR, periodStart: 2024-09-12T05:47:57.511Z, periodEnd: 2024-09-12T05:48:57.511Z, dryrun: true
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:57,513][INFO ][o.o.a.MonitorRunnerService] [CEC-Wazuh-Indexer-01P] Executing scheduled monitor - id: , type: QUERY_LEVEL_MONITOR, periodStart: 2024-09-12T05:47:57.511Z, periodEnd: 2024-09-12T05:48:57.511Z, dryrun: true, executionId: _2024-09-12T05:48:57.513456308_b543332a-c2c9-47db-a59d-f8303fa04772
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:57,515][INFO ][o.o.a.t.TransportExecuteMonitorAction] [CEC-Wazuh-Indexer-01P] Executing monitor from API - id: , type: QUERY_LEVEL_MONITOR, periodStart: 2024-09-12T05:47:57.513Z, periodEnd: 2024-09-12T05:48:57.513Z, dryrun: true
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:57,516][INFO ][o.o.a.MonitorRunnerService] [CEC-Wazuh-Indexer-01P] Executing scheduled monitor - id: , type: QUERY_LEVEL_MONITOR, periodStart: 2024-09-12T05:47:57.513Z, periodEnd: 2024-09-12T05:48:57.513Z, dryrun: true, executionId: _2024-09-12T05:48:57.516552414_a42a47f8-1bac-45b6-970a-efe3d2b7e2b5
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:57,574][INFO ][o.o.a.t.TransportExecuteMonitorAction] [CEC-Wazuh-Indexer-01P] Executing monitor from API - id: , type: QUERY_LEVEL_MONITOR, periodStart: 2024-09-12T05:47:57.573Z, periodEnd: 2024-09-12T05:48:57.573Z, dryrun: true
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:57,574][INFO ][o.o.a.MonitorRunnerService] [CEC-Wazuh-Indexer-01P] Executing scheduled monitor - id: , type: QUERY_LEVEL_MONITOR, periodStart: 2024-09-12T05:47:57.573Z, periodEnd: 2024-09-12T05:48:57.573Z, dryrun: true, executionId: _2024-09-12T05:48:57.574646500_e1f1846f-d92b-4fc5-bed4-a4c7f4b74131
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:57,574][INFO ][o.o.a.t.TransportExecuteMonitorAction] [CEC-Wazuh-Indexer-01P] Executing monitor from API - id: , type: QUERY_LEVEL_MONITOR, periodStart: 2024-09-12T05:47:57.574Z, periodEnd: 2024-09-12T05:48:57.574Z, dryrun: true
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:57,576][INFO ][o.o.a.MonitorRunnerService] [CEC-Wazuh-Indexer-01P] Executing scheduled monitor - id: , type: QUERY_LEVEL_MONITOR, periodStart: 2024-09-12T05:47:57.574Z, periodEnd: 2024-09-12T05:48:57.574Z, dryrun: true, executionId: _2024-09-12T05:48:57.576081514_77cf4459-4729-42c6-800f-e05026f4f810
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:57,815][INFO ][o.o.a.t.TransportExecuteMonitorAction] [CEC-Wazuh-Indexer-01P] Executing monitor from API - id: , type: QUERY_LEVEL_MONITOR, periodStart: 2024-09-12T05:47:57.814Z, periodEnd: 2024-09-12T05:48:57.814Z, dryrun: true
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:57,816][INFO ][o.o.a.MonitorRunnerService] [CEC-Wazuh-Indexer-01P] Executing scheduled monitor - id: , type: QUERY_LEVEL_MONITOR, periodStart: 2024-09-12T05:47:57.814Z, periodEnd: 2024-09-12T05:48:57.814Z, dryrun: true, executionId: _2024-09-12T05:48:57.816219858_9457a6c1-97d9-4652-bf6e-18ccab490843
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:57,816][INFO ][o.o.a.t.TransportExecuteMonitorAction] [CEC-Wazuh-Indexer-01P] Executing monitor from API - id: , type: QUERY_LEVEL_MONITOR, periodStart: 2024-09-12T05:47:57.815Z, periodEnd: 2024-09-12T05:48:57.815Z, dryrun: true
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:57,816][INFO ][o.o.a.MonitorRunnerService] [CEC-Wazuh-Indexer-01P] Executing scheduled monitor - id: , type: QUERY_LEVEL_MONITOR, periodStart: 2024-09-12T05:47:57.815Z, periodEnd: 2024-09-12T05:48:57.815Z, dryrun: true, executionId: _2024-09-12T05:48:57.816700993_7ef07735-6c72-4c4c-9048-6caf4c70094a
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:57,936][INFO ][o.o.a.t.TransportExecuteMonitorAction] [CEC-Wazuh-Indexer-01P] Executing monitor from API - id: , type: QUERY_LEVEL_MONITOR, periodStart: 2024-09-12T05:47:57.935Z, periodEnd: 2024-09-12T05:48:57.935Z, dryrun: true
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:57,936][INFO ][o.o.a.MonitorRunnerService] [CEC-Wazuh-Indexer-01P] Executing scheduled monitor - id: , type: QUERY_LEVEL_MONITOR, periodStart: 2024-09-12T05:47:57.935Z, periodEnd: 2024-09-12T05:48:57.935Z, dryrun: true, executionId: _2024-09-12T05:48:57.936561356_79575b4a-4cab-4f1d-9a1d-2119569b6575
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:57,937][INFO ][o.o.a.t.TransportExecuteMonitorAction] [CEC-Wazuh-Indexer-01P] Executing monitor from API - id: , type: QUERY_LEVEL_MONITOR, periodStart: 2024-09-12T05:47:57.936Z, periodEnd: 2024-09-12T05:48:57.936Z, dryrun: true
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:57,938][INFO ][o.o.a.MonitorRunnerService] [CEC-Wazuh-Indexer-01P] Executing scheduled monitor - id: , type: QUERY_LEVEL_MONITOR, periodStart: 2024-09-12T05:47:57.936Z, periodEnd: 2024-09-12T05:48:57.936Z, dryrun: true, executionId: _2024-09-12T05:48:57.938148566_c6cccc45-4a4f-4477-8c60-01b8d4d55937
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:58,105][INFO ][o.o.a.t.TransportExecuteMonitorAction] [CEC-Wazuh-Indexer-01P] Executing monitor from API - id: , type: QUERY_LEVEL_MONITOR, periodStart: 2024-09-12T05:47:58.104Z, periodEnd: 2024-09-12T05:48:58.104Z, dryrun: true
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:58,105][INFO ][o.o.a.MonitorRunnerService] [CEC-Wazuh-Indexer-01P] Executing scheduled monitor - id: , type: QUERY_LEVEL_MONITOR, periodStart: 2024-09-12T05:47:58.104Z, periodEnd: 2024-09-12T05:48:58.104Z, dryrun: true, executionId: _2024-09-12T05:48:58.105707288_fa4c38c4-feed-451a-9aa1-d1927385bb1c
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:58,105][INFO ][o.o.a.t.TransportExecuteMonitorAction] [CEC-Wazuh-Indexer-01P] Executing monitor from API - id: , type: QUERY_LEVEL_MONITOR, periodStart: 2024-09-12T05:47:58.104Z, periodEnd: 2024-09-12T05:48:58.104Z, dryrun: true
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:58,107][INFO ][o.o.a.MonitorRunnerService] [CEC-Wazuh-Indexer-01P] Executing scheduled monitor - id: , type: QUERY_LEVEL_MONITOR, periodStart: 2024-09-12T05:47:58.104Z, periodEnd: 2024-09-12T05:48:58.104Z, dryrun: true, executionId: _2024-09-12T05:48:58.106967789_b3285edf-bbc1-47cc-827e-fb69b887a465
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T11:48:54,580][INFO ][o.o.a.MonitorRunnerService] [CEC-Wazuh-Indexer-01P] Executing scheduled monitor - id: gsbH5JEBJI-FhZ_M8mWQ, type: QUERY_LEVEL_MONITOR, periodStart: 2024-09-12T08:47:54.574Z, periodEnd: 2024-09-12T08:48:54.574Z, dryrun: false, executionId: gsbH5JEBJI-FhZ_M8mWQ_2024-09-12T08:48:54.580169321_9292f6f8-3b02-4aec-aa0f-0fd9fee7ea86
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T11:49:54,580][INFO ][o.o.a.MonitorRunnerService] [CEC-Wazuh-Indexer-01P] Executing scheduled monitor - id: gsbH5JEBJI-FhZ_M8mWQ, type: QUERY_LEVEL_MONITOR, periodStart: 2024-09-12T08:48:54.574Z, periodEnd: 2024-09-12T08:49:54.574Z, dryrun: false, executionId: gsbH5JEBJI-FhZ_M8mWQ_2024-09-12T08:49:54.580454444_de3854a5-93b6-4b65-9a22-d1959659e6ba
```
What possibly i did in that moment - played with alert monitors - added this one (screenshots)
I deleted it now and il logs i see huge amount of messages (still in process for all agents:
```
2024/09/12 19:48:33 wazuh-modulesd:vulnerability-scanner[19419] resultIndexer.hpp:62 at handleRequest(): DEBUG: Processing and publish key: 039_c8e212e22912842bcc7c378aa13b1ac004fe4f2b_CVE-2020-26144
2024/09/12 19:48:33 wazuh-modulesd:vulnerability-scanner[19419] resultIndexer.hpp:62 at handleRequest(): DEBUG: Processing and publish key: 039_c8e212e22912842bcc7c378aa13b1ac004fe4f2b_CVE-2024-42067
2024/09/12 19:48:33 wazuh-modulesd:vulnerability-scanner[19419] resultIndexer.hpp:62 at handleRequest(): DEBUG: Processing and publish key: 039_c8e212e22912842bcc7c378aa13b1ac004fe4f2b_CVE-2024-26845
2024/09/12 19:48:33 wazuh-modulesd:vulnerability-scanner[19419] resultIndexer.hpp:62 at handleRequest(): DEBUG: Processing and publish key: 039_c8e212e22912842bcc7c378aa13b1ac004fe4f2b_CVE-2022-48770
2024/09/12 19:48:33 wazuh-modulesd:vulnerability-scanner[19419] resultIndexer.hpp:62 at handleRequest(): DEBUG: Processing and publish key: 039_c8e212e22912842bcc7c378aa13b1ac004fe4f2b_CVE-2016-0821
2024/09/12 19:48:33 wazuh-modulesd:vulnerability-scanner[19419] resultIndexer.hpp:62 at handleRequest(): DEBUG: Processing and publish key: 039_c8e212e22912842bcc7c378aa13b1ac004fe4f2b_CVE-2024-42225
2024/09/12 19:48:33 wazuh-modulesd:vulnerability-scanner[19419] resultIndexer.hpp:62 at handleRequest(): DEBUG: Processing and publish key: 039_c8e212e22912842bcc7c378aa13b1ac004fe4f2b_CVE-2021-47421
2024/09/12 19:48:33 wazuh-modulesd:vulnerability-scanner[19419] resultIndexer.hpp:62 at handleRequest(): DEBUG: Processing and publish key: 039_c8e212e22912842bcc7c378aa13b1ac004fe4f2b_CVE-2024-26854
2024/09/12 19:48:33 wazuh-modulesd:vulnerability-scanner[19419] resultIndexer.hpp:62 at handleRequest(): DEBUG: Processing and publish key: 039_c8e212e22912842bcc7c378aa13b1ac004fe4f2b_CVE-2020-27067
2024/09/12 19:48:33 wazuh-modulesd:vulnerability-scanner[19419] resultIndexer.hpp:62 at handleRequest(): DEBUG: Processing and publish key: 039_c8e212e22912842bcc7c378aa13b1ac004fe4f2b_CVE-2023-52740
2024/09/12 19:48:33 wazuh-modulesd:vulnerability-scanner[19419] resultIndexer.hpp:62 at handleRequest(): DEBUG: Processing and publish key: 039_c8e212e22912842bcc7c378aa13b1ac004fe4f2b_CVE-2021-47197
2024/09/12 19:48:33 wazuh-modulesd:vulnerability-scanner[19419] resultIndexer.hpp:62 at handleRequest(): DEBUG: Processing and publish key: 039_c8e212e22912842bcc7c378aa13b1ac004fe4f2b_CVE-2020-27786
2024/09/12 19:48:33 wazuh-modulesd:vulnerability-scanner[19419] resultIndexer.hpp:62 at handleRequest(): DEBUG: Processing and publish key: 039_c8e212e22912842bcc7c378aa13b1ac004fe4f2b_CVE-2024-27410
```
The cluster is still in yellow state
```
curl -s --cacert /etc/filebeat/certs/root-ca.pem --cert /etc/filebeat/certs/filebeat.pem --key /etc/filebeat/certs/filebeat-key.pem -u admin:$PASS -XGET https://$)indexer_node}:9200/_cluster/health?pretty
{
"cluster_name" : "wazuh-cluster",
"status" : "yellow",
"timed_out" : false,
"number_of_nodes" : 1,
"number_of_data_nodes" : 1,
"discovered_master" : true,
"discovered_cluster_manager" : true,
"active_primary_shards" : 105,
"active_shards" : 105,
"relocating_shards" : 0,
"initializing_shards" : 0,
"unassigned_shards" : 4,
"delayed_unassigned_shards" : 0,
"number_of_pending_tasks" : 0,
"number_of_in_flight_fetch" : 0,
"task_max_waiting_in_queue_millis" : 0,
"active_shards_percent_as_number" : 96.3302752293578
}
```
Will investigate as mutch as i can, if you have suggestions where can we look for more informative messages related to this problem - will be glad to help
Today i got this error also. I have 4.8.2 -> 4.9.0 update and it worked several days.
Suddenly morniing i got the same situation - cluster status (single node btw) is in yellow state.
There are some duplicated shards with unassigned state:
```
curl -s --cacert /etc/filebeat/certs/root-ca.pem --cert /etc/filebeat/certs/filebeat.pem --key /etc/filebeat/certs/filebeat-key.pem -u admin:$PASS -XGET https://${indexer_node}:9200/_cat/shards?v | grep '.opendistro-\|.opensearch-'
.opendistro-reports-definitions 0 p STARTED 0 208b 10.100.95.2 CEC-Wazuh-Indexer-01P
.opendistro-reports-instances 0 p STARTED 2 13.2kb 10.100.95.2 CEC-Wazuh-Indexer-01P
.opendistro-alerting-config 0 p STARTED 10.100.95.2 CEC-Wazuh-Indexer-01P
.opendistro-alerting-config 0 r UNASSIGNED
.opensearch-observability 0 p STARTED 0 208b 10.100.95.2 CEC-Wazuh-Indexer-01P
.opensearch-sap-log-types-config 0 p STARTED 10.100.95.2 CEC-Wazuh-Indexer-01P
.opensearch-alerting-config-lock 0 p STARTED 10.100.95.2 CEC-Wazuh-Indexer-01P
.opensearch-alerting-config-lock 0 r UNASSIGNED
.opendistro-alerting-alerts 0 p STARTED 10.100.95.2 CEC-Wazuh-Indexer-01P
.opendistro-alerting-alerts 0 r UNASSIGNED
.opendistro-alerting-alert-history-2024.09.12-1 0 p STARTED 10.100.95.2 CEC-Wazuh-Indexer-01P
.opendistro-alerting-alert-history-2024.09.12-1 0 r UNASSIGNED
.opensearch-notifications-config 0 p STARTED 10.100.95.2 CEC-Wazuh-Indexer-01P
```
If I try to forcce number of replicas I get access error:
```
curl -s -X PUT "https://${indexer_node}:9200/.opendistro-alerting-config/_settings" -H 'Content-Type: application/json' -d'
{
"index": {
"number_of_replicas": 0
}
}' --cacert /etc/filebeat/certs/root-ca.pem --cert /etc/filebeat/certs/filebeat.pem --key /etc/filebeat/certs/filebeat-key.pem -u admin:$PASS | jq
{
"error": {
"root_cause": [
{
"type": "security_exception",
"reason": "no permissions for [] and User [name=admin, backend_roles=[admin], requestedTenant=null]"
}
],
"type": "security_exception",
"reason": "no permissions for [] and User [name=admin, backend_roles=[admin], requestedTenant=null]"
},
"status": 403
}
When I try force reroute:
```
POST _cluster/reroute?retry_failed
{
"acknowledged": true,
"state": {
"cluster_uuid": "9_cZjCvsSuKxAOqEW2qFBg",
"version": 3063,
"state_uuid": "90UOGno_TBOjuBOwtf8RSQ",
"master_node": "O2G31Nf_QOif78I2OKkUZg",
"cluster_manager_node": "O2G31Nf_QOif78I2OKkUZg",
"blocks": {},
"nodes": {
"O2G31Nf_QOif78I2OKkUZg": {
"name": "CEC-Wazuh-Indexer-01P",
"ephemeral_id": "PE-RnKCxRHyBCXCoUPSDAw",
"transport_address": "10.100.95.2:9300",
"attributes": {
"shard_indexing_pressure_enabled": "true"
}
}
},
"routing_table": {
"indices": {
"wazuh-states-vulnerabilities-wazuh": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-states-vulnerabilities-wazuh",
"allocation_id": {
"id": "aGy9uAdbQuyXgei7upjX5g"
}
}
]
}
},
".opendistro-reports-definitions": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": ".opendistro-reports-definitions",
"allocation_id": {
"id": "ZRIhTYwaTQ-y60qserasUg"
}
}
]
}
},
".opendistro_security": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": ".opendistro_security",
"allocation_id": {
"id": "wN6Sw_xvQLiHr3M7F0hY2Q"
}
}
]
}
},
".opendistro-reports-instances": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": ".opendistro-reports-instances",
"allocation_id": {
"id": "pC6tnmeIRBiYsWSaoKYAPQ"
}
}
]
}
},
".opendistro-alerting-config": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": ".opendistro-alerting-config",
"allocation_id": {
"id": "lzYKdochRJKgHWnX23ftpA"
}
},
{
"state": "UNASSIGNED",
"primary": false,
"node": null,
"relocating_node": null,
"shard": 0,
"index": ".opendistro-alerting-config",
"recovery_source": {
"type": "PEER"
},
"unassigned_info": {
"reason": "CLUSTER_RECOVERED",
"at": "2024-09-12T13:42:07.999Z",
"delayed": false,
"allocation_status": "no_attempt"
}
}
]
}
},
"wazuh-alerts-4.x-2024.08.30": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.08.30",
"allocation_id": {
"id": "TMq1w1o7Q2Sf5vStOabkFQ"
}
}
],
"1": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.08.30",
"allocation_id": {
"id": "ENPl4QkHTdiCYTelrUjhFQ"
}
}
],
"2": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.08.30",
"allocation_id": {
"id": "fOeCHz4gSZCRmSNz3AADnw"
}
}
]
}
},
"wazuh-alerts-4.x-2024.08.31": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.08.31",
"allocation_id": {
"id": "AbNuqA9_S8C8oqqZo5fBdg"
}
}
],
"1": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.08.31",
"allocation_id": {
"id": "zFzsec-gQ1y5CfeO6CP22A"
}
}
],
"2": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.08.31",
"allocation_id": {
"id": "7gg6QjgwRmiToe7sbOZ42Q"
}
}
]
}
},
"wazuh-monitoring-2024.35w": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-monitoring-2024.35w",
"allocation_id": {
"id": "PuNAwR6yTq2O6JNXe0y18g"
}
}
]
}
},
".opensearch-observability": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": ".opensearch-observability",
"allocation_id": {
"id": "y76TQcR8QnSq-kAc6ew74Q"
}
}
]
}
},
"wazuh-alerts-4.x-2024.09.01": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.09.01",
"allocation_id": {
"id": "kq2YQIvKTSKQxOfDiPyycQ"
}
}
],
"1": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.09.01",
"allocation_id": {
"id": "jIHl0k3HQwG2IwfKz11kiw"
}
}
],
"2": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.09.01",
"allocation_id": {
"id": "NxdLsUW2Sm-tICl2gELuOQ"
}
}
]
}
},
"wazuh-statistics-2024.32w": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-statistics-2024.32w",
"allocation_id": {
"id": "QKl6oAmfRBGrBkFscihBJw"
}
}
]
}
},
"wazuh-alerts-4.x-2024.09.02": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.09.02",
"allocation_id": {
"id": "dn9RdwVJRfW0HHwUKKmlaQ"
}
}
],
"1": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.09.02",
"allocation_id": {
"id": "ekttltbcSi-9RvtX7ld1KA"
}
}
],
"2": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.09.02",
"allocation_id": {
"id": "Y8ELBTLUR9ONE8eIVhsXiQ"
}
}
]
}
},
"wazuh-alerts-4.x-2024.09.03": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.09.03",
"allocation_id": {
"id": "56pb-GHfQOOVrBmN1AJCNg"
}
}
],
"1": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.09.03",
"allocation_id": {
"id": "aLW5IWslR2yCqjiBCBsvEA"
}
}
],
"2": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.09.03",
"allocation_id": {
"id": "maJAAbFrT5K205ZktqcWug"
}
}
]
}
},
".opensearch-sap-log-types-config": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": ".opensearch-sap-log-types-config",
"allocation_id": {
"id": "RL_WJxzYTdqq98cXZcuuCQ"
}
}
]
}
},
"wazuh-alerts-4.x-2024.09.04": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.09.04",
"allocation_id": {
"id": "Ov2B_LlHRN-kTjq8ImmZVQ"
}
}
],
"1": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.09.04",
"allocation_id": {
"id": "mqMypr-zRoOn_p8nZQ4L-w"
}
}
],
"2": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.09.04",
"allocation_id": {
"id": "nUxNSXr1QnOIfm5iiFDWRQ"
}
}
]
}
},
"wazuh-monitoring-2024.31w": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-monitoring-2024.31w",
"allocation_id": {
"id": "YKNCc6ozRBW6Iz_EpYlFCg"
}
}
]
}
},
".opensearch-alerting-config-lock": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": ".opensearch-alerting-config-lock",
"allocation_id": {
"id": "sLXWVCwMSICCN4_vGgl0WQ"
}
},
{
"state": "UNASSIGNED",
"primary": false,
"node": null,
"relocating_node": null,
"shard": 0,
"index": ".opensearch-alerting-config-lock",
"recovery_source": {
"type": "PEER"
},
"unassigned_info": {
"reason": "CLUSTER_RECOVERED",
"at": "2024-09-12T13:42:08.000Z",
"delayed": false,
"allocation_status": "no_attempt"
}
}
]
}
},
"wazuh-alerts-4.x-2024.09.05": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.09.05",
"allocation_id": {
"id": "oqN949wWSu2X-VlxPiH8dA"
}
}
],
"1": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.09.05",
"allocation_id": {
"id": "3YWzm6yNT6SwfVhIjtZHFw"
}
}
],
"2": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.09.05",
"allocation_id": {
"id": "x61ETW2CQBuBSHQrkxgz_w"
}
}
]
}
},
"wazuh-alerts-4.x-2024.09.06": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.09.06",
"allocation_id": {
"id": "eKYpkefaQpa_KsdeaqT8uA"
}
}
],
"1": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.09.06",
"allocation_id": {
"id": "qZp1E0yWRqOnZbqN_dqPCw"
}
}
],
"2": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.09.06",
"allocation_id": {
"id": "njKh8T-DQnGUfkR1tkbVHA"
}
}
]
}
},
"wazuh-alerts-4.x-2024.09.07": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.09.07",
"allocation_id": {
"id": "fYEDtDs6SEW8VIZHzmKoWw"
}
}
],
"1": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.09.07",
"allocation_id": {
"id": "AxhloJDRRaOjaWIE8_-gPA"
}
}
],
"2": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.09.07",
"allocation_id": {
"id": "OGh_w3nGTeiWcBjyF-2uig"
}
}
]
}
},
"wazuh-alerts-4.x-2024.09.08": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.09.08",
"allocation_id": {
"id": "lDiZxq5eTimXX-H9n601gA"
}
}
],
"1": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.09.08",
"allocation_id": {
"id": "HaapDkJST0mljR14vaTOaQ"
}
}
],
"2": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.09.08",
"allocation_id": {
"id": "Y0-fbSFERcKIKhxg3-CF2Q"
}
}
]
}
},
"wazuh-alerts-4.x-2024.09.09": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.09.09",
"allocation_id": {
"id": "WJeJVHkVR66CQ0XkmaS7NA"
}
}
],
"1": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.09.09",
"allocation_id": {
"id": "SuY8o3-gT3Kdb5WBfS32IA"
}
}
],
"2": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.09.09",
"allocation_id": {
"id": "jrlaxh6lSrGaRvMXjZdmCQ"
}
}
]
}
},
"wazuh-statistics-2024.36w": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-statistics-2024.36w",
"allocation_id": {
"id": "EyBvM7koRQOGgIoA2Ouwhg"
}
}
]
}
},
".kibana_-152937574_admintenant_1": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": ".kibana_-152937574_admintenant_1",
"allocation_id": {
"id": "xo-hOXdFSlqIkx0gnfxEtQ"
}
}
]
}
},
".opendistro-alerting-alerts": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": ".opendistro-alerting-alerts",
"allocation_id": {
"id": "h9ggkF4dRCaclXW7fmS4MA"
}
},
{
"state": "UNASSIGNED",
"primary": false,
"node": null,
"relocating_node": null,
"shard": 0,
"index": ".opendistro-alerting-alerts",
"recovery_source": {
"type": "PEER"
},
"unassigned_info": {
"reason": "CLUSTER_RECOVERED",
"at": "2024-09-12T13:42:08.000Z",
"delayed": false,
"allocation_status": "no_attempt"
}
}
]
}
},
".tasks": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": ".tasks",
"allocation_id": {
"id": "1rtQK59lTO2edBbQERcNpA"
}
}
]
}
},
"wazuh-monitoring-2024.36w": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-monitoring-2024.36w",
"allocation_id": {
"id": "ZG8a1UNtTPitVKrAeXp_EA"
}
}
]
}
},
"wazuh-alerts-4.x-2024.08.20": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.08.20",
"allocation_id": {
"id": "rD1NPn9yTD22nd-P0ZATJw"
}
}
],
"1": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.08.20",
"allocation_id": {
"id": "ovp5DNIYRNm0aTAXSVOFkQ"
}
}
],
"2": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.08.20",
"allocation_id": {
"id": "cWouBlS-RbmMm005kbkklA"
}
}
]
}
},
"wazuh-alerts-4.x-2024.08.21": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.08.21",
"allocation_id": {
"id": "0CbwWkKoTN-nsS6TeN9tnA"
}
}
],
"1": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.08.21",
"allocation_id": {
"id": "zUs_Kke9SCKOmMM3iQOEqQ"
}
}
],
"2": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.08.21",
"allocation_id": {
"id": "RhwBOg7MS4Cw9jF1DDK_kg"
}
}
]
}
},
"wazuh-statistics-2024.31w": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-statistics-2024.31w",
"allocation_id": {
"id": "3D5rWRZcSc2P-BsVr5gIwg"
}
}
]
}
},
"wazuh-alerts-4.x-2024.08.22": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.08.22",
"allocation_id": {
"id": "SZ8AA4sWRrKsaajg4__VjQ"
}
}
],
"1": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.08.22",
"allocation_id": {
"id": "0osOHgzBRLa0Szw_7dWmUw"
}
}
],
"2": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.08.22",
"allocation_id": {
"id": "K5UnXxr6Sgev-QYsHKfsvA"
}
}
]
}
},
"wazuh-alerts-4.x-2024.08.23": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.08.23",
"allocation_id": {
"id": "dpNaZ9ePQmyW53q0lS6Eqg"
}
}
],
"1": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.08.23",
"allocation_id": {
"id": "pLYspMGFS0WQE2Toh5xPYw"
}
}
],
"2": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.08.23",
"allocation_id": {
"id": "nwCNAHW9RjaRvalXHVrEFA"
}
}
]
}
},
"wazuh-alerts-4.x-2024.08.24": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.08.24",
"allocation_id": {
"id": "uOkMyuNPTA6WiLAo-NOt2A"
}
}
],
"1": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.08.24",
"allocation_id": {
"id": "DdMefaWXRS6Oa5jR0kAx5Q"
}
}
],
"2": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.08.24",
"allocation_id": {
"id": "20_j0qJQSKSLdNUxJ-4EYg"
}
}
]
}
},
"wazuh-monitoring-2024.32w": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-monitoring-2024.32w",
"allocation_id": {
"id": "KYSbwWTdQf-7DbzEH3jM7w"
}
}
]
}
},
"wazuh-alerts-4.x-2024.08.25": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.08.25",
"allocation_id": {
"id": "NEgYdCYVRpGCHw5-LEKfeA"
}
}
],
"1": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.08.25",
"allocation_id": {
"id": "8Ziz09bzRtSgBKRqIe0lag"
}
}
],
"2": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.08.25",
"allocation_id": {
"id": "cJ0C5wY2QcCKcfBI7My7eQ"
}
}
]
}
},
"wazuh-alerts-4.x-2024.08.26": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.08.26",
"allocation_id": {
"id": "vNdCTVUKRcG9sv09leM7wQ"
}
}
],
"1": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.08.26",
"allocation_id": {
"id": "znNMs_r0QXS0xgP5pGOvZA"
}
}
],
"2": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.08.26",
"allocation_id": {
"id": "N1BcmzpMRFmLhy-1u8XHjw"
}
}
]
}
},
"wazuh-alerts-4.x-2024.08.27": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.08.27",
"allocation_id": {
"id": "cjPeKqARS3qorRI67GqRCA"
}
}
],
"1": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.08.27",
"allocation_id": {
"id": "9m_uYRJLRsKGqXwH52kDPg"
}
}
],
"2": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.08.27",
"allocation_id": {
"id": "4QudsVt_RkiAKqK4cm7zTQ"
}
}
]
}
},
"wazuh-alerts-4.x-2024.08.28": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.08.28",
"allocation_id": {
"id": "ziaMW6vtS6ynz20vSYamDg"
}
}
],
"1": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.08.28",
"allocation_id": {
"id": "E-ZIb7NHQYWNIqab7zbDsQ"
}
}
],
"2": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.08.28",
"allocation_id": {
"id": "D1wJX-jwTdKBwjqa8HEquA"
}
}
]
}
},
"wazuh-alerts-4.x-2024.08.29": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.08.29",
"allocation_id": {
"id": "xRuPoV7wRiCimfMfU6vtPg"
}
}
],
"1": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.08.29",
"allocation_id": {
"id": "HSFaMSjoTsm0ouUD77nrpA"
}
}
],
"2": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.08.29",
"allocation_id": {
"id": "wBGRh2nXQaGQWCfmrRIDzQ"
}
}
]
}
},
"wazuh-statistics-2024.35w": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-statistics-2024.35w",
"allocation_id": {
"id": "8_b7XltQQRiubmYFxUkQIg"
}
}
]
}
},
"wazuh-monitoring-2024.37w": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-monitoring-2024.37w",
"allocation_id": {
"id": "EcS-ZhOTRa-ifeg5Id6yaA"
}
}
]
}
},
"wazuh-statistics-2024.34w": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-statistics-2024.34w",
"allocation_id": {
"id": "1xJyynbSRzC4e1PuuaIt9Q"
}
}
]
}
},
"wazuh-monitoring-2024.33w": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-monitoring-2024.33w",
"allocation_id": {
"id": "f8zAUKXiSumynMRmGbBs5Q"
}
}
]
}
},
"wazuh-alerts-4.x-2024.08.19": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.08.19",
"allocation_id": {
"id": "-f3iPNDFQqOH9GJGgtsYtw"
}
}
],
"1": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.08.19",
"allocation_id": {
"id": "lypaSm4FTbe8iGz0ojqplg"
}
}
],
"2": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.08.19",
"allocation_id": {
"id": "OfcQnx9ATA6Xz7bjSzWYxw"
}
}
]
}
},
".opendistro-alerting-alert-history-2024.09.12-1": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": ".opendistro-alerting-alert-history-2024.09.12-1",
"allocation_id": {
"id": "GieRSJJ-QwKcO9r8uH7g-g"
}
},
{
"state": "UNASSIGNED",
"primary": false,
"node": null,
"relocating_node": null,
"shard": 0,
"index": ".opendistro-alerting-alert-history-2024.09.12-1",
"recovery_source": {
"type": "PEER"
},
"unassigned_info": {
"reason": "CLUSTER_RECOVERED",
"at": "2024-09-12T13:42:08.000Z",
"delayed": false,
"allocation_status": "no_attempt"
}
}
]
}
},
".kibana_2": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": ".kibana_2",
"allocation_id": {
"id": "GIePkwQ3RJWVryAkRUYLQg"
}
}
]
}
},
".kibana_1": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": ".kibana_1",
"allocation_id": {
"id": "yiy3zCF5RWqY9WXELOLTRA"
}
}
]
}
},
"wazuh-statistics-2024.33w": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-statistics-2024.33w",
"allocation_id": {
"id": "n7vhGTrXQs6_o4X8vU_UWA"
}
}
]
}
},
"wazuh-alerts-4.x-2024.09.10": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.09.10",
"allocation_id": {
"id": "Kcogc6baQDC6isJ8MLndNQ"
}
}
],
"1": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.09.10",
"allocation_id": {
"id": "ZKbnvkPzSYi2oDMqF-gdtw"
}
}
],
"2": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.09.10",
"allocation_id": {
"id": "ZGbZwe4sSTqcPzuXH1blFA"
}
}
]
}
},
"wazuh-alerts-4.x-2024.09.11": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.09.11",
"allocation_id": {
"id": "80AePtPkSP2D8yTfNyCAtw"
}
}
],
"1": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.09.11",
"allocation_id": {
"id": "fyrnv5BPTjSvQ6T5twhC4A"
}
}
],
"2": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.09.11",
"allocation_id": {
"id": "jFiowBQZRJ2EMeJtE-z34w"
}
}
]
}
},
".plugins-ml-config": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": ".plugins-ml-config",
"allocation_id": {
"id": "15MV8UrOQs2-ifxjiIt5kg"
}
}
]
}
},
"wazuh-alerts-4.x-2024.09.12": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.09.12",
"allocation_id": {
"id": "Cs5wxfmpSDK3-6FPrDNZfA"
}
}
],
"1": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.09.12",
"allocation_id": {
"id": "TLviiDnQTUq_qHhc5SB5ew"
}
}
],
"2": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.09.12",
"allocation_id": {
"id": "O04quEIKRUy1TkD4-_XgrQ"
}
}
]
}
},
"wazuh-monitoring-2024.34w": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-monitoring-2024.34w",
"allocation_id": {
"id": "JQl3BGUBQrGkzgZ3m8x5_g"
}
}
]
}
},
"wazuh-statistics-2024.37w": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-statistics-2024.37w",
"allocation_id": {
"id": "Ofxiq_JOTOWP8fOP3Q8RIQ"
}
}
]
}
},
".opensearch-notifications-config": {
"shards": {
"0": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": ".opensearch-notifications-config",
"allocation_id": {
"id": "WPlbjMHCR2eq6T0aX6uaBw"
}
}
]
}
}
}
},
"routing_nodes": {
"unassigned": [
{
"state": "UNASSIGNED",
"primary": false,
"node": null,
"relocating_node": null,
"shard": 0,
"index": ".opendistro-alerting-config",
"recovery_source": {
"type": "PEER"
},
"unassigned_info": {
"reason": "CLUSTER_RECOVERED",
"at": "2024-09-12T13:42:07.999Z",
"delayed": false,
"allocation_status": "no_attempt"
}
},
{
"state": "UNASSIGNED",
"primary": false,
"node": null,
"relocating_node": null,
"shard": 0,
"index": ".opensearch-alerting-config-lock",
"recovery_source": {
"type": "PEER"
},
"unassigned_info": {
"reason": "CLUSTER_RECOVERED",
"at": "2024-09-12T13:42:08.000Z",
"delayed": false,
"allocation_status": "no_attempt"
}
},
{
"state": "UNASSIGNED",
"primary": false,
"node": null,
"relocating_node": null,
"shard": 0,
"index": ".opendistro-alerting-alerts",
"recovery_source": {
"type": "PEER"
},
"unassigned_info": {
"reason": "CLUSTER_RECOVERED",
"at": "2024-09-12T13:42:08.000Z",
"delayed": false,
"allocation_status": "no_attempt"
}
},
{
"state": "UNASSIGNED",
"primary": false,
"node": null,
"relocating_node": null,
"shard": 0,
"index": ".opendistro-alerting-alert-history-2024.09.12-1",
"recovery_source": {
"type": "PEER"
},
"unassigned_info": {
"reason": "CLUSTER_RECOVERED",
"at": "2024-09-12T13:42:08.000Z",
"delayed": false,
"allocation_status": "no_attempt"
}
}
],
"nodes": {
"O2G31Nf_QOif78I2OKkUZg": [
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-states-vulnerabilities-wazuh",
"allocation_id": {
"id": "aGy9uAdbQuyXgei7upjX5g"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": ".opendistro-reports-definitions",
"allocation_id": {
"id": "ZRIhTYwaTQ-y60qserasUg"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": ".opendistro_security",
"allocation_id": {
"id": "wN6Sw_xvQLiHr3M7F0hY2Q"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": ".opendistro-reports-instances",
"allocation_id": {
"id": "pC6tnmeIRBiYsWSaoKYAPQ"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": ".opendistro-alerting-config",
"allocation_id": {
"id": "lzYKdochRJKgHWnX23ftpA"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.08.30",
"allocation_id": {
"id": "TMq1w1o7Q2Sf5vStOabkFQ"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.08.30",
"allocation_id": {
"id": "ENPl4QkHTdiCYTelrUjhFQ"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.08.30",
"allocation_id": {
"id": "fOeCHz4gSZCRmSNz3AADnw"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.08.31",
"allocation_id": {
"id": "AbNuqA9_S8C8oqqZo5fBdg"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.08.31",
"allocation_id": {
"id": "zFzsec-gQ1y5CfeO6CP22A"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.08.31",
"allocation_id": {
"id": "7gg6QjgwRmiToe7sbOZ42Q"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-monitoring-2024.35w",
"allocation_id": {
"id": "PuNAwR6yTq2O6JNXe0y18g"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": ".opensearch-observability",
"allocation_id": {
"id": "y76TQcR8QnSq-kAc6ew74Q"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.09.01",
"allocation_id": {
"id": "kq2YQIvKTSKQxOfDiPyycQ"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.09.01",
"allocation_id": {
"id": "jIHl0k3HQwG2IwfKz11kiw"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.09.01",
"allocation_id": {
"id": "NxdLsUW2Sm-tICl2gELuOQ"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-statistics-2024.32w",
"allocation_id": {
"id": "QKl6oAmfRBGrBkFscihBJw"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.09.02",
"allocation_id": {
"id": "dn9RdwVJRfW0HHwUKKmlaQ"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.09.02",
"allocation_id": {
"id": "ekttltbcSi-9RvtX7ld1KA"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.09.02",
"allocation_id": {
"id": "Y8ELBTLUR9ONE8eIVhsXiQ"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.09.03",
"allocation_id": {
"id": "56pb-GHfQOOVrBmN1AJCNg"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.09.03",
"allocation_id": {
"id": "aLW5IWslR2yCqjiBCBsvEA"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.09.03",
"allocation_id": {
"id": "maJAAbFrT5K205ZktqcWug"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": ".opensearch-sap-log-types-config",
"allocation_id": {
"id": "RL_WJxzYTdqq98cXZcuuCQ"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.09.04",
"allocation_id": {
"id": "Ov2B_LlHRN-kTjq8ImmZVQ"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.09.04",
"allocation_id": {
"id": "mqMypr-zRoOn_p8nZQ4L-w"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.09.04",
"allocation_id": {
"id": "nUxNSXr1QnOIfm5iiFDWRQ"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-monitoring-2024.31w",
"allocation_id": {
"id": "YKNCc6ozRBW6Iz_EpYlFCg"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": ".opensearch-alerting-config-lock",
"allocation_id": {
"id": "sLXWVCwMSICCN4_vGgl0WQ"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.09.05",
"allocation_id": {
"id": "oqN949wWSu2X-VlxPiH8dA"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.09.05",
"allocation_id": {
"id": "3YWzm6yNT6SwfVhIjtZHFw"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.09.05",
"allocation_id": {
"id": "x61ETW2CQBuBSHQrkxgz_w"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.09.06",
"allocation_id": {
"id": "eKYpkefaQpa_KsdeaqT8uA"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.09.06",
"allocation_id": {
"id": "qZp1E0yWRqOnZbqN_dqPCw"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.09.06",
"allocation_id": {
"id": "njKh8T-DQnGUfkR1tkbVHA"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.09.07",
"allocation_id": {
"id": "fYEDtDs6SEW8VIZHzmKoWw"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.09.07",
"allocation_id": {
"id": "AxhloJDRRaOjaWIE8_-gPA"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.09.07",
"allocation_id": {
"id": "OGh_w3nGTeiWcBjyF-2uig"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.09.08",
"allocation_id": {
"id": "lDiZxq5eTimXX-H9n601gA"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.09.08",
"allocation_id": {
"id": "HaapDkJST0mljR14vaTOaQ"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.09.08",
"allocation_id": {
"id": "Y0-fbSFERcKIKhxg3-CF2Q"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.09.09",
"allocation_id": {
"id": "WJeJVHkVR66CQ0XkmaS7NA"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.09.09",
"allocation_id": {
"id": "SuY8o3-gT3Kdb5WBfS32IA"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.09.09",
"allocation_id": {
"id": "jrlaxh6lSrGaRvMXjZdmCQ"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-statistics-2024.36w",
"allocation_id": {
"id": "EyBvM7koRQOGgIoA2Ouwhg"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": ".kibana_-152937574_admintenant_1",
"allocation_id": {
"id": "xo-hOXdFSlqIkx0gnfxEtQ"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": ".opendistro-alerting-alerts",
"allocation_id": {
"id": "h9ggkF4dRCaclXW7fmS4MA"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": ".tasks",
"allocation_id": {
"id": "1rtQK59lTO2edBbQERcNpA"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-monitoring-2024.36w",
"allocation_id": {
"id": "ZG8a1UNtTPitVKrAeXp_EA"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.08.20",
"allocation_id": {
"id": "rD1NPn9yTD22nd-P0ZATJw"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.08.20",
"allocation_id": {
"id": "ovp5DNIYRNm0aTAXSVOFkQ"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.08.20",
"allocation_id": {
"id": "cWouBlS-RbmMm005kbkklA"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.08.21",
"allocation_id": {
"id": "0CbwWkKoTN-nsS6TeN9tnA"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.08.21",
"allocation_id": {
"id": "zUs_Kke9SCKOmMM3iQOEqQ"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.08.21",
"allocation_id": {
"id": "RhwBOg7MS4Cw9jF1DDK_kg"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-statistics-2024.31w",
"allocation_id": {
"id": "3D5rWRZcSc2P-BsVr5gIwg"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.08.22",
"allocation_id": {
"id": "SZ8AA4sWRrKsaajg4__VjQ"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.08.22",
"allocation_id": {
"id": "0osOHgzBRLa0Szw_7dWmUw"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.08.22",
"allocation_id": {
"id": "K5UnXxr6Sgev-QYsHKfsvA"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.08.23",
"allocation_id": {
"id": "dpNaZ9ePQmyW53q0lS6Eqg"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.08.23",
"allocation_id": {
"id": "pLYspMGFS0WQE2Toh5xPYw"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.08.23",
"allocation_id": {
"id": "nwCNAHW9RjaRvalXHVrEFA"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.08.24",
"allocation_id": {
"id": "uOkMyuNPTA6WiLAo-NOt2A"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.08.24",
"allocation_id": {
"id": "DdMefaWXRS6Oa5jR0kAx5Q"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.08.24",
"allocation_id": {
"id": "20_j0qJQSKSLdNUxJ-4EYg"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-monitoring-2024.32w",
"allocation_id": {
"id": "KYSbwWTdQf-7DbzEH3jM7w"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.08.25",
"allocation_id": {
"id": "NEgYdCYVRpGCHw5-LEKfeA"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.08.25",
"allocation_id": {
"id": "8Ziz09bzRtSgBKRqIe0lag"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.08.25",
"allocation_id": {
"id": "cJ0C5wY2QcCKcfBI7My7eQ"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.08.26",
"allocation_id": {
"id": "vNdCTVUKRcG9sv09leM7wQ"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.08.26",
"allocation_id": {
"id": "znNMs_r0QXS0xgP5pGOvZA"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.08.26",
"allocation_id": {
"id": "N1BcmzpMRFmLhy-1u8XHjw"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.08.27",
"allocation_id": {
"id": "cjPeKqARS3qorRI67GqRCA"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.08.27",
"allocation_id": {
"id": "9m_uYRJLRsKGqXwH52kDPg"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.08.27",
"allocation_id": {
"id": "4QudsVt_RkiAKqK4cm7zTQ"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.08.28",
"allocation_id": {
"id": "ziaMW6vtS6ynz20vSYamDg"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.08.28",
"allocation_id": {
"id": "E-ZIb7NHQYWNIqab7zbDsQ"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.08.28",
"allocation_id": {
"id": "D1wJX-jwTdKBwjqa8HEquA"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.08.29",
"allocation_id": {
"id": "xRuPoV7wRiCimfMfU6vtPg"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.08.29",
"allocation_id": {
"id": "HSFaMSjoTsm0ouUD77nrpA"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.08.29",
"allocation_id": {
"id": "wBGRh2nXQaGQWCfmrRIDzQ"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-statistics-2024.35w",
"allocation_id": {
"id": "8_b7XltQQRiubmYFxUkQIg"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-monitoring-2024.37w",
"allocation_id": {
"id": "EcS-ZhOTRa-ifeg5Id6yaA"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-statistics-2024.34w",
"allocation_id": {
"id": "1xJyynbSRzC4e1PuuaIt9Q"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-monitoring-2024.33w",
"allocation_id": {
"id": "f8zAUKXiSumynMRmGbBs5Q"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.08.19",
"allocation_id": {
"id": "-f3iPNDFQqOH9GJGgtsYtw"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.08.19",
"allocation_id": {
"id": "lypaSm4FTbe8iGz0ojqplg"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.08.19",
"allocation_id": {
"id": "OfcQnx9ATA6Xz7bjSzWYxw"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": ".opendistro-alerting-alert-history-2024.09.12-1",
"allocation_id": {
"id": "GieRSJJ-QwKcO9r8uH7g-g"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": ".kibana_2",
"allocation_id": {
"id": "GIePkwQ3RJWVryAkRUYLQg"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": ".kibana_1",
"allocation_id": {
"id": "yiy3zCF5RWqY9WXELOLTRA"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-statistics-2024.33w",
"allocation_id": {
"id": "n7vhGTrXQs6_o4X8vU_UWA"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.09.10",
"allocation_id": {
"id": "Kcogc6baQDC6isJ8MLndNQ"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.09.10",
"allocation_id": {
"id": "ZKbnvkPzSYi2oDMqF-gdtw"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.09.10",
"allocation_id": {
"id": "ZGbZwe4sSTqcPzuXH1blFA"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.09.11",
"allocation_id": {
"id": "80AePtPkSP2D8yTfNyCAtw"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.09.11",
"allocation_id": {
"id": "fyrnv5BPTjSvQ6T5twhC4A"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.09.11",
"allocation_id": {
"id": "jFiowBQZRJ2EMeJtE-z34w"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": ".plugins-ml-config",
"allocation_id": {
"id": "15MV8UrOQs2-ifxjiIt5kg"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-alerts-4.x-2024.09.12",
"allocation_id": {
"id": "Cs5wxfmpSDK3-6FPrDNZfA"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 1,
"index": "wazuh-alerts-4.x-2024.09.12",
"allocation_id": {
"id": "TLviiDnQTUq_qHhc5SB5ew"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 2,
"index": "wazuh-alerts-4.x-2024.09.12",
"allocation_id": {
"id": "O04quEIKRUy1TkD4-_XgrQ"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-monitoring-2024.34w",
"allocation_id": {
"id": "JQl3BGUBQrGkzgZ3m8x5_g"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": "wazuh-statistics-2024.37w",
"allocation_id": {
"id": "Ofxiq_JOTOWP8fOP3Q8RIQ"
}
},
{
"state": "STARTED",
"primary": true,
"node": "O2G31Nf_QOif78I2OKkUZg",
"relocating_node": null,
"shard": 0,
"index": ".opensearch-notifications-config",
"allocation_id": {
"id": "WPlbjMHCR2eq6T0aX6uaBw"
}
}
]
}
}
}
}
```
As I can see - there shards are duplicated somehow and I've tried multiply users and access roles (like "*" ".*" for index etc) without success.
I tried to delete files physically on disk (like lzYKdochRJKgHWnX23ftpA for .opendistro-alerting-config), but then I got UNASSIGNED for both items in shard.
First time I saw the issue is:
```
/var/ossec/logs/wazuh/2024/Sep/ossec-12.log.gz:2024/09/12 08:48:45 indexer-connector[2219075] indexerConnector.cpp:447 at operator()(): DEBUG: Error: No available server
```
What I can see in logs for that minute:
```
zgrep '2024/09/12 08:48:' /var/ossec/logs/wazuh/2024/Sep/ossec-12*.gz
/var/ossec/logs/wazuh/2024/Sep/ossec-12-001.log.gz:2024/09/12 11:48:00 wazuh-modulesd:syscollector[2235869] logging_helper.c:40 at taggedLogFunction(): DEBUG: Sync sent: {"component":"syscollector_processes","data":{"attributes":{"argvs":null,"checksum":"587b2e08c195430c4b32c2c41c5b8bca512df81f","cmd":null,"egroup":"root","euser":"root","fgroup":"root","name":"kworker/3:1H-xf","nice":-20,"nlwp":1,"pgrp":0,"pid":"366","ppid":2,"priority":0,"processor":3,"resident":0,"rgroup":"root","ruser":"root","scan_time":"2024/09/12 08:48:00","session":0,"sgroup":"root","share":0,"size":0,"start_time":1725883180,"state":"I","stime":1574,"suser":"root","tgid":366,"tty":0,"utime":0,"vm_size":0},"index":"366","timestamp":""},"type":"state"}
/var/ossec/logs/wazuh/2024/Sep/ossec-12-001.log.gz:2024/09/12 11:48:00 wazuh-modulesd:syscollector[2235869] logging_helper.c:40 at taggedLogFunction(): DEBUG: Sync sent: {"component":"syscollector_processes","data":{"attributes":{"argvs":null,"checksum":"863bc6b666ac3f540ff0c69bf3160f8120bdfaf7","cmd":null,"egroup":"root","euser":"root","fgroup":"root","name":"kworker/0:3-eve","nice":0,"nlwp":1,"pgrp":0,"pid":"2234519","ppid":2,"priority":20,"processor":0,"resident":0,"rgroup":"root","ruser":"root","scan_time":"2024/09/12 08:48:00","session":0,"sgroup":"root","share":0,"size":0,"start_time":1726126070,"state":"I","stime":15,"suser":"root","tgid":2234519,"tty":0,"utime":10,"vm_size":0},"index":"2234519","timestamp":""},"type":"state"}
/var/ossec/logs/wazuh/2024/Sep/ossec-12-001.log.gz:2024/09/12 11:48:00 wazuh-modulesd:syscollector[2235869] logging_helper.c:40 at taggedLogFunction(): DEBUG: Sync sent: {"component":"syscollector_processes","data":{"attributes":{"argvs":null,"checksum":"66f6ef72bdc651da10a02e63ddfb4e1a7edb7108","cmd":"/usr/libexec/fwupd/fwupd","egroup":"root","euser":"root","fgroup":"root","name":"fwupd","nice":0,"nlwp":5,"pgrp":2234481,"pid":"2234481","ppid":1,"priority":20,"processor":2,"resident":88064,"rgroup":"root","ruser":"root","scan_time":"2024/09/12 08:48:00","session":2234481,"sgroup":"root","share":6722,"size":111433,"start_time":1726126068,"state":"S","stime":12,"suser":"root","tgid":2234481,"tty":0,"utime":103,"vm_size":445732},"index":"2234481","timestamp":""},"type":"state"}
/var/ossec/logs/wazuh/2024/Sep/ossec-12-001.log.gz:2024/09/12 11:48:00 wazuh-modulesd:syscollector[2235869] logging_helper.c:40 at taggedLogFunction(): DEBUG: Sync sent: {"component":"syscollector_processes","data":{"attributes":{"argvs":null,"checksum":"0654bba8aef35dc57227baf48ff8fcbbd59a411c","cmd":null,"egroup":"root","euser":"root","fgroup":"root","name":"kworker/u256:1-","nice":0,"nlwp":1,"pgrp":0,"pid":"2234750","ppid":2,"priority":20,"processor":5,"resident":0,"rgroup":"root","ruser":"root","scan_time":"2024/09/12 08:48:00","session":0,"sgroup":"root","share":0,"size":0,"start_time":1726128686,"state":"I","stime":24,"suser":"root","tgid":2234750,"tty":0,"utime":0,"vm_size":0},"index":"2234750","timestamp":""},"type":"state"}
/var/ossec/logs/wazuh/2024/Sep/ossec-12-001.log.gz:2024/09/12 11:48:00 wazuh-modulesd:syscollector[2235869] logging_helper.c:40 at taggedLogFunction(): DEBUG: Sync sent: {"component":"syscollector_processes","data":{"attributes":{"argvs":null,"checksum":"22b2953e43aa1555eed1c2b97c67f5799b50cb16","cmd":null,"egroup":"root","euser":"root","fgroup":"root","name":"xfsaild/dm-2","nice":0,"nlwp":1,"pgrp":0,"pid":"507","ppid":2,"priority":20,"processor":5,"resident":0,"rgroup":"root","ruser":"root","scan_time":"2024/09/12 08:48:00","session":0,"sgroup":"root","share":0,"size":0,"start_time":1725883182,"state":"S","stime":5730,"suser":"root","tgid":507,"tty":0,"utime":0,"vm_size":0},"index":"507","timestamp":""},"type":"state"}
/var/ossec/logs/wazuh/2024/Sep/ossec-12-001.log.gz:2024/09/12 11:48:00 wazuh-modulesd:syscollector[2235869] logging_helper.c:40 at taggedLogFunction(): DEBUG: Sync sent: {"component":"syscollector_processes","data":{"attributes":{"argvs":null,"checksum":"660791db23fa0062e4549f6b6f7103fe8195bfe6","cmd":null,"egroup":"root","euser":"root","fgroup":"root","name":"kworker/u256:2-","nice":0,"nlwp":1,"pgrp":0,"pid":"2234839","ppid":2,"priority":20,"processor":5,"resident":0,"rgroup":"root","ruser":"root","scan_time":"2024/09/12 08:48:00","session":0,"sgroup":"root","share":0,"size":0,"start_time":1726129527,"state":"I","stime":17,"suser":"root","tgid":2234839,"tty":0,"utime":0,"vm_size":0},"index":"2234839","timestamp":""},"type":"state"}
/var/ossec/logs/wazuh/2024/Sep/ossec-12-001.log.gz:2024/09/12 11:48:00 wazuh-modulesd:syscollector[2235869] logging_helper.c:40 at taggedLogFunction(): DEBUG: Sync sent: {"component":"syscollector_processes","data":{"attributes":{"argvs":"--environment systemd -c /etc/filebeat/filebeat.yml --path.home /usr/share/filebeat --path.config /etc/filebeat --path.data /var/lib/filebeat --path.logs /var/log/filebeat","checksum":"7ad1646f77012a78488682bfdb75aaa73c295298","cmd":"/usr/share/filebeat/bin/filebeat","egroup":"root","euser":"root","fgroup":"root","name":"filebeat","nice":0,"nlwp":13,"pgrp":2235121,"pid":"2235121","ppid":1,"priority":20,"processor":2,"resident":47952,"rgroup":"root","ruser":"root","scan_time":"2024/09/12 08:48:00","session":2235121,"sgroup":"root","share":8862,"size":413557,"start_time":1726130007,"state":"S","stime":22,"suser":"root","tgid":2235121,"tty":0,"utime":62,"vm_size":1654228},"index":"2235121","timestamp":""},"type":"state"}
/var/ossec/logs/wazuh/2024/Sep/ossec-12-001.log.gz:2024/09/12 11:48:00 wazuh-modulesd:syscollector[2235869] logging_helper.c:40 at taggedLogFunction(): DEBUG: Sync sent: {"component":"syscollector_processes","data":{"attributes":{"argvs":null,"checksum":"8de3ed984624f8c3c183ffbb6cf8355ef06bb0fb","cmd":"/lib/systemd/systemd-journald","egroup":"root","euser":"root","fgroup":"root","name":"systemd-journal","nice":-1,"nlwp":1,"pgrp":576,"pid":"576","ppid":1,"priority":19,"processor":1,"resident":5716,"rgroup":"root","ruser":"root","scan_time":"2024/09/12 08:48:00","session":576,"sgroup":"root","share":1309,"size":9389,"start_time":1725883183,"state":"S","stime":56,"suser":"root","tgid":576,"tty":0,"utime":48,"vm_size":37556},"index":"576","timestamp":""},"type":"state"}
/var/ossec/logs/wazuh/2024/Sep/ossec-12-001.log.gz:2024/09/12 11:48:00 wazuh-modulesd:syscollector[2235869] logging_helper.c:40 at taggedLogFunction(): DEBUG: Sync sent: {"component":"syscollector_processes","data":{"attributes":{"argvs":null,"checksum":"b1ab7bb116cf3b634c46d3444ec9f0d4acd8a87c","cmd":"/lib/systemd/systemd-udevd","egroup":"root","euser":"root","fgroup":"root","name":"systemd-udevd","nice":0,"nlwp":1,"pgrp":607,"pid":"607","ppid":1,"priority":20,"processor":5,"resident":2452,"rgroup":"root","ruser":"root","scan_time":"2024/09/12 08:48:00","session":607,"sgroup":"root","share":513,"size":5713,"start_time":1725883183,"state":"S","stime":52,"suser":"root","tgid":607,"tty":0,"utime":51,"vm_size":22852},"index":"607","timestamp":""},"type":"state"}
/var/ossec/logs/wazuh/2024/Sep/ossec-12-001.log.gz:2024/09/12 11:48:00 wazuh-modulesd:syscollector[2235869] logging_helper.c:40 at taggedLogFunction(): DEBUG: Sync sent: {"component":"syscollector_processes","data":{"attributes":{"argvs":null,"checksum":"7ac0a5091f040b2b1cc124a15e34aabc4c3d3e99","cmd":null,"egroup":"root","euser":"root","fgroup":"root","name":"kswapd0","nice":0,"nlwp":1,"pgrp":0,"pid":"134","ppid":2,"priority":20,"processor":0,"resident":0,"rgroup":"root","ruser":"root","scan_time":"2024/09/12 08:48:00","session":0,"sgroup":"root","share":0,"size":0,"start_time":1725883180,"state":"S","stime":4271,"suser":"root","tgid":134,"tty":0,"utime":0,"vm_size":0},"index":"134","timestamp":""},"type":"state"}
/var/ossec/logs/wazuh/2024/Sep/ossec-12-001.log.gz:2024/09/12 11:48:00 wazuh-modulesd:syscollector[2235869] logging_helper.c:40 at taggedLogFunction(): DEBUG: Sync sent: {"component":"syscollector_processes","data":{"attributes":{"argvs":"-i","checksum":"dc0a65121ce5bb850bc761e16efb52e1dbe15cf0","cmd":"sudo","egroup":"root","euser":"root","fgroup":"root","name":"sudo","nice":0,"nlwp":1,"pgrp":2215755,"pid":"2215755","ppid":2215450,"priority":20,"processor":0,"resident":3252,"rgroup":"root","ruser":"root","scan_time":"2024/09/12 08:48:00","session":2215450,"sgroup":"root","share":666,"size":2344,"start_time":1726040806,"state":"S","stime":0,"suser":"root","tgid":2215755,"tty":34818,"utime":0,"vm_size":9376},"index":"2215755","timestamp":""},"type":"state"}
/var/ossec/logs/wazuh/2024/Sep/ossec-12-001.log.gz:2024/09/12 11:48:00 wazuh-modulesd:syscollector[2235869] logging_helper.c:40 at taggedLogFunction(): DEBUG: Sync sent: {"component":"syscollector_processes","data":{"attributes":{"argvs":null,"checksum":"a5dcee3343c369787d9b315b274c5ee1b5b19262","cmd":"/usr/bin/vmtoolsd","egroup":"root","euser":"root","fgroup":"root","name":"vmtoolsd","nice":0,"nlwp":3,"pgrp":841,"pid":"841","ppid":1,"priority":20,"processor":7,"resident":4112,"rgroup":"root","ruser":"root","scan_time":"2024/09/12 08:48:00","session":841,"sgroup":"root","share":668,"size":59306,"start_time":1725883185,"state":"S","stime":8833,"suser":"root","tgid":841,"tty":0,"utime":9182,"vm_size":237224},"index":"841","timestamp":""},"type":"state"}
/var/ossec/logs/wazuh/2024/Sep/ossec-12-001.log.gz:2024/09/12 11:48:00 wazuh-modulesd:syscollector[2235869] logging_helper.c:40 at taggedLogFunction(): DEBUG: Sync sent: {"component":"syscollector_processes","data":{"attributes":{"argvs":null,"checksum":"9b9851702ade5bb4d476f91062e4953fb9661862","cmd":null,"egroup":"root","euser":"root","fgroup":"root","name":"xfsaild/dm-1","nice":0,"nlwp":1,"pgrp":0,"pid":"783","ppid":2,"priority":20,"processor":7,"resident":0,"rgroup":"root","ruser":"root","scan_time":"2024/09/12 08:48:00","session":0,"sgroup":"root","share":0,"size":0,"start_time":1725883183,"state":"S","stime":1112,"suser":"root","tgid":783,"tty":0,"utime":104,"vm_size":0},"index":"783","timestamp":""},"type":"state"}
/var/ossec/logs/wazuh/2024/Sep/ossec-12-001.log.gz:2024/09/12 11:48:00 wazuh-modulesd:syscollector[2235869] logging_helper.c:40 at taggedLogFunction(): DEBUG: Sync sent: {"component":"syscollector_processes","data":{"attributes":{"argvs":null,"checksum":"3c16bc5f14dd4f3588696b8197cbbd619fa8de94","cmd":null,"egroup":"root","euser":"root","fgroup":"root","name":"kworker/5:1H-kb","nice":-20,"nlwp":1,"pgrp":0,"pid":"762","ppid":2,"priority":0,"processor":5,"resident":0,"rgroup":"root","ruser":"root","scan_time":"2024/09/12 08:48:00","session":0,"sgroup":"root","share":0,"size":0,"start_time":1725883183,"state":"I","stime":3109,"suser":"root","tgid":762,"tty":0,"utime":0,"vm_size":0},"index":"762","timestamp":""},"type":"state"}
/var/ossec/logs/wazuh/2024/Sep/ossec-12-001.log.gz:2024/09/12 11:48:00 wazuh-modulesd:syscollector[2235869] logging_helper.c:40 at taggedLogFunction(): DEBUG: Sync sent: {"component":"syscollector_processes","data":{"attributes":{"argvs":null,"checksum":"65c36dd6e63bcad603e6bbb8c7c4046b29d9f16c","cmd":null,"egroup":"root","euser":"root","fgroup":"root","name":"kworker/4:0-eve","nice":0,"nlwp":1,"pgrp":0,"pid":"2229188","ppid":2,"priority":20,"processor":4,"resident":0,"rgroup":"root","ruser":"root","scan_time":"2024/09/12 08:48:00","session":0,"sgroup":"root","share":0,"size":0,"start_time":1726118222,"state":"I","stime":232,"suser":"root","tgid":2229188,"tty":0,"utime":7,"vm_size":0},"index":"2229188","timestamp":""},"type":"state"}
/var/ossec/logs/wazuh/2024/Sep/ossec-12-001.log.gz:2024/09/12 11:48:00 wazuh-modulesd:syscollector[2235869] logging_helper.c:40 at taggedLogFunction(): DEBUG: Sync sent: {"component":"syscollector_processes","data":{"attributes":{"argvs":null,"checksum":"25311952f71a674894f3b52853d2800f7d8e496b","cmd":null,"egroup":"root","euser":"root","fgroup":"root","name":"kworker/1:1H-xf","nice":-20,"nlwp":1,"pgrp":0,"pid":"845","ppid":2,"priority":0,"processor":1,"resident":0,"rgroup":"root","ruser":"root","scan_time":"2024/09/12 08:48:00","session":0,"sgroup":"root","share":0,"size":0,"start_time":1725883185,"state":"I","stime":1597,"suser":"root","tgid":845,"tty":0,"utime":0,"vm_size":0},"index":"845","timestamp":""},"type":"state"}
/var/ossec/logs/wazuh/2024/Sep/ossec-12-001.log.gz:2024/09/12 11:48:00 wazuh-modulesd:syscollector[2235869] logging_helper.c:40 at taggedLogFunction(): DEBUG: Sync sent: {"component":"syscollector_processes","data":{"attributes":{"argvs":null,"checksum":"afd88564ce2dd214a1fc96fb64fa3ba1d0804263","cmd":"-bash","egroup":"root","euser":"root","fgroup":"root","name":"bash","nice":0,"nlwp":1,"pgrp":2215756,"pid":"2215756","ppid":2215755,"priority":20,"processor":4,"resident":5316,"rgroup":"root","ruser":"root","scan_time":"2024/09/12 08:48:00","session":2215450,"sgroup":"root","share":781,"size":2253,"start_time":1726040806,"state":"S","stime":22,"suser":"root","tgid":2215756,"tty":34818,"utime":21,"vm_size":9012},"index":"2215756","timestamp":""},"type":"state"}
/var/ossec/logs/wazuh/2024/Sep/ossec-12-001.log.gz:2024/09/12 11:48:00 wazuh-modulesd:syscollector[2235869] logging_helper.c:40 at taggedLogFunction(): DEBUG: Sync sent: {"component":"syscollector_processes","data":{"attributes":{"argvs":null,"checksum":"77b725481327b093e2b99ec36c675ebc03bb61e9","cmd":null,"egroup":"root","euser":"root","fgroup":"root","name":"ksoftirqd/2","nice":0,"nlwp":1,"pgrp":0,"pid":"24","ppid":2,"priority":20,"processor":2,"resident":0,"rgroup":"root","ruser":"root","scan_time":"2024/09/12 08:48:00","session":0,"sgroup":"root","share":0,"size":0,"start_time":1725883179,"state":"S","stime":145,"suser":"root","tgid":24,"tty":0,"utime":0,"vm_size":0},"index":"24","timestamp":""},"type":"state"}
/var/ossec/logs/wazuh/2024/Sep/ossec-12-001.log.gz:2024/09/12 11:48:00 wazuh-modulesd:syscollector[2235869] logging_helper.c:40 at taggedLogFunction(): DEBUG: Sync sent: {"component":"syscollector_processes","data":{"attributes":{"argvs":null,"checksum":"809befc474cf9592d2a4f9c6a4ed7f61436d79bd","cmd":null,"egroup":"root","euser":"root","fgroup":"root","name":"kworker/5:2-cgr","nice":0,"nlwp":1,"pgrp":0,"pid":"2229579","ppid":2,"priority":20,"processor":5,"resident":0,"rgroup":"root","ruser":"root","scan_time":"2024/09/12 08:48:00","session":0,"sgroup":"root","share":0,"size":0,"start_time":1726120985,"state":"I","stime":240,"suser":"root","tgid":2229579,"tty":0,"utime":0,"vm_size":0},"index":"2229579","timestamp":""},"type":"state"}
/var/ossec/logs/wazuh/2024/Sep/ossec-12-001.log.gz:2024/09/12 11:48:00 wazuh-modulesd:syscollector[2235869] logging_helper.c:40 at taggedLogFunction(): DEBUG: Sync sent: {"component":"syscollector_processes","data":{"attributes":{"argvs":"-n -iNONE","checksum":"2dc89bf91b7814ef882090455986159bd880779f","cmd":"/usr/sbin/rsyslogd","egroup":"syslog","euser":"syslog","fgroup":"syslog","name":"rsyslogd","nice":0,"nlwp":4,"pgrp":908,"pid":"908","ppid":1,"priority":20,"processor":2,"resident":3284,"rgroup":"syslog","ruser":"syslog","scan_time":"2024/09/12 08:48:00","session":908,"sgroup":"syslog","share":470,"size":56135,"start_time":1725883188,"state":"S","stime":28,"suser":"syslog","tgid":908,"tty":0,"utime":27,"vm_size":224540},"index":"908","timestamp":""},"type":"state"}
/var/ossec/logs/wazuh/2024/Sep/ossec-12-001.log.gz:2024/09/12 11:48:00 wazuh-modulesd:syscollector[2235869] logging_helper.c:40 at taggedLogFunction(): DEBUG: Sync sent: {"component":"syscollector_processes","data":{"attributes":{"argvs":"-c /etc/zabbix/zabbix_agent2.conf","checksum":"747c0ff8f6dc26765dd47b4be700e5139270752f","cmd":"/usr/sbin/zabbix_agent2","egroup":"zabbix","euser":"zabbix","fgroup":"zabbix","name":"zabbix_agent2","nice":0,"nlwp":15,"pgrp":920,"pid":"920","ppid":1,"priority":20,"processor":2,"resident":12772,"rgroup":"zabbix","ruser":"zabbix","scan_time":"2024/09/12 08:48:00","session":920,"sgroup":"zabbix","share":1423,"size":571224,"start_time":1725883188,"state":"S","stime":27087,"suser":"zabbix","tgid":920,"tty":0,"utime":15947,"vm_size":2284896},"index":"920","timestamp":""},"type":"state"}
/var/ossec/logs/wazuh/2024/Sep/ossec-12-001.log.gz:2024/09/12 11:48:00 wazuh-modulesd:syscollector[2235869] logging_helper.c:40 at taggedLogFunction(): DEBUG: Sync sent: {"component":"syscollector_processes","data":{"attributes":{"argvs":"--foreground","checksum":"e21a538957c9037fcc16aecc459db6f16b550b7c","cmd":"/usr/sbin/irqbalance","egroup":"root","euser":"root","fgroup":"root","name":"irqbalance","nice":0,"nlwp":2,"pgrp":884,"pid":"884","ppid":1,"priority":20,"processor":7,"resident":1996,"rgroup":"root","ruser":"root","scan_time":"2024/09/12 08:48:00","session":884,"sgroup":"root","share":424,"size":20493,"start_time":1725883188,"state":"S","stime":471,"suser":"root","tgid":884,"tty":0,"utime":309,"vm_size":81972},"index":"884","timestamp":""},"type":"state"}
/var/ossec/logs/wazuh/2024/Sep/ossec-12-001.log.gz:2024/09/12 11:48:00 wazuh-modulesd:syscollector[2235869] logging_helper.c:40 at taggedLogFunction(): DEBUG: Sync sent: {"component":"syscollector_processes","data":{"attributes":{"argvs":null,"checksum":"c2874c2276834c4a88d5d592add0aea7e16e7881","cmd":null,"egroup":"root","euser":"root","fgroup":"root","name":"kworker/2:0-eve","nice":0,"nlwp":1,"pgrp":0,"pid":"2234517","ppid":2,"priority":20,"processor":2,"resident":0,"rgroup":"root","ruser":"root","scan_time":"2024/09/12 08:48:00","session":0,"sgroup":"root","share":0,"size":0,"start_time":1726126070,"state":"I","stime":20,"suser":"root","tgid":2234517,"tty":0,"utime":3,"vm_size":0},"index":"2234517","timestamp":""},"type":"state"}
/var/ossec/logs/wazuh/2024/Sep/ossec-12-001.log.gz:2024/09/12 11:48:00 wazuh-modulesd:syscollector[2235869] logging_helper.c:40 at taggedLogFunction(): DEBUG: Sync sent: {"component":"syscollector_processes","data":{"attributes":{"argvs":null,"checksum":"852fc990bdfb0df5fb6be55a886b143419c0196c","cmd":null,"egroup":"root","euser":"root","fgroup":"root","name":"irq/16-vmwgfx","nice":0,"nlwp":1,"pgrp":0,"pid":"389","ppid":2,"priority":-51,"processor":5,"resident":0,"rgroup":"root","ruser":"root","scan_time":"2024/09/12 08:48:00","session":0,"sgroup":"root","share":0,"size":0,"start_time":1725883181,"state":"S","stime":358,"suser":"root","tgid":389,"tty":0,"utime":1226,"vm_size":0},"index":"389","timestamp":""},"type":"state"}
/var/ossec/logs/wazuh/2024/Sep/ossec-12-001.log.gz:2024/09/12 11:48:00 wazuh-modulesd:syscollector[2235869] logging_helper.c:40 at taggedLogFunction(): DEBUG: Sync sent: {"component":"syscollector_processes","data":{"attributes":{"argvs":null,"checksum":"73ac0b7a9774906e3fd30a84e801e1d44d011cf6","cmd":null,"egroup":"root","euser":"root","fgroup":"root","name":"kworker/6:2-xfs","nice":0,"nlwp":1,"pgrp":0,"pid":"2234822","ppid":2,"priority":20,"processor":6,"resident":0,"rgroup":"root","ruser":"root","scan_time":"2024/09/12 08:48:00","session":0,"sgroup":"root","share":0,"size":0,"start_time":1726129404,"state":"I","stime":9,"suser":"root","tgid":2234822,"tty":0,"utime":0,"vm_size":0},"index":"2234822","timestamp":""},"type":"state"}
/var/ossec/logs/wazuh/2024/Sep/ossec-12-001.log.gz:2024/09/12 11:48:00 wazuh-modulesd:syscollector[2235869] logging_helper.c:40 at taggedLogFunction(): DEBUG: Sync sent: {"component":"syscollector_processes","data":{"attributes":{"argvs":null,"checksum":"42f9aae4f1891aa0bb067dcee2e0e2ffe5a9d11d","cmd":null,"egroup":"root","euser":"root","fgroup":"root","name":"kworker/7:1-eve","nice":0,"nlwp":1,"pgrp":0,"pid":"2235226","ppid":2,"priority":20,"processor":7,"resident":0,"rgroup":"root","ruser":"root","scan_time":"2024/09/12 08:48:00","session":0,"sgroup":"root","share":0,"size":0,"start_time":1726130295,"state":"I","stime":0,"suser":"root","tgid":2235226,"tty":0,"utime":3,"vm_size":0},"index":"2235226","timestamp":""},"type":"state"}
/var/ossec/logs/wazuh/2024/Sep/ossec-12-001.log.gz:2024/09/12 11:48:00 wazuh-modulesd:syscollector[2235869] logging_helper.c:40 at taggedLogFunction(): DEBUG: Sync sent: {"component":"syscollector_processes","data":{"attributes":{"argvs":null,"checksum":"fb3cee3707ba7979c0afc347d0f38bd476873dc3","cmd":null,"egroup":"root","euser":"root","fgroup":"root","name":"kworker/0:1H-kb","nice":-20,"nlwp":1,"pgrp":0,"pid":"734","ppid":2,"priority":0,"processor":0,"resident":0,"rgroup":"root","ruser":"root","scan_time":"2024/09/12 08:48:00","session":0,"sgroup":"root","share":0,"size":0,"start_time":1725883183,"state":"I","stime":1675,"suser":"root","tgid":734,"tty":0,"utime":0,"vm_size":0},"index":"734","timestamp":""},"type":"state"}
/var/ossec/logs/wazuh/2024/Sep/ossec-12-001.log.gz:2024/09/12 11:48:00 wazuh-modulesd:syscollector[2235869] logging_helper.c:40 at taggedLogFunction(): DEBUG: Sync sent: {"component":"syscollector_processes","data":{"attributes":{"argvs":null,"checksum":"9d7200a21445e80f098c568b1486b869c4ba0852","cmd":null,"egroup":"root","euser":"root","fgroup":"root","name":"kworker/4:1H-kb","nice":-20,"nlwp":1,"pgrp":0,"pid":"427","ppid":2,"priority":0,"processor":4,"resident":0,"rgroup":"root","ruser":"root","scan_time":"2024/09/12 08:48:00","session":0,"sgroup":"root","share":0,"size":0,"start_time":1725883181,"state":"I","stime":2666,"suser":"root","tgid":427,"tty":0,"utime":0,"vm_size":0},"index":"427","timestamp":""},"type":"state"}
/var/ossec/logs/wazuh/2024/Sep/ossec-12-001.log.gz:2024/09/12 11:48:00 wazuh-modulesd:syscollector[2235869] logging_helper.c:40 at taggedLogFunction(): DEBUG: Sync sent: {"component":"syscollector_processes","data":{"attributes":{"argvs":null,"checksum":"d30b49abced9af6de857fa291a8d2af1a37ebaea","cmd":"/lib/systemd/systemd-resolved","egroup":"systemd-resolve","euser":"systemd-resolve","fgroup":"systemd-resolve","name":"systemd-resolve","nice":0,"nlwp":1,"pgrp":866,"pid":"866","ppid":1,"priority":20,"processor":7,"resident":3284,"rgroup":"systemd-resolve","ruser":"systemd-resolve","scan_time":"2024/09/12 08:48:00","session":866,"sgroup":"systemd-resolve","share":576,"size":6171,"start_time":1725883185,"state":"S","stime":24,"suser":"systemd-resolve","tgid":866,"tty":0,"utime":24,"vm_size":24684},"index":"866","timestamp":""},"type":"state"}
/var/ossec/logs/wazuh/2024/Sep/ossec-12-001.log.gz:2024/09/12 11:48:00 wazuh-modulesd:syscollector[2235869] logging_helper.c:40 at taggedLogFunction(): DEBUG: Sync sent: {"component":"syscollector_processes","data":{"attributes":{"argvs":null,"checksum":"3c85c85da2256b991de9e4c3b560158bc2fe2b33","cmd":null,"egroup":"root","euser":"root","fgroup":"root","name":"kworker/u256:0-","nice":0,"nlwp":1,"pgrp":0,"pid":"2235262","ppid":2,"priority":20,"processor":1,"resident":0,"rgroup":"root","ruser":"root","scan_time":"2024/09/12 08:48:00","session":0,"sgroup":"root","share":0,"size":0,"start_time":1726130756,"state":"I","stime":0,"suser":"root","tgid":2235262,"tty":0,"utime":1,"vm_size":0},"index":"2235262","timestamp":""},"type":"state"}
/var/ossec/logs/wazuh/2024/Sep/ossec-12-001.log.gz:2024/09/12 11:48:00 wazuh-modulesd:syscollector[2235869] logging_helper.c:40 at taggedLogFunction(): DEBUG: Sync sent: {"component":"syscollector_processes","data":{"attributes":{"argvs":null,"checksum":"ad01fc856c09f3a51196eb9efad457ea012b6515","cmd":"-bash","egroup":"dsinitin","euser":"dsinitin","fgroup":"dsinitin","name":"bash","nice":0,"nlwp":1,"pgrp":2197982,"pid":"2197982","ppid":2197979,"priority":20,"processor":0,"resident":1904,"rgroup":"dsinitin","ruser":"dsinitin","scan_time":"2024/09/12 08:48:00","session":2197982,"sgroup":"dsinitin","share":362,"size":2132,"start_time":1725963660,"state":"S","stime":3,"suser":"dsinitin","tgid":2197982,"tty":34817,"utime":3,"vm_size":8528},"index":"2197982","timestamp":""},"type":"state"}
/var/ossec/logs/wazuh/2024/Sep/ossec-12-001.log.gz:2024/09/12 11:48:00 wazuh-modulesd:syscollector[2235869] logging_helper.c:40 at taggedLogFunction(): DEBUG: Sync sent: {"component":"syscollector_processes","data":{"attributes":{"argvs":null,"checksum":"b765b0b5304a1304c6fd1ff318a07831ca6db130","cmd":"nginx: worker process","egroup":"www-data","euser":"www-data","fgroup":"www-data","name":"nginx","nice":0,"nlwp":1,"pgrp":928,"pid":"933","ppid":928,"priority":20,"processor":7,"resident":2104,"rgroup":"www-data","ruser":"www-data","scan_time":"2024/09/12 08:48:00","session":928,"sgroup":"www-data","share":367,"size":6076,"start_time":1725883188,"state":"S","stime":0,"suser":"www-data","tgid":933,"tty":0,"utime":0,"vm_size":24304},"index":"933","timestamp":""},"type":"state"}
/var/ossec/logs/wazuh/2024/Sep/ossec-12-001.log.gz:2024/09/12 11:48:00 wazuh-modulesd:syscollector[2235869] logging_helper.c:40 at taggedLogFunction(): DEBUG: Sync sent: {"component":"syscollector_processes","data":{"attributes":{"argvs":"-p /var/run/ntpd.pid -g -u 118:121","checksum":"3dd6e9a6e11c7eacdda3f529b07b7998fe085c92","cmd":"/usr/sbin/ntpd","egroup":"ntp","euser":"ntp","fgroup":"ntp","name":"ntpd","nice":0,"nlwp":2,"pgrp":944,"pid":"944","ppid":1,"priority":20,"processor":0,"resident":2448,"rgroup":"ntp","ruser":"ntp","scan_time":"2024/09/12 08:48:00","session":944,"sgroup":"ntp","share":463,"size":18714,"start_time":1725883188,"state":"S","stime":0,"suser":"ntp","tgid":944,"tty":0,"utime":1075,"vm_size":74856},"index":"944","timestamp":""},"type":"state"}
/var/ossec/logs/wazuh/2024/Sep/ossec-12-001.log.gz:2024/09/12 11:48:01 wazuh-modulesd:syscollector[2235869] logging_helper.c:40 at taggedLogFunction(): DEBUG: Sync sent: {"component":"syscollector_processes","data":{"attributes":{"argvs":null,"checksum":"e03dfb93a93b20f561e4222d32c25caa901c8075","cmd":"/usr/lib/accountsservice/accounts-daemon","egroup":"root","euser":"root","fgroup":"root","name":"accounts-daemon","nice":0,"nlwp":3,"pgrp":875,"pid":"875","ppid":1,"priority":20,"processor":3,"resident":3804,"rgroup":"root","ruser":"root","scan_time":"2024/09/12 08:48:00","session":875,"sgroup":"root","share":615,"size":59069,"start_time":1725883188,"state":"S","stime":137,"suser":"root","tgid":875,"tty":0,"utime":207,"vm_size":236276},"index":"875","timestamp":""},"type":"state"}
/var/ossec/logs/wazuh/2024/Sep/ossec-12-001.log.gz:2024/09/12 11:48:01 wazuh-modulesd:syscollector[2235869] logging_helper.c:40 at taggedLogFunction(): DEBUG: Sync sent: {"component":"syscollector_processes","data":{"attributes":{"argvs":null,"checksum":"d11f13da3f58364ccbecffbfbe6d87d1e4a76e87","cmd":"/lib/systemd/systemd-logind","egroup":"root","euser":"root","fgroup":"root","name":"systemd-logind","nice":0,"nlwp":1,"pgrp":913,"pid":"913","ppid":1,"priority":20,"processor":1,"resident":3968,"rgroup":"root","ruser":"root","scan_time":"2024/09/12 08:48:00","session":913,"sgroup":"root","share":768,"size":4433,"start_time":1725883188,"state":"S","stime":23,"suser":"root","tgid":913,"tty":0,"utime":18,"vm_size":17732},"index":"913","timestamp":""},"type":"state"}
/var/ossec/logs/wazuh/2024/Sep/ossec-12-001.log.gz:2024/09/12 11:48:01 wazuh-modulesd:syscollector[2235869] logging_helper.c:40 at taggedLogFunction(): DEBUG: Sync sent: {"component":"syscollector_processes","data":{"attributes":{"argvs":null,"checksum":"e961d054762071b3011b562b13da19650ca6b25b","cmd":"/usr/lib/udisks2/udisksd","egroup":"root","euser":"root","fgroup":"root","name":"udisksd","nice":0,"nlwp":5,"pgrp":916,"pid":"916","ppid":1,"priority":20,"processor":2,"resident":3988,"rgroup":"root","ruser":"root","scan_time":"2024/09/12 08:48:00","session":916,"sgroup":"root","share":524,"size":98395,"start_time":1725883188,"state":"S","stime":14,"suser":"root","tgid":916,"tty":0,"utime":16,"vm_size":393580},"index":"916","timestamp":""},"type":"state"}
/var/ossec/logs/wazuh/2024/Sep/ossec-12.log.gz:2024/09/12 08:48:03 wazuh-modulesd:osquery[2219075] wm_osquery_monitor.c:88 at Read_Log(): WARNING: Results file '/var/log/osquery/osqueryd.results.log' not available: No such file or directory (2). Retrying in 60 sec.
/var/ossec/logs/wazuh/2024/Sep/ossec-12.log.gz:2024/09/12 08:48:41 wazuh-modulesd:vulnerability-scanner[2219075] osScanner.hpp:346 at handleRequest(): DEBUG: Vulnerability scan for OS 'Ubuntu' on Agent '138' has completed.
/var/ossec/logs/wazuh/2024/Sep/ossec-12.log.gz:2024/09/12 08:48:41 wazuh-modulesd:vulnerability-scanner[2219075] eventDetailsBuilder.hpp:101 at handleRequest(): DEBUG: Building event details for component type: 2
/var/ossec/logs/wazuh/2024/Sep/ossec-12.log.gz:2024/09/12 08:48:41 wazuh-modulesd:vulnerability-scanner[2219075] scanOrchestrator.hpp:299 at run(): DEBUG: Event type: 3 processed
/var/ossec/logs/wazuh/2024/Sep/ossec-12.log.gz:2024/09/12 08:48:45 wazuh-modulesd:vulnerability-scanner[2219075] scanOrchestrator.hpp:299 at run(): DEBUG: Event type: 11 processed
/var/ossec/logs/wazuh/2024/Sep/ossec-12.log.gz:2024/09/12 08:48:45 indexer-connector[2219075] indexerConnector.cpp:437 at operator()(): DEBUG: Syncing agent '138' with the indexer.
/var/ossec/logs/wazuh/2024/Sep/ossec-12.log.gz:2024/09/12 08:48:45 indexer-connector[2219075] indexerConnector.cpp:446 at operator()(): WARNING: Failed to sync agent '138' with the indexer.
/var/ossec/logs/wazuh/2024/Sep/ossec-12.log.gz:2024/09/12 08:48:45 indexer-connector[2219075] indexerConnector.cpp:447 at operator()(): DEBUG: Error: No available server
```
```
/var/log/wazuh-indexer/wazuh-cluster_deprecation.log:[2024-09-12T08:48:56,637][DEPRECATION][o.o.d.s.a.b.h.DateHistogramAggregationBuilder] [CEC-Wazuh-Indexer-01P] [interval] on [date_histogram] is deprecated, use [fixed_interval] or [calendar_interval] in the future.
/var/log/wazuh-indexer/wazuh-cluster_deprecation.log:[2024-09-12T08:48:57,205][DEPRECATION][o.o.d.s.a.b.h.DateHistogramAggregationBuilder] [CEC-Wazuh-Indexer-01P] [interval] on [date_histogram] is deprecated, use [fixed_interval] or [calendar_interval] in the future.
/var/log/wazuh-indexer/wazuh-cluster_deprecation.log:[2024-09-12T08:48:57,384][DEPRECATION][o.o.d.s.a.b.h.DateHistogramAggregationBuilder] [CEC-Wazuh-Indexer-01P] [interval] on [date_histogram] is deprecated, use [fixed_interval] or [calendar_interval] in the future.
/var/log/wazuh-indexer/wazuh-cluster_deprecation.log:[2024-09-12T08:48:57,511][DEPRECATION][o.o.d.s.a.b.h.DateHistogramAggregationBuilder] [CEC-Wazuh-Indexer-01P] [interval] on [date_histogram] is deprecated, use [fixed_interval] or [calendar_interval] in the future.
/var/log/wazuh-indexer/wazuh-cluster_deprecation.log:[2024-09-12T08:48:57,573][DEPRECATION][o.o.d.s.a.b.h.DateHistogramAggregationBuilder] [CEC-Wazuh-Indexer-01P] [interval] on [date_histogram] is deprecated, use [fixed_interval] or [calendar_interval] in the future.
/var/log/wazuh-indexer/wazuh-cluster_deprecation.log:[2024-09-12T08:48:57,815][DEPRECATION][o.o.d.s.a.b.h.DateHistogramAggregationBuilder] [CEC-Wazuh-Indexer-01P] [interval] on [date_histogram] is deprecated, use [fixed_interval] or [calendar_interval] in the future.
/var/log/wazuh-indexer/wazuh-cluster_deprecation.log:[2024-09-12T08:48:57,935][DEPRECATION][o.o.d.s.a.b.h.DateHistogramAggregationBuilder] [CEC-Wazuh-Indexer-01P] [interval] on [date_histogram] is deprecated, use [fixed_interval] or [calendar_interval] in the future.
/var/log/wazuh-indexer/wazuh-cluster_deprecation.log:[2024-09-12T08:48:58,104][DEPRECATION][o.o.d.s.a.b.h.DateHistogramAggregationBuilder] [CEC-Wazuh-Indexer-01P] [interval] on [date_histogram] is deprecated, use [fixed_interval] or [calendar_interval] in the future.
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:00,936][WARN ][o.o.p.c.u.JsonConverter ] [CEC-Wazuh-Indexer-01P] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:05,936][WARN ][o.o.p.c.u.JsonConverter ] [CEC-Wazuh-Indexer-01P] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:10,937][WARN ][o.o.p.c.u.JsonConverter ] [CEC-Wazuh-Indexer-01P] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:15,938][WARN ][o.o.p.c.u.JsonConverter ] [CEC-Wazuh-Indexer-01P] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:20,939][WARN ][o.o.p.c.u.JsonConverter ] [CEC-Wazuh-Indexer-01P] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:25,939][WARN ][o.o.p.c.u.JsonConverter ] [CEC-Wazuh-Indexer-01P] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:30,939][WARN ][o.o.p.c.u.JsonConverter ] [CEC-Wazuh-Indexer-01P] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:35,940][WARN ][o.o.p.c.u.JsonConverter ] [CEC-Wazuh-Indexer-01P] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:40,940][WARN ][o.o.p.c.u.JsonConverter ] [CEC-Wazuh-Indexer-01P] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:45,941][WARN ][o.o.p.c.u.JsonConverter ] [CEC-Wazuh-Indexer-01P] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:50,941][WARN ][o.o.p.c.u.JsonConverter ] [CEC-Wazuh-Indexer-01P] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:55,942][WARN ][o.o.p.c.u.JsonConverter ] [CEC-Wazuh-Indexer-01P] Json Mapping Error: Cannot invoke "java.lang.Long.longValue()" because "this.cacheMaxSize" is null (through reference chain: org.opensearch.performanceanalyzer.collectors.CacheConfigMetricsCollector$CacheMaxSizeStatus["Cache_MaxSize"])
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:56,638][INFO ][o.o.a.t.TransportExecuteMonitorAction] [CEC-Wazuh-Indexer-01P] Executing monitor from API - id: , type: QUERY_LEVEL_MONITOR, periodStart: 2024-09-12T05:47:56.637Z, periodEnd: 2024-09-12T05:48:56.637Z, dryrun: true
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:56,638][INFO ][o.o.a.t.TransportExecuteMonitorAction] [CEC-Wazuh-Indexer-01P] Executing monitor from API - id: , type: QUERY_LEVEL_MONITOR, periodStart: 2024-09-12T05:47:56.637Z, periodEnd: 2024-09-12T05:48:56.637Z, dryrun: true
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:56,638][INFO ][o.o.a.MonitorRunnerService] [CEC-Wazuh-Indexer-01P] Executing scheduled monitor - id: , type: QUERY_LEVEL_MONITOR, periodStart: 2024-09-12T05:47:56.637Z, periodEnd: 2024-09-12T05:48:56.637Z, dryrun: true, executionId: _2024-09-12T05:48:56.638859061_77bc38e7-1cfd-401a-be80-9eedb706ce78
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:56,640][INFO ][o.o.a.MonitorRunnerService] [CEC-Wazuh-Indexer-01P] Executing scheduled monitor - id: , type: QUERY_LEVEL_MONITOR, periodStart: 2024-09-12T05:47:56.637Z, periodEnd: 2024-09-12T05:48:56.637Z, dryrun: true, executionId: _2024-09-12T05:48:56.640478979_2a0e7be5-8918-4967-be06-b30d69a0096e
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:57,206][INFO ][o.o.a.t.TransportExecuteMonitorAction] [CEC-Wazuh-Indexer-01P] Executing monitor from API - id: , type: QUERY_LEVEL_MONITOR, periodStart: 2024-09-12T05:47:57.204Z, periodEnd: 2024-09-12T05:48:57.204Z, dryrun: true
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:57,206][INFO ][o.o.a.t.TransportExecuteMonitorAction] [CEC-Wazuh-Indexer-01P] Executing monitor from API - id: , type: QUERY_LEVEL_MONITOR, periodStart: 2024-09-12T05:47:57.204Z, periodEnd: 2024-09-12T05:48:57.204Z, dryrun: true
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:57,206][INFO ][o.o.a.MonitorRunnerService] [CEC-Wazuh-Indexer-01P] Executing scheduled monitor - id: , type: QUERY_LEVEL_MONITOR, periodStart: 2024-09-12T05:47:57.204Z, periodEnd: 2024-09-12T05:48:57.204Z, dryrun: true, executionId: _2024-09-12T05:48:57.206689963_83e90ba2-bbfe-455e-9b5b-9c667776fe19
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:57,207][INFO ][o.o.a.MonitorRunnerService] [CEC-Wazuh-Indexer-01P] Executing scheduled monitor - id: , type: QUERY_LEVEL_MONITOR, periodStart: 2024-09-12T05:47:57.204Z, periodEnd: 2024-09-12T05:48:57.204Z, dryrun: true, executionId: _2024-09-12T05:48:57.207082809_326e49aa-2e30-474b-8509-9356b1516e51
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:57,385][INFO ][o.o.a.t.TransportExecuteMonitorAction] [CEC-Wazuh-Indexer-01P] Executing monitor from API - id: , type: QUERY_LEVEL_MONITOR, periodStart: 2024-09-12T05:47:57.384Z, periodEnd: 2024-09-12T05:48:57.384Z, dryrun: true
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:57,385][INFO ][o.o.a.MonitorRunnerService] [CEC-Wazuh-Indexer-01P] Executing scheduled monitor - id: , type: QUERY_LEVEL_MONITOR, periodStart: 2024-09-12T05:47:57.384Z, periodEnd: 2024-09-12T05:48:57.384Z, dryrun: true, executionId: _2024-09-12T05:48:57.385601799_076552ff-ab0a-4c65-bc8a-9026b6a0d3bf
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:57,385][INFO ][o.o.a.t.TransportExecuteMonitorAction] [CEC-Wazuh-Indexer-01P] Executing monitor from API - id: , type: QUERY_LEVEL_MONITOR, periodStart: 2024-09-12T05:47:57.384Z, periodEnd: 2024-09-12T05:48:57.384Z, dryrun: true
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:57,386][INFO ][o.o.a.MonitorRunnerService] [CEC-Wazuh-Indexer-01P] Executing scheduled monitor - id: , type: QUERY_LEVEL_MONITOR, periodStart: 2024-09-12T05:47:57.384Z, periodEnd: 2024-09-12T05:48:57.384Z, dryrun: true, executionId: _2024-09-12T05:48:57.386550983_7db6777c-eed8-4aee-8d9c-54d1208904f3
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:57,513][INFO ][o.o.a.t.TransportExecuteMonitorAction] [CEC-Wazuh-Indexer-01P] Executing monitor from API - id: , type: QUERY_LEVEL_MONITOR, periodStart: 2024-09-12T05:47:57.511Z, periodEnd: 2024-09-12T05:48:57.511Z, dryrun: true
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:57,513][INFO ][o.o.a.MonitorRunnerService] [CEC-Wazuh-Indexer-01P] Executing scheduled monitor - id: , type: QUERY_LEVEL_MONITOR, periodStart: 2024-09-12T05:47:57.511Z, periodEnd: 2024-09-12T05:48:57.511Z, dryrun: true, executionId: _2024-09-12T05:48:57.513456308_b543332a-c2c9-47db-a59d-f8303fa04772
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:57,515][INFO ][o.o.a.t.TransportExecuteMonitorAction] [CEC-Wazuh-Indexer-01P] Executing monitor from API - id: , type: QUERY_LEVEL_MONITOR, periodStart: 2024-09-12T05:47:57.513Z, periodEnd: 2024-09-12T05:48:57.513Z, dryrun: true
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:57,516][INFO ][o.o.a.MonitorRunnerService] [CEC-Wazuh-Indexer-01P] Executing scheduled monitor - id: , type: QUERY_LEVEL_MONITOR, periodStart: 2024-09-12T05:47:57.513Z, periodEnd: 2024-09-12T05:48:57.513Z, dryrun: true, executionId: _2024-09-12T05:48:57.516552414_a42a47f8-1bac-45b6-970a-efe3d2b7e2b5
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:57,574][INFO ][o.o.a.t.TransportExecuteMonitorAction] [CEC-Wazuh-Indexer-01P] Executing monitor from API - id: , type: QUERY_LEVEL_MONITOR, periodStart: 2024-09-12T05:47:57.573Z, periodEnd: 2024-09-12T05:48:57.573Z, dryrun: true
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:57,574][INFO ][o.o.a.MonitorRunnerService] [CEC-Wazuh-Indexer-01P] Executing scheduled monitor - id: , type: QUERY_LEVEL_MONITOR, periodStart: 2024-09-12T05:47:57.573Z, periodEnd: 2024-09-12T05:48:57.573Z, dryrun: true, executionId: _2024-09-12T05:48:57.574646500_e1f1846f-d92b-4fc5-bed4-a4c7f4b74131
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:57,574][INFO ][o.o.a.t.TransportExecuteMonitorAction] [CEC-Wazuh-Indexer-01P] Executing monitor from API - id: , type: QUERY_LEVEL_MONITOR, periodStart: 2024-09-12T05:47:57.574Z, periodEnd: 2024-09-12T05:48:57.574Z, dryrun: true
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:57,576][INFO ][o.o.a.MonitorRunnerService] [CEC-Wazuh-Indexer-01P] Executing scheduled monitor - id: , type: QUERY_LEVEL_MONITOR, periodStart: 2024-09-12T05:47:57.574Z, periodEnd: 2024-09-12T05:48:57.574Z, dryrun: true, executionId: _2024-09-12T05:48:57.576081514_77cf4459-4729-42c6-800f-e05026f4f810
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:57,815][INFO ][o.o.a.t.TransportExecuteMonitorAction] [CEC-Wazuh-Indexer-01P] Executing monitor from API - id: , type: QUERY_LEVEL_MONITOR, periodStart: 2024-09-12T05:47:57.814Z, periodEnd: 2024-09-12T05:48:57.814Z, dryrun: true
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:57,816][INFO ][o.o.a.MonitorRunnerService] [CEC-Wazuh-Indexer-01P] Executing scheduled monitor - id: , type: QUERY_LEVEL_MONITOR, periodStart: 2024-09-12T05:47:57.814Z, periodEnd: 2024-09-12T05:48:57.814Z, dryrun: true, executionId: _2024-09-12T05:48:57.816219858_9457a6c1-97d9-4652-bf6e-18ccab490843
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:57,816][INFO ][o.o.a.t.TransportExecuteMonitorAction] [CEC-Wazuh-Indexer-01P] Executing monitor from API - id: , type: QUERY_LEVEL_MONITOR, periodStart: 2024-09-12T05:47:57.815Z, periodEnd: 2024-09-12T05:48:57.815Z, dryrun: true
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:57,816][INFO ][o.o.a.MonitorRunnerService] [CEC-Wazuh-Indexer-01P] Executing scheduled monitor - id: , type: QUERY_LEVEL_MONITOR, periodStart: 2024-09-12T05:47:57.815Z, periodEnd: 2024-09-12T05:48:57.815Z, dryrun: true, executionId: _2024-09-12T05:48:57.816700993_7ef07735-6c72-4c4c-9048-6caf4c70094a
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:57,936][INFO ][o.o.a.t.TransportExecuteMonitorAction] [CEC-Wazuh-Indexer-01P] Executing monitor from API - id: , type: QUERY_LEVEL_MONITOR, periodStart: 2024-09-12T05:47:57.935Z, periodEnd: 2024-09-12T05:48:57.935Z, dryrun: true
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:57,936][INFO ][o.o.a.MonitorRunnerService] [CEC-Wazuh-Indexer-01P] Executing scheduled monitor - id: , type: QUERY_LEVEL_MONITOR, periodStart: 2024-09-12T05:47:57.935Z, periodEnd: 2024-09-12T05:48:57.935Z, dryrun: true, executionId: _2024-09-12T05:48:57.936561356_79575b4a-4cab-4f1d-9a1d-2119569b6575
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:57,937][INFO ][o.o.a.t.TransportExecuteMonitorAction] [CEC-Wazuh-Indexer-01P] Executing monitor from API - id: , type: QUERY_LEVEL_MONITOR, periodStart: 2024-09-12T05:47:57.936Z, periodEnd: 2024-09-12T05:48:57.936Z, dryrun: true
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:57,938][INFO ][o.o.a.MonitorRunnerService] [CEC-Wazuh-Indexer-01P] Executing scheduled monitor - id: , type: QUERY_LEVEL_MONITOR, periodStart: 2024-09-12T05:47:57.936Z, periodEnd: 2024-09-12T05:48:57.936Z, dryrun: true, executionId: _2024-09-12T05:48:57.938148566_c6cccc45-4a4f-4477-8c60-01b8d4d55937
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:58,105][INFO ][o.o.a.t.TransportExecuteMonitorAction] [CEC-Wazuh-Indexer-01P] Executing monitor from API - id: , type: QUERY_LEVEL_MONITOR, periodStart: 2024-09-12T05:47:58.104Z, periodEnd: 2024-09-12T05:48:58.104Z, dryrun: true
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:58,105][INFO ][o.o.a.MonitorRunnerService] [CEC-Wazuh-Indexer-01P] Executing scheduled monitor - id: , type: QUERY_LEVEL_MONITOR, periodStart: 2024-09-12T05:47:58.104Z, periodEnd: 2024-09-12T05:48:58.104Z, dryrun: true, executionId: _2024-09-12T05:48:58.105707288_fa4c38c4-feed-451a-9aa1-d1927385bb1c
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:58,105][INFO ][o.o.a.t.TransportExecuteMonitorAction] [CEC-Wazuh-Indexer-01P] Executing monitor from API - id: , type: QUERY_LEVEL_MONITOR, periodStart: 2024-09-12T05:47:58.104Z, periodEnd: 2024-09-12T05:48:58.104Z, dryrun: true
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T08:48:58,107][INFO ][o.o.a.MonitorRunnerService] [CEC-Wazuh-Indexer-01P] Executing scheduled monitor - id: , type: QUERY_LEVEL_MONITOR, periodStart: 2024-09-12T05:47:58.104Z, periodEnd: 2024-09-12T05:48:58.104Z, dryrun: true, executionId: _2024-09-12T05:48:58.106967789_b3285edf-bbc1-47cc-827e-fb69b887a465
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T11:48:54,580][INFO ][o.o.a.MonitorRunnerService] [CEC-Wazuh-Indexer-01P] Executing scheduled monitor - id: gsbH5JEBJI-FhZ_M8mWQ, type: QUERY_LEVEL_MONITOR, periodStart: 2024-09-12T08:47:54.574Z, periodEnd: 2024-09-12T08:48:54.574Z, dryrun: false, executionId: gsbH5JEBJI-FhZ_M8mWQ_2024-09-12T08:48:54.580169321_9292f6f8-3b02-4aec-aa0f-0fd9fee7ea86
/var/log/wazuh-indexer/wazuh-cluster.log:[2024-09-12T11:49:54,580][INFO ][o.o.a.MonitorRunnerService] [CEC-Wazuh-Indexer-01P] Executing scheduled monitor - id: gsbH5JEBJI-FhZ_M8mWQ, type: QUERY_LEVEL_MONITOR, periodStart: 2024-09-12T08:48:54.574Z, periodEnd: 2024-09-12T08:49:54.574Z, dryrun: false, executionId: gsbH5JEBJI-FhZ_M8mWQ_2024-09-12T08:49:54.580454444_de3854a5-93b6-4b65-9a22-d1959659e6ba
```
What possibly i did in that moment - played with alert monitors - added this one (screenshots)
I deleted it now and il logs i see huge amount of messages (still in process for all agents:
```
2024/09/12 19:48:33 wazuh-modulesd:vulnerability-scanner[19419] resultIndexer.hpp:62 at handleRequest(): DEBUG: Processing and publish key: 039_c8e212e22912842bcc7c378aa13b1ac004fe4f2b_CVE-2020-26144
2024/09/12 19:48:33 wazuh-modulesd:vulnerability-scanner[19419] resultIndexer.hpp:62 at handleRequest(): DEBUG: Processing and publish key: 039_c8e212e22912842bcc7c378aa13b1ac004fe4f2b_CVE-2024-42067
2024/09/12 19:48:33 wazuh-modulesd:vulnerability-scanner[19419] resultIndexer.hpp:62 at handleRequest(): DEBUG: Processing and publish key: 039_c8e212e22912842bcc7c378aa13b1ac004fe4f2b_CVE-2024-26845
2024/09/12 19:48:33 wazuh-modulesd:vulnerability-scanner[19419] resultIndexer.hpp:62 at handleRequest(): DEBUG: Processing and publish key: 039_c8e212e22912842bcc7c378aa13b1ac004fe4f2b_CVE-2022-48770
2024/09/12 19:48:33 wazuh-modulesd:vulnerability-scanner[19419] resultIndexer.hpp:62 at handleRequest(): DEBUG: Processing and publish key: 039_c8e212e22912842bcc7c378aa13b1ac004fe4f2b_CVE-2016-0821
2024/09/12 19:48:33 wazuh-modulesd:vulnerability-scanner[19419] resultIndexer.hpp:62 at handleRequest(): DEBUG: Processing and publish key: 039_c8e212e22912842bcc7c378aa13b1ac004fe4f2b_CVE-2024-42225
2024/09/12 19:48:33 wazuh-modulesd:vulnerability-scanner[19419] resultIndexer.hpp:62 at handleRequest(): DEBUG: Processing and publish key: 039_c8e212e22912842bcc7c378aa13b1ac004fe4f2b_CVE-2021-47421
2024/09/12 19:48:33 wazuh-modulesd:vulnerability-scanner[19419] resultIndexer.hpp:62 at handleRequest(): DEBUG: Processing and publish key: 039_c8e212e22912842bcc7c378aa13b1ac004fe4f2b_CVE-2024-26854
2024/09/12 19:48:33 wazuh-modulesd:vulnerability-scanner[19419] resultIndexer.hpp:62 at handleRequest(): DEBUG: Processing and publish key: 039_c8e212e22912842bcc7c378aa13b1ac004fe4f2b_CVE-2020-27067
2024/09/12 19:48:33 wazuh-modulesd:vulnerability-scanner[19419] resultIndexer.hpp:62 at handleRequest(): DEBUG: Processing and publish key: 039_c8e212e22912842bcc7c378aa13b1ac004fe4f2b_CVE-2023-52740
2024/09/12 19:48:33 wazuh-modulesd:vulnerability-scanner[19419] resultIndexer.hpp:62 at handleRequest(): DEBUG: Processing and publish key: 039_c8e212e22912842bcc7c378aa13b1ac004fe4f2b_CVE-2021-47197
2024/09/12 19:48:33 wazuh-modulesd:vulnerability-scanner[19419] resultIndexer.hpp:62 at handleRequest(): DEBUG: Processing and publish key: 039_c8e212e22912842bcc7c378aa13b1ac004fe4f2b_CVE-2020-27786
2024/09/12 19:48:33 wazuh-modulesd:vulnerability-scanner[19419] resultIndexer.hpp:62 at handleRequest(): DEBUG: Processing and publish key: 039_c8e212e22912842bcc7c378aa13b1ac004fe4f2b_CVE-2024-27410
```
The cluster is still in yellow state
```
curl -s --cacert /etc/filebeat/certs/root-ca.pem --cert /etc/filebeat/certs/filebeat.pem --key /etc/filebeat/certs/filebeat-key.pem -u admin:$PASS -XGET https://$)indexer_node}:9200/_cluster/health?pretty
{
"cluster_name" : "wazuh-cluster",
"status" : "yellow",
"timed_out" : false,
"number_of_nodes" : 1,
"number_of_data_nodes" : 1,
"discovered_master" : true,
"discovered_cluster_manager" : true,
"active_shards" : 105,
"relocating_shards" : 0,
"initializing_shards" : 0,
"unassigned_shards" : 4,
"delayed_unassigned_shards" : 0,
"number_of_pending_tasks" : 0,
"number_of_in_flight_fetch" : 0,
"task_max_waiting_in_queue_millis" : 0,
}
```
Will investigate as mutch as i can, if you have suggestions where can we look for more informative messages related to this problem - will be glad to help
Трезвый Дворник
Sep 12, 2024, 3:02:00 PM9/12/24
to Wazuh | Mailing List
Hi again.
Here is the instruction to set cluster in green mode:
1. Disable security plugin in indexer - add
plugins.security.disabled: true
in the file /etc/wazuh-indexer/opensearch.yml
and restart indexer.
2. Using plain HTTP list your UNASSIGNED shards from command line - in this step you CAN NOT login in Wazuh Dashboard
curl -v -k -u admin:$PASS -XGET http://${indexer_node}:9200/_cat/shards?v | grep UNASSIGNED
and for each shard set the appropriate amount of replicas like here:
curl -v -k -X PUT "http://${indexer_node}:9200/.opensearch-alerting-config-lock/_settings" -H 'Content-Type: application/json' -d'
{
"index": {
"number_of_replicas": 0
}
}' -u admin:$PASS
3. Then check you cluster status - it should be green at this moment:
curl -k -u admin:$PASS -XGET https://${indexer_node}:9200/_cluster/health?pretty
{
"cluster_name" : "wazuh-cluster",
"status" : "green",
...
4. Set plugins.security.disabled: true in /etc/wazuh-indexer/opensearch.yml and restart indexer.
5. Check the logs - it should be synchronization events
2024/09/12 21:50:06 indexer-connector[19419] indexerConnector.cpp:437 at operator()(): DEBUG: Syncing agent '138' with the indexer.
2024/09/12 21:50:07 indexer-connector[19419] indexerConnector.cpp:267 at operator()(): DEBUG: Response: {"took":302,"errors":false,"items":[{"delete":{"_index":"wazuh-states-vulnerabilities-wazuh","_id":"138_e09c7e2f64c8a5c389b333e1a9670852925616f8_CVE-2022-28653"...
____
At this moment i didn't figured out why it happened, I never set any replicas in my wazuh installation.
I have full debug mode enabled in production, if I will find a correlation in the future I bet it is a bug report needed.
Here is the instruction to set cluster in green mode:
1. Disable security plugin in indexer - add
plugins.security.disabled: true
in the file /etc/wazuh-indexer/opensearch.yml
and restart indexer.
2. Using plain HTTP list your UNASSIGNED shards from command line - in this step you CAN NOT login in Wazuh Dashboard
curl -v -k -u admin:$PASS -XGET http://${indexer_node}:9200/_cat/shards?v | grep UNASSIGNED
and for each shard set the appropriate amount of replicas like here:
curl -v -k -X PUT "http://${indexer_node}:9200/.opensearch-alerting-config-lock/_settings" -H 'Content-Type: application/json' -d'
{
"index": {
"number_of_replicas": 0
}
}' -u admin:$PASS
3. Then check you cluster status - it should be green at this moment:
curl -k -u admin:$PASS -XGET https://${indexer_node}:9200/_cluster/health?pretty
{
"cluster_name" : "wazuh-cluster",
"status" : "green",
...
4. Set plugins.security.disabled: true in /etc/wazuh-indexer/opensearch.yml and restart indexer.
5. Check the logs - it should be synchronization events
2024/09/12 21:50:06 indexer-connector[19419] indexerConnector.cpp:437 at operator()(): DEBUG: Syncing agent '138' with the indexer.
2024/09/12 21:50:07 indexer-connector[19419] indexerConnector.cpp:267 at operator()(): DEBUG: Response: {"took":302,"errors":false,"items":[{"delete":{"_index":"wazuh-states-vulnerabilities-wazuh","_id":"138_e09c7e2f64c8a5c389b333e1a9670852925616f8_CVE-2022-28653"...
____
At this moment i didn't figured out why it happened, I never set any replicas in my wazuh installation.
I have full debug mode enabled in production, if I will find a correlation in the future I bet it is a bug report needed.
Musakkarul Lambatjing
Sep 19, 2024, 3:56:06 AM9/19/24
to Wazuh | Mailing List
Hello Trezvyy ( pardon if i call you wrong ) ,
Thank you for the tutorial and step.
finally i can get my cluster to green status, and there is no unassigned shards anymore.
it seems like, we can't deleted/changed replicas of the shards, if all the shards we have still on running, so the command "
plugins.security.disabled: true " , it seems the main point.
it stops all shards, and we can change the replicas of the shards.
after i changes the replicas of shards that unassigned before, it takes some times to start the cluster into green, i almost panicked because it keep getting "red" status after i do all that steps. but turns out it takes sometimes to assigned and sync the shards and will change to the green once all the shards is 100% assigned.
now my vulnerability detection finally can detect all of my agents, and my cluster is healthy as it is.
Thank you.
{
"cluster_name" : "wazuh-indexer-cluster",
"status" : "green",
"cluster_name" : "wazuh-indexer-cluster",
"status" : "green",
"timed_out" : false,
"number_of_nodes" : 1,
"number_of_data_nodes" : 1,
"discovered_master" : true,
"discovered_cluster_manager" : true,
"active_primary_shards" : 1636,
"active_shards" : 1636,
"relocating_shards" : 0,
"initializing_shards" : 0,
"unassigned_shards" : 0,
"active_shards" : 1636,
"relocating_shards" : 0,
"initializing_shards" : 0,
"unassigned_shards" : 0,
"delayed_unassigned_shards" : 0,
"number_of_pending_tasks" : 0,
"number_of_in_flight_fetch" : 0,
"task_max_waiting_in_queue_millis" : 0,
"active_shards_percent_as_number" : 100.0
}
}
Reply all
Reply to author
Forward
0 new messages