Wazuh dashboard not showing data (There are no results for selected time range. Try another one.)
3,172 views
Skip to first unread message
Ian Yenien Serrano
May 8, 2023, 4:42:11 AM5/8/23
to Wazuh mailing list
Hi Monitorização Servidores, thanks for using Wazuh,
I understand that you can't see the alerts on the dashboard you sent the picture? Are there any that you can see? If so, maybe you haven't configured the "ossec.conf" to generate alerts for those sections.
For example, for FIM (the dashboard in the picture) you configure it as explained in this documentation.
https://documentation.wazuh.com/current/user-manual/capabilities/file-integrity/how-to-configure-fim.html
I understand that you can't see the alerts on the dashboard you sent the picture? Are there any that you can see? If so, maybe you haven't configured the "ossec.conf" to generate alerts for those sections.
For example, for FIM (the dashboard in the picture) you configure it as explained in this documentation.
https://documentation.wazuh.com/current/user-manual/capabilities/file-integrity/how-to-configure-fim.html
Ian Yenien Serrano
May 8, 2023, 5:08:32 AM5/8/23
to Wazuh mailing list
| Hi Ian,
|
| I have cliecked to add data on Sample data in Settings and now is showing some data.
Sample data is, as the name suggests, sample information. What it does is aggregate alerts that meet the filters of each dashboard. If you want to have real information in each dashboard you have to make the necessary configuration for each dashboard, you can find it all in the official documentation.
https://documentation.wazuh.com/current/index.html
When you answer if you can, please reply all so that it remains in case someone else has the same problem as you.
Sample data is, as the name suggests, sample information. What it does is aggregate alerts that meet the filters of each dashboard. If you want to have real information in each dashboard you have to make the necessary configuration for each dashboard, you can find it all in the official documentation.
https://documentation.wazuh.com/current/index.html
When you answer if you can, please reply all so that it remains in case someone else has the same problem as you.
Monitorização Servidores
May 8, 2023, 6:07:01 AM5/8/23
to Wazuh mailing list
Hi Ian,
But i used to see the logs on version 4.3 only after i have made the upgrade to 4.4 that i could not see the events, but on alerts.log the agents are sending the events. Also in ossec file most of the configurations are enabled
Message has been deleted
Message has been deleted
Ian Yenien Serrano
May 9, 2023, 4:18:27 AM5/9/23
to Wazuh mailing list
This could be caused by the next reasons:
- the data is not indexed due a problem in the workflow of generation and indexation
- the filters used in Wazuh dashboards don't match with any documents
How to review the generation and indexation flow of Wazuh alerts
- Check the Wazuh manager/s service is running
or
service wazuh-manager-master- Ensure the Wazuh manager/s is generating new alerts. Review the alerts.json file where the alerts are stored.
The previous command, should display the last line of the alerts.json file. Review if the timestamp property displays a recent date.
- Ensure the wazuh module is installed
- Check the Filebeat service is running
or
service filebeat status- Verify the connection Filebeat
- Review the Filebeat logs ( you could filter by errors/warnings ):
- Optionally, you could review the Wazuh indexer logs too, but the problem could be identified in the above check.
- Wazuh indexer
where:
- <CLUSTER_NAME> is the name of your Wazuh indexer cluster.
- Ensure the Wazuh dashboard instance is connected to the same Wazuh indexer cluster where the data is being indexed.
Problem could be caused by the filtering of data
The Wazuh plugin filters
- alerts: by cluster.name or manager.name
Did you changed the name of your cluster recently? This change could causes that you don't see previous alerts.
Ian Yenien Serrano
May 9, 2023, 6:10:13 AM5/9/23
to Wazuh mailing list
Now I understand, I share with you messages from another user who had the same problem and was able to solve it, you can try to do what he says and let me know if it worked for you.
https://groups.google.com/g/wazuh/c/UMUiTvuGfWc
https://groups.google.com/g/wazuh/c/R5zP0WM32Js
https://groups.google.com/g/wazuh/c/UMUiTvuGfWc
https://groups.google.com/g/wazuh/c/R5zP0WM32Js
Ian Yenien Serrano
May 10, 2023, 3:37:00 AM5/10/23
to Wazuh mailing list
Did you follow all the steps in the documentation?
https://documentation.wazuh.com/current/installation-guide/wazuh-server/step-by-step.html#configuring-filebeat
I share this thread from a user who had the same problem.
https://groups.google.com/g/wazuh/c/uDDVhaWMQTM/m/EYpsKGnQAQAJ
https://groups.google.com/g/wazuh/c/HcFrfx3gK2A
https://documentation.wazuh.com/current/installation-guide/wazuh-server/step-by-step.html#configuring-filebeat
I share this thread from a user who had the same problem.
https://groups.google.com/g/wazuh/c/uDDVhaWMQTM/m/EYpsKGnQAQAJ
https://groups.google.com/g/wazuh/c/HcFrfx3gK2A
Reply all
Reply to author
Forward
0 new messages