Need urgent assistance regarding the Wazuh Update

[Souraj Chakraborty]

Hi recently updated Wazuh from a older version to 4.11.2-1.
I followed this guide 
https://documentation.wazuh.com/current/upgrade-guide/upgrading-central-components.html#upgrading-wazuh-manager  
and installed the updates.
and after the process i ran this 
commands and got the response. 
[root@wazuh-server home]# yum list installed wazuh-indexer
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd
230 packages excluded due to repository priority protections
Installed Packages
wazuh-indexer.x86_64                                                                                          4.11.2-1                                                                                          @wazuh
[root@wazuh-server home]# yum list installed wazuh-manager
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd
230 packages excluded due to repository priority protections
Installed Packages
wazuh-manager.x86_64                                                                                          4.11.2-1                                                                                          @wazuh
[root@wazuh-server home]# yum list installed wazuh-dashboard
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd
230 packages excluded due to repository priority protections
Installed Packages
wazuh-dashboard.x86_64                                                                                         4.11.2-1                                                                                         @wazuh
----------------------------------------------------------------------------------------------------------------------------------------------
When i try to go to the Dashboard i get this message.

[Diego Cappri]

Hello Souraj,

there's a troubleshooting section documented here which specifies what to do about the error you're having, it should help you.

Looking forward to your comments.

Diego.

[Souraj Chakraborty]

Ensure the Wazuh dashboard service is active. Run the following command on the Wazuh dashboard node to check the status:
systemctl status wazuh-dashboard

● wazuh-dashboard.service - wazuh-dashboard

   Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: disabled)

   Active: active (running) since Mon 2025-04-21 10:31:11 UTC; 52min ago

 Main PID: 20062 (node)

   CGroup: /system.slice/wazuh-dashboard.service

           └─20062 /usr/share/wazuh-dashboard/node/fallback/bin/node --no-warnings --max-http-header-size=65536 --unhandled-rejections=warn /usr/share/wazuh-dashboard/src/cli/dist

Apr 21 11:23:06 wazuh-server opensearch-dashboards[20062]: {"type":"log","@timestamp":"2025-04-21T11:23:06Z","tags":["error","opensearch","data"],"pid":20062,"message":"[ResponseError]: Response Error"}

Apr 21 11:23:08 wazuh-server opensearch-dashboards[20062]: {"type":"log","@timestamp":"2025-04-21T11:23:08Z","tags":["error","opensearch","data"],"pid":20062,"message":"[ResponseError]: Response Error"}

Apr 21 11:23:11 wazuh-server opensearch-dashboards[20062]: {"type":"log","@timestamp":"2025-04-21T11:23:11Z","tags":["error","opensearch","data"],"pid":20062,"message":"[ResponseError]: Response Error"}

Apr 21 11:23:13 wazuh-server opensearch-dashboards[20062]: {"type":"log","@timestamp":"2025-04-21T11:23:13Z","tags":["error","opensearch","data"],"pid":20062,"message":"[ResponseError]: Response Error"}

Apr 21 11:23:16 wazuh-server opensearch-dashboards[20062]: {"type":"log","@timestamp":"2025-04-21T11:23:16Z","tags":["error","opensearch","data"],"pid":20062,"message":"[ResponseError]: Response Error"}

Apr 21 11:23:18 wazuh-server opensearch-dashboards[20062]: {"type":"log","@timestamp":"2025-04-21T11:23:18Z","tags":["error","opensearch","data"],"pid":20062,"message":"[ResponseError]: Response Error"}

Apr 21 11:23:21 wazuh-server opensearch-dashboards[20062]: {"type":"log","@timestamp":"2025-04-21T11:23:21Z","tags":["error","opensearch","data"],"pid":20062,"message":"[ResponseError]: Response Error"}

Apr 21 11:23:23 wazuh-server opensearch-dashboards[20062]: {"type":"log","@timestamp":"2025-04-21T11:23:23Z","tags":["error","opensearch","data"],"pid":20062,"message":"[ResponseError]: Response Error"}

Apr 21 11:23:26 wazuh-server opensearch-dashboards[20062]: {"type":"log","@timestamp":"2025-04-21T11:23:26Z","tags":["error","opensearch","data"],"pid":20062,"message":"[ResponseError]: Response Error"}

Apr 21 11:23:28 wazuh-server opensearch-dashboards[20062]: {"type":"log","@timestamp":"2025-04-21T11:23:28Z","tags":["error","opensearch","data"],"pid":20062,"message":"[ResponseError]: Response Error"}

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
journalctl -u wazuh-dashboard | grep -i -E "error|warn"
I have added a file with a sample of the errors-  Dashboard Logs

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Ensure the Wazuh dashboard is correctly configured to communicate with the Wazuh indexer.
Open the dashboard /etc/wazuh-dashboard/opensearch_dashboards.yml file and verify the Wazuh indexer IP address configured in the opensearch.hosts field:
This IP is correct and i have use this IP to delete old indexes before. 
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Check the connectivity between the Wazuh dashboard and the Wazuh indexer. Replace <WAZUH_INDEXER_IP_ADDRESS> and run the following command on the Wazuh dashboard node:
I have added a document as evidence it shows that it is working.
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

systemctl status wazuh-indexer

● wazuh-indexer.service - wazuh-indexer

   Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled)

   Active: active (running) since Mon 2025-04-21 10:05:07 UTC; 1h 32min ago

     Docs: https://documentation.wazuh.com

 Main PID: 15100 (java)

   CGroup: /system.slice/wazuh-indexer.service

           └─15100 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=tru...

Apr 21 10:04:53 wazuh-server systemd-entrypoint[15100]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.16.0.jar)

Apr 21 10:04:53 wazuh-server systemd-entrypoint[15100]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch

Apr 21 10:04:53 wazuh-server systemd-entrypoint[15100]: WARNING: System::setSecurityManager will be removed in a future release

Apr 21 10:04:53 wazuh-server systemd-entrypoint[15100]: Apr 21, 2025 10:04:53 AM sun.util.locale.provider.LocaleProviderAdapter <clinit>

Apr 21 10:04:53 wazuh-server systemd-entrypoint[15100]: WARNING: COMPAT locale provider will be removed in a future release

Apr 21 10:04:54 wazuh-server systemd-entrypoint[15100]: WARNING: A terminally deprecated method in java.lang.System has been called

Apr 21 10:04:54 wazuh-server systemd-entrypoint[15100]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.16.0.jar)

Apr 21 10:04:54 wazuh-server systemd-entrypoint[15100]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security

Apr 21 10:04:54 wazuh-server systemd-entrypoint[15100]: WARNING: System::setSecurityManager will be removed in a future release

Apr 21 10:05:07 wazuh-server systemd[1]: Started wazuh-indexer.
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

For this Replace <WAZUH_INDEXER_CLUSTER_NAME> and run the following command on the Wazuh indexer node to check the indexer logs for errors:
we have using a AMI and it is used within a aws instance, how to find the cluster name?

[Diego Cappri]

Hi. Your dashboard logs are not showing any recent information, not sure if they are complete.

About the cluster name, you can get it from the manager with "grep -A3 '<cluster>' /var/ossec/etc/ossec.conf"

I can see wazuh-indexer is up, please double check from the server with "curl -k https://127.0.0.1:9200",

[Souraj Chakraborty]

About the cluster name, you can get it from the manager with "grep -A3 '<cluster>' /var/ossec/etc/ossec.conf"

[root@wazuh-server certs]# grep -A3 '<cluster>' /var/ossec/etc/ossec.conf

  <cluster>

    <name>wazuh</name>

    <node_name>node01</node_name>

    <node_type>master</node_type>

[root@wazuh-server certs]# cat /var/log/wazuh-indexer/wazuh.log | grep -E "ERROR|WARN|Caused"

cat: /var/log/wazuh-indexer/wazuh.log: No such file or directory
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

[root@wazuh-server wazuh-indexer]# curl -k https://127.0.0.1:9200
Unauthorized

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

can you help me with a command that can show the latest logs and 
i used this command - journalctl -u wazuh-dashboard -n 1000 | grep -i -E "error|warn" > latest_wazuh_dashboard_logs.txt

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Please let me know if this helps

[Diego Cappri]

Thanks for the info, it was helpful. Seems your indexer is ok but dashboard can't authenticate properly, please check here for this problem, after you verify and modify if required your credentials (to check: curl -k -u admin:your_actual_indexer_password https://127.0.0.1:9200), please restart the dashboard and let me know.

Thanks.

[Souraj Chakraborty]

Hi Diego,

Previously before the Update - i used to run this command with the same user name and password and added them to the mentioned echo commands.
curl -k -u admin:password -XDELETE "https://127.0.0.1:9200/wazuh-alerts-4.x-2023.01*"

I ran the following commands, and added the user name and the password i use for logging into the dashboard and to clear the old indexes 
echo '<INDEXER_USERNAME>' | /var/ossec/bin/wazuh-keystore -f indexer -k username
echo '<INDEXER_PASSWORD>' | /var/ossec/bin/wazuh-keystore -f indexer -k password

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

[root@wazuh-server bin]# curl -k -u admin:password https://127.0.0.1:9200

{

  "name" : "node-1",

  "cluster_name" : "wazuh-cluster",

  "cluster_uuid" : "5PI1c8fJRU2aMu-li9qxDQ",

  "version" : {

    "number" : "7.10.2",

    "build_type" : "rpm",

    "build_hash" : "e5a68d19815af94a9883fead7927edb40181f32d",

    "build_date" : "2025-03-26T19:05:39.438663Z",

    "build_snapshot" : false,

    "lucene_version" : "9.11.1",

    "minimum_wire_compatibility_version" : "7.10.0",

    "minimum_index_compatibility_version" : "7.0.0"

  },

  "tagline" : "The OpenSearch Project: https://opensearch.org/"

}

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

[Diego Cappri]

Ok, that's looks fine. Seems it can be related to credentials, please check keystore contents -> /var/ossec/bin/wazuh-keystore -l
You'll see something like:
indexer:username
indexer:password

if not, please run again:
echo 'admin' | /var/ossec/bin/wazuh-keystore -f indexer -k username
echo 'password' | /var/ossec/bin/wazuh-keystore -f indexer -k password

Then test again.

[Souraj Chakraborty]

Hi Diego

/var/ossec/bin/wazuh-keystore -l 
The whole file is like this -  

!^@h^O^@^@^@%^B!^@h^P^@^@^@%!^@h^Q^@^@^@%!

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Only Read able part is this ---
 78 Usage: wazuh-keystore <option(s)>

 79 ^@^@^@^@^@      -h                      Show this help message

 80 ^@^@    -f COLUMN_FAMILY        Specifies the target column family for the insertion.

 81 ^@^@^@^@^@^@^@^@        -k KEY                  Specifies the key for the key-value pair.

 82 ^@^@^@^@        -v VALUE                Specifies the value associated with the key. Only use one value option at the time.

 83 ^@      -vp VALUE_PATH          Path to a file containing the value to read (single line). Only use one value option at the time.

 84 ^@^@^@^@^@      NOTE: if both value parameters are empty, stdin will be read.

 85 ^@

 86         ./wazuh-keystore -f indexer -k username -v admin 

 87 ^@^@^@^@^@

 88         ./wazuh-keystore -f indexer -k password -vp /path/to/file.txt

 89 ^@^@^@^@^@^@^@^@

 90         ./wazuh-keystore -f indexer -k password < /path/to/file.txt

 91 ^@^@

 92         echo 'pass' | ./wazuh-keystore -f indexer -k password

 93 ^@^@^@^@^@^@^@^@

 94         cat /path/to/file.txt | ./wazuh-keystore -f indexer -k password

 95 ^@Options:

[Diego Cappri]

You can replace password with the actual one that worked in your curl test. There’s no harm in running these again — they’ll simply overwrite existing entries.

Once done, restart your dashboard and test again.

[Souraj Chakraborty]

Hi Diego

I have in this command put within the single quotes the actual password. 
echo '<I have put the actual password here>' | /var/ossec/bin/wazuh-keystore -f indexer -k password
and tried this multiple times, but still the same inside the keystroke file.

and now after restarting the Wazuh Dashboard it get this message. 
This site can’t be reached
10.10.0.246 refused to connect.
Try:
Checking the connection
Checking the proxy and the firewall
ERR_CONNECTION_REFUSED

Any Ideas?

[Diego Cappri]

Hi,

bear in mind that file /var/ossec/bin/wazuh-keystore type is ELF 64-bit LSB executable. Here's the proper lines as per documentation:

echo '<INDEXER_USERNAME>' | /var/ossec/bin/wazuh-keystore -f indexer -k username
echo '<INDEXER_PASSWORD>' | /var/ossec/bin/wazuh-keystore -f indexer -k password

About the error you have, seems like a connection problem, are all wazuh related servers reacheable? Was some IP changed during your tests?

Thanks.

[Souraj Chakraborty]

Hi Diego Sorry for the gap in communication. 
I checked there was a missing pem file name in the opensearch.yml

i went back to the /opensearch_dashboards.yml.old and made sure that the pem file matched with the old one.
cp /etc/wazuh-dashboard/opensearch_dashboards.yml /etc/wazuh-dashboard/opensearch_dashboards.yml.old

and then restarted the services
manager, indexer and dashboard, all are green.

but we are back at the beginning where it just shows the Wazuh dashboard server is not ready yet.  

[Souraj Chakraborty]

Hi Diego, i have tried multiple time to run this exact command

echo '<INDEXER_USERNAME>' | /var/ossec/bin/wazuh-keystore -f indexer -k username
echo '<INDEXER_PASSWORD>' | /var/ossec/bin/wazuh-keystore -f indexer -k password

and check the /var/ossec/bin/wazuh-keystore -l 
but i dont see the password in the file i just see the username as admin, but the password is saying as password and not the actual password.

[Diego Cappri]

Hi, since this test worked -> curl -k -u admin:<real-password> https://127.0.0.1:9200

Please try this:

echo 'admin' | /var/ossec/bin/wazuh-keystore -f indexer -k username

echo 'my_real_password' | /var/ossec/bin/wazuh-keystore -f indexer -k password

Then restart the dashboard and run the test again.

[Souraj Chakraborty]

Hi Diego, 

I ran this commands : -

echo 'admin' | /var/ossec/bin/wazuh-keystore -f indexer -k username

echo 'my_real_password' | /var/ossec/bin/wazuh-keystore -f indexer -k password

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
I restarted the Dashboard still the same issue

systemctl status wazuh-dashboard

● wazuh-dashboard.service - wazuh-dashboard

   Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: disabled)

   Active: active (running) since Wed 2025-04-23 02:57:17 UTC; 10s ago

 Main PID: 18209 (node)

   CGroup: /system.slice/wazuh-dashboard.service

           └─18209 /usr/share/wazuh-dashboard/node/fallback/bin/node --no-warnings --max-http-header-size=65536 --unhandled-rejections=warn /usr/share/wazuh-dashboard/src/cli/dist

Apr 23 02:57:25 wazuh-server opensearch-dashboards[18209]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead

Apr 23 02:57:25 wazuh-server opensearch-dashboards[18209]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead

Apr 23 02:57:25 wazuh-server opensearch-dashboards[18209]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead

Apr 23 02:57:25 wazuh-server opensearch-dashboards[18209]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead

Apr 23 02:57:25 wazuh-server opensearch-dashboards[18209]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead

Apr 23 02:57:25 wazuh-server opensearch-dashboards[18209]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead

Apr 23 02:57:25 wazuh-server opensearch-dashboards[18209]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead

Apr 23 02:57:25 wazuh-server opensearch-dashboards[18209]: {"type":"log","@timestamp":"2025-04-23T02:57:25Z","tags":["info","savedobjects-service"],"pid":18209,"message":"Waiting until all OpenSearc...grations..."}

Apr 23 02:57:25 wazuh-server opensearch-dashboards[18209]: {"type":"log","@timestamp":"2025-04-23T02:57:25Z","tags":["error","opensearch","data"],"pid":18209,"message":"[ResponseError]: Response Error"}

Apr 23 02:57:25 wazuh-server opensearch-dashboards[18209]: {"type":"log","@timestamp":"2025-04-23T02:57:25Z","tags":["error","savedobjects-service"],"pid":18209,"message":"Unable to retrieve version...arch nodes."}

Apr 23 02:57:27 wazuh-server opensearch-dashboards[18209]: {"type":"log","@timestamp":"2025-04-23T02:57:27Z","tags":["error","opensearch","data"],"pid":18209,"message":"[ResponseError]: Response Error"}

Hint: Some lines were ellipsized, use -l to show in full.

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
I have run both of this again and then ran the curl command 
curl -k -u admin:i-my_real_password https://127.0.0.1:9200

{

  "name" : "node-1",

  "cluster_name" : "wazuh-cluster",

  "cluster_uuid" : "5PI1c8fJRU2aMu-li9qxDQ",

  "version" : {

    "number" : "7.10.2",

    "build_type" : "rpm",

    "build_hash" : "e5a68d19815af94a9883fead7927edb40181f32d",

    "build_date" : "2025-03-26T19:05:39.438663Z",

    "build_snapshot" : false,

    "lucene_version" : "9.11.1",

    "minimum_wire_compatibility_version" : "7.10.0",

    "minimum_index_compatibility_version" : "7.0.0"

  },

  "tagline" : "The OpenSearch Project: https://opensearch.org/"

}

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

I am facing this issue for a few days, will it be possible to connect with you to resolve this problem, if possible over a zoom or a google meet call, so we can look for solution faster and go through the issues and debug them? Please let me know if this will be possible.

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

[Souraj Chakraborty]

Hi Diego,

I ran this command and found this alerts. Added the command and the logs in this mail.

Replace <WAZUH_INDEXER_CLUSTER_NAME> and run the following command on the Wazuh indexer node to check the indexer logs for errors:

cat /var/log/wazuh-indexer/<WAZUH_INDEXER_CLUSTER_NAME>.log | grep -E "ERROR|WARN|Caused"

wazuh-cluster.log

cat /var/log/wazuh-indexer/wazuh-cluster.log | grep -E "ERROR|WARN|Caused"

[Souraj Chakraborty]

Hi Please assist on this issue. It is still persisting. 

[Diego Cappri]

Hi, my apologies for the delay. Please in your dashboard yml config file add:

# Temporary debug config – remove after fixing login
opensearch.username: admin
opensearch.password: your_actual_password

save and exit, then restart the dashboard.

[Souraj Chakraborty]

nano /etc/wazuh-dashboard/opensearch_dashboards.yml

systemctl restart wazuh-dashboard

systemctl status wazuh-dashboard

● wazuh-dashboard.service - wazuh-dashboard

   Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: disabled)

   Active: active (running) since Thu 2025-04-24 13:32:15 UTC; 4s ago

 Main PID: 12452 (node)

   CGroup: /system.slice/wazuh-dashboard.service

           └─12452 /usr/share/wazuh-dashboard/node/fallback/bin/node --no-warnings --max-http-header-size=65536 --unhandled-rejections=warn /usr/share/wazuh-dashboard/src/cli/dist

Apr 24 13:32:19 wazuh-server opensearch-dashboards[12452]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead

Apr 24 13:32:19 wazuh-server opensearch-dashboards[12452]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead

Apr 24 13:32:19 wazuh-server opensearch-dashboards[12452]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead

Apr 24 13:32:19 wazuh-server opensearch-dashboards[12452]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead

Apr 24 13:32:19 wazuh-server opensearch-dashboards[12452]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead

Apr 24 13:32:19 wazuh-server opensearch-dashboards[12452]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead

Apr 24 13:32:19 wazuh-server opensearch-dashboards[12452]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead

Apr 24 13:32:19 wazuh-server opensearch-dashboards[12452]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead

Apr 24 13:32:19 wazuh-server opensearch-dashboards[12452]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead

Apr 24 13:32:19 wazuh-server opensearch-dashboards[12452]: {"type":"log","@timestamp":"2025-04-24T13:32:19Z","tags":["info","savedobjects-service"],"pid":12452,"message":"Waiting until all OpenSearc...grations..."}

Hint: Some lines were ellipsized, use -l to show in full.
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

server.host: 0.0.0.0
opensearch.hosts: https://127.0.0.1:9200
server.port: 443
opensearch.ssl.verificationMode: certificate
opensearch.username: admin
opensearch.password: my-password
opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"]
opensearch_security.multitenancy.enabled: true
opensearch_security.readonly_mode.roles: ["kibana_read_only"]
server.ssl.enabled: true
server.ssl.key: "/etc/wazuh-dashboard/certs/wazuh-dashboard-key.pem"
server.ssl.certificate: "/etc/wazuh-dashboard/certs/wazuh-dashboard.pem"
opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboard/certs/root-ca.pem"]
uiSettings.overrides.defaultRoute: /app/wz-home
opensearch_security.cookie.secure: true

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

[Diego Cappri]

Looks good, were you able to login your dashboard now or message "Dashboard not ready yet" is still there?

[Souraj Chakraborty]

Hi Diego,

NO i tried a few times still the same message

I am typing the IP to access the dashboard still the same message.

Wazuh dashboard server is not ready yet

[Diego Cappri]

Please check once again this login: curl -k -u admin:my-password https://127.0.0.1:9200

After that, you can try to clean up the optimization cache:

rm -rf /usr/share/wazuh-dashboard/optimize/*

systemctl restart wazuh-dashboard

[Souraj Chakraborty]

Hi Diego the output of the commands.
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

curl -k -u admin:my password https://127.0.0.1:9200

{

  "name" : "node-1",

  "cluster_name" : "wazuh-cluster",

  "cluster_uuid" : "5PI1c8fJRU2aMu-li9qxDQ",

  "version" : {

    "number" : "7.10.2",

    "build_type" : "rpm",

    "build_hash" : "e5a68d19815af94a9883fead7927edb40181f32d",

    "build_date" : "2025-03-26T19:05:39.438663Z",

    "build_snapshot" : false,

    "lucene_version" : "9.11.1",

    "minimum_wire_compatibility_version" : "7.10.0",

    "minimum_index_compatibility_version" : "7.0.0"

  },

  "tagline" : "The OpenSearch Project: https://opensearch.org/"

}
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

[root@wazuh-server ~]# rm -rf /usr/share/wazuh-dashboard/optimize/*

[root@wazuh-server ~]# systemctl restart wazuh-dashboard
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

[root@wazuh-server ~]# systemctl status wazuh-dashboard

● wazuh-dashboard.service - wazuh-dashboard

   Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: disabled)

   Active: active (running) since Thu 2025-04-24 18:18:34 UTC; 9s ago

 Main PID: 20378 (node)

   CGroup: /system.slice/wazuh-dashboard.service

           └─20378 /usr/share/wazuh-dashboard/node/fallback/bin/node --no-warnings --max-http-header-size=65536 --unhandled-rejections=warn /usr/share/wazuh-dashboard/src/cli/dist

Apr 24 18:18:43 wazuh-server opensearch-dashboards[20378]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead

Apr 24 18:18:43 wazuh-server opensearch-dashboards[20378]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead

Apr 24 18:18:43 wazuh-server opensearch-dashboards[20378]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead

Apr 24 18:18:43 wazuh-server opensearch-dashboards[20378]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead

Apr 24 18:18:43 wazuh-server opensearch-dashboards[20378]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead

Apr 24 18:18:43 wazuh-server opensearch-dashboards[20378]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead

Apr 24 18:18:43 wazuh-server opensearch-dashboards[20378]: [agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead

Apr 24 18:18:43 wazuh-server opensearch-dashboards[20378]: {"type":"log","@timestamp":"2025-04-24T18:18:43Z","tags":["info","savedobjects-service"],"pid":20378,"message":"Waiting until all OpenSearc...grations..."}

Apr 24 18:18:43 wazuh-server opensearch-dashboards[20378]: {"type":"log","@timestamp":"2025-04-24T18:18:43Z","tags":["error","opensearch","data"],"pid":20378,"message":"[ResponseError]: Response Error"}

Apr 24 18:18:43 wazuh-server opensearch-dashboards[20378]: {"type":"log","@timestamp":"2025-04-24T18:18:43Z","tags":["error","savedobjects-service"],"pid":20378,"message":"Unable to retrieve version...arch nodes."}

Hint: Some lines were ellipsized, use -l to show in full.

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Still the same issue -- 

Wazuh dashboard server is not ready yet

[Diego Cappri]

Hi sorry for the delay. I was checking some a similar case. Can you check your wazuh indexer is running ok? Also, please share the output for cat /var/log/wazuh-indexer/wazuh-cluster.log
Thanks.

[Souraj Chakraborty]

Hi Diego

Here is the Logs i put it in a file and sharing.

[Diego Cappri]

So, Dashboard is trying both kibanaserver and admin, and both are failing auth. Your manual curl with admin:password works — so Indexer does accept valid auth, hence, the Wazuh Dashboard isn’t using that same password successfully, please change kibanaserver passwd: /var/ossec/framework/python/bin/python3 /var/ossec/framework/scripts/wazuh-indexer/tools/wazuh-indexer-security.py reset-password --user kibanaserver

Then update dashboard.yml adding at the bottom:
opensearch.username: kibanaserver
opensearch.password: your-new-passwd
opensearch.ssl.verificationMode: none
logging.verbose: true

once done, restart wazuh-dashboard then check logs, authentication error should gone and dashboard show be reacheable

[Souraj Chakraborty]

Hi Diego

The path you mentioned is not present here for the indexer password reset. For the reset-password --user kibanaserver
please change kibanaserver passwd: /var/ossec/framework/python/bin/python3 - For this it leads to a ELF file what do i have to do for this ?

Please advice.

[Diego Cappri]

Hi, sorry for the wrong path. Please check this command to reset kibanaserver passwd: /var/ossec/bin/wazuh-indexer users reset-password kibanaserver

Then update dashboard.yml adding at the bottom:
opensearch.username: kibanaserver
opensearch.password: your-new-passwd
opensearch.ssl.verificationMode: none
logging.verbose: true

once done, restart wazuh-dashboard then check logs, authentication error should gone and dashboard show be reacheable

[Souraj Chakraborty]

Hi Diego

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------[root@wazuh-server ~]# /var/ossec/bin/wazuh-indexer users reset-password kibanaserver

-bash: /var/ossec/bin/wazuh-indexer: No such file or directory

[root@wazuh-server ~]# 
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

[root@wazuh-server ~]# cd /var/ossec/bin/

[root@wazuh-server bin]# ls

agent_control  clear_stats      rbac_control       wazuh-analysisd  wazuh-clusterd  wazuh-db     wazuh-integratord   wazuh-logtest         wazuh-modulesd  wazuh-remoted

agent_groups   cluster_control  verify-agent-conf  wazuh-apid       wazuh-control   wazuh-dbd    wazuh-keystore      wazuh-logtest-legacy  wazuh-monitord  wazuh-reportd

agent_upgrade  manage_agents    wazuh-agentlessd   wazuh-authd      wazuh-csyslogd  wazuh-execd  wazuh-logcollector  wazuh-maild           wazuh-regex     wazuh-syscheckd

[root@wazuh-server bin]# 

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

[Diego Cappri]

Hi, thanks for the reply. What kind of wazuh installation you're using?

[Souraj Chakraborty]

Hi Diego

We are using a AMI that we got from the AWS marketplace and it is running in a EC2 instance.
Wazuh All-In-One Deployment

[Diego Cappri]

Thanks for your reply. Please check for internal user config with: cat /etc/wazuh-indexer/opensearch-security/internal_users.yml | grep kibanaserver -A 10

We need to confirm the kibanaserver user exists

[Souraj Chakraborty]

cat /etc/wazuh-indexer/opensearch-security/internal_users.yml | grep kibanaserver -A 10

kibanaserver:

  hash: "hash value"

  reserved: true

  hidden: false

  backend_roles: []

  attributes: {}

  description: "Demo kibanaserver user"

  opendistro_security_roles: []

  static: false

kibanaro:

  hash: "hash value"

  reserved: false

  hidden: false

  backend_roles:

  - "kibanauser"

  - "readall"

  attributes:

[Diego Cappri]

Please take a look to this documentation and change the password for your all-in-one setup.

[Souraj Chakraborty]

Hi diego

I have tried the method before to change the password, 

[root@wazuh-server /]# cd /usr/share/wazuh-indexer/plugins/opensearch-security/tools/

[root@wazuh-server tools]# bash wazuh-passwords-tool.sh -u kibanaserver -p <new password>
It did not return any new output, as mentioned in the document.

INFO: Generating password hash WARNING: Password changed. Remember to update the password in the Wazuh dashboard and Filebeat nodes if necessary, and restart the services.

[root@wazuh-server tools]# nano /etc/wazuh-dashboard/opensearch_dashboards.yml

server.host: 0.0.0.0

opensearch.hosts: https://127.0.0.1:9200

server.port: 443

opensearch.ssl.verificationMode: none

opensearch.username: kibanaserver

opensearch.password: <new password>

opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"]

opensearch_security.multitenancy.enabled: true

opensearch_security.readonly_mode.roles: ["kibana_read_only"]

server.ssl.enabled: true

server.ssl.key: "/etc/wazuh-dashboard/certs/wazuh-dashboard-key.pem"

server.ssl.certificate: "/etc/wazuh-dashboard/certs/wazuh-dashboard.pem"

opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboard/certs/root-ca.pem"]

uiSettings.overrides.defaultRoute: /app/wz-home

opensearch_security.cookie.secure: true

logging.verbose: true

[Diego Cappri]

That's ok, were you able to systemctl restart wazuh-dashboard, wait for some seconds and test the Dashboard?

[Souraj Chakraborty]

Hi Diego

I tried and restarted the Dashboard, and it worked but got the same answer.

Wazuh dashboard server is not ready yet

 systemctl restart wazuh-dashboard

systemctl status wazuh-dashboard

● wazuh-dashboard.service - wazuh-dashboard

   Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: disabled)

   Active: active (running) since Mon 2025-04-28 17:22:37 UTC; 2s ago

 Main PID: 2250 (node)

   CGroup: /system.slice/wazuh-dashboard.service

           └─2250 /usr/share/wazuh-dashboard/node/fallback/bin/node --no-warnings --max-http-header-size=65536 --unhandled-rejections=warn /usr/share/wazuh-dashboard/src/cli/dist

Apr 28 17:22:39 wazuh-server opensearch-dashboards[2250]: {"type":"log","@timestamp":"2025-04-28T17:22:39Z","tags":["debug","plugins","visualize"],"pid":2250,"message":"\"/usr/share/wazuh-dashboard/...\"config\"."}

Apr 28 17:22:39 wazuh-server opensearch-dashboards[2250]: {"type":"log","@timestamp":"2025-04-28T17:22:39Z","tags":["debug","config"],"pid":2250,"message":"Marking config path as handled: workspace"}

Apr 28 17:22:39 wazuh-server opensearch-dashboards[2250]: {"type":"log","@timestamp":"2025-04-28T17:22:39Z","tags":["debug","config"],"pid":2250,"message":"Marking config path as handled: opensearch_alerting"}

Apr 28 17:22:39 wazuh-server opensearch-dashboards[2250]: {"type":"log","@timestamp":"2025-04-28T17:22:39Z","tags":["debug","config"],"pid":2250,"message":"Marking config path as handled: custom_imp..._dashboards"}

Apr 28 17:22:39 wazuh-server opensearch-dashboards[2250]: {"type":"log","@timestamp":"2025-04-28T17:22:39Z","tags":["debug","plugins","ganttChartDashboards"],"pid":2250,"message":"\"/usr/share/wazuh...\"config\"."}

Apr 28 17:22:39 wazuh-server opensearch-dashboards[2250]: {"type":"log","@timestamp":"2025-04-28T17:22:39Z","tags":["debug","config"],"pid":2250,"message":"Marking config path as handled: opensearch..._management"}

Apr 28 17:22:39 wazuh-server opensearch-dashboards[2250]: {"type":"log","@timestamp":"2025-04-28T17:22:39Z","tags":["debug","plugins","notificationsDashboards"],"pid":2250,"message":"\"/usr/share/wa...\"config\"."}

Apr 28 17:22:40 wazuh-server opensearch-dashboards[2250]: {"type":"log","@timestamp":"2025-04-28T17:22:40Z","tags":["debug","config"],"pid":2250,"message":"Marking config path as handled: opensearch_reporting"}

Apr 28 17:22:40 wazuh-server opensearch-dashboards[2250]: {"type":"log","@timestamp":"2025-04-28T17:22:40Z","tags":["debug","config"],"pid":2250,"message":"Marking config path as handled: logging"}

Apr 28 17:22:40 wazuh-server opensearch-dashboards[2250]: {"type":"log","@timestamp":"2025-04-28T17:22:40Z","tags":["debug","config"],"pid":2250,"message":"Marking config path as handled: opensearch_security"}

Hint: Some lines were ellipsized, use -l to show in full.

[Diego Cappri]

Ok, you now need to find the authentication attempt lines, please open a live view of dashboard logs: journalctl -u wazuh-dashboard -f, run in a new terminal: systemctl restart wazuh-dashboard
In the logs, look for any lines like:

- ResponseError (if this shows up, then the user/password is wrong, or if the roles are wrong, or if SSL is mismatched)
- Authentication failed
- Failed to connect
- Unable to retrieve version of OpenSearch nodes
- Unauthorized

Check that you still can manually connect: curl -k -u kibanaserver:'your_new_password' https://127.0.0.1:9200

[Souraj Chakraborty]

Hi Diego

when i ran this command i got this as the response, i think the password did not change.
-----------------------------------------------------------------------------------------------------
curl -k -u kibanaserver:'my new password' https://127.0.0.1:9200

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current

                                 Dload  Upload   Total   Spent    Left  Speed

100    12  100    12    0     0     35      0 --:--:-- --:--:-- --:--:--    36

-----------------------------------------------------------------------------------------------------

curl -k -u kibanaserver:old password https://127.0.0.1:9200

{

  "name" : "node-1",

  "cluster_name" : "wazuh-cluster",

  "cluster_uuid" : "5PI1c8fJRU2aMu-li9qxDQ",

  "version" : {

    "number" : "7.10.2",

    "build_type" : "rpm",

    "build_hash" : "e5a68d19815af94a9883fead7927edb40181f32d",

    "build_date" : "2025-03-26T19:05:39.438663Z",

    "build_snapshot" : false,

    "lucene_version" : "9.11.1",

    "minimum_wire_compatibility_version" : "7.10.0",

    "minimum_index_compatibility_version" : "7.0.0"

  },

  "tagline" : "The OpenSearch Project: https://opensearch.org/"

}
-----------------------------------------------------------------------------------------------------
so i did this in the cat /etc/wazuh-dashboard/opensearch_dashboards.yml

server.host: 0.0.0.0

opensearch.hosts: https://127.0.0.1:9200

server.port: 443

opensearch.ssl.verificationMode: none

opensearch.username: kibanaserver

opensearch.password: <old password>

opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"]

opensearch_security.multitenancy.enabled: true

opensearch_security.readonly_mode.roles: ["kibana_read_only"]

server.ssl.enabled: true

server.ssl.key: "/etc/wazuh-dashboard/certs/wazuh-dashboard-key.pem"

server.ssl.certificate: "/etc/wazuh-dashboard/certs/wazuh-dashboard.pem"

opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboard/certs/root-ca.pem"]

uiSettings.overrides.defaultRoute: /app/wz-home

opensearch_security.cookie.secure: true

logging.verbose: true

-----------------------------------------------------------------------------------------------------
and then restarted the dashboard

nano /etc/wazuh-dashboard/opensearch_dashboards.yml

systemctl restart wazuh-dashboard

systemctl status wazuh-dashboard

● wazuh-dashboard.service - wazuh-dashboard

   Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: disabled)

   Active: active (running) since Tue 2025-04-29 02:39:01 UTC; 5s ago

 Main PID: 14872 (node)

   CGroup: /system.slice/wazuh-dashboard.service

           └─14872 /usr/share/wazuh-dashboard/node/fallback/bin/node --no-warnings --max-http-header-size=65536 --unhandled-rejections=warn /usr/share/wazuh-dashboard/src/cli/dist

Apr 29 02:39:05 wazuh-server opensearch-dashboards[14872]: {"type":"log","@timestamp":"2025-04-29T02:39:05Z","tags":["debug","legacy-service"],"pid":14872,"message":"setting up legacy service"}

Apr 29 02:39:05 wazuh-server opensearch-dashboards[14872]: {"type":"log","@timestamp":"2025-04-29T02:39:05Z","tags":["debug","core-app"],"pid":14872,"message":"Setting up core app."}

Apr 29 02:39:05 wazuh-server opensearch-dashboards[14872]: {"type":"log","@timestamp":"2025-04-29T02:39:05Z","tags":["debug","root"],"pid":14872,"message":"starting root"}

Apr 29 02:39:05 wazuh-server opensearch-dashboards[14872]: {"type":"log","@timestamp":"2025-04-29T02:39:05Z","tags":["debug","server"],"pid":14872,"message":"starting server"}

Apr 29 02:39:05 wazuh-server opensearch-dashboards[14872]: {"type":"log","@timestamp":"2025-04-29T02:39:05Z","tags":["debug","savedobjects-service"],"pid":14872,"message":"Starting SavedObjects service"}

Apr 29 02:39:05 wazuh-server opensearch-dashboards[14872]: {"type":"log","@timestamp":"2025-04-29T02:39:05Z","tags":["debug","config"],"pid":14872,"message":"Marking config path as handled: opensearchDashboards"}

Apr 29 02:39:05 wazuh-server opensearch-dashboards[14872]: {"type":"log","@timestamp":"2025-04-29T02:39:05Z","tags":["info","savedobjects-service"],"pid":14872,"message":"Waiting until all OpenSearc...grations..."}

Apr 29 02:39:05 wazuh-server opensearch-dashboards[14872]: {"type":"log","@timestamp":"2025-04-29T02:39:05Z","tags":["error","opensearch","data"],"pid":14872,"message":"[ResponseError]: Response Error"}

Apr 29 02:39:05 wazuh-server opensearch-dashboards[14872]: {"type":"log","@timestamp":"2025-04-29T02:39:05Z","tags":["error","savedobjects-service"],"pid":14872,"message":"Unable to retrieve version...arch nodes."}

Apr 29 02:39:06 wazuh-server opensearch-dashboards[14872]: {"type":"log","@timestamp":"2025-04-29T02:39:06Z","tags":["debug","status"],"pid":14872,"status":{"level":"critical","summary":"[62] servic...Unable to ret

Hint: Some lines were ellipsized, use -l to show in full.

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

[Diego Cappri]

Hi, looks like connection and authentication are working fine roles/permission are missing for kibanaserver. Please check /etc/wazuh-indexer/opensearch-security/internal_users.yml if kibanaserver block looks like this:

kibanaserver:
  hash: "<your-current-password-hash>"

  reserved: true
  hidden: false
  backend_roles:

    - kibanauser
    - readall
  attributes: {}
  description: "Kibana server internal user"
  opendistro_security_roles: []
  static: false

Please note de indentation, edit the file if required and then reload the security config: 

/usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh \
  -cd /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/ \
  -icl -nhnv \
  -cacert /etc/wazuh-indexer/certs/root-ca.pem \
  -cert /etc/wazuh-indexer/certs/admin.pem \
  -key /etc/wazuh-indexer/certs/admin-key.pem \
  -h 127.0.0.1

[Souraj Chakraborty]

Hi diego

This is in the internal_users.yml

kibanaserver:
 hash: "hash value"
 reserved: true
 hidden: false
 backend_roles: []
 attributes: {}
 description: "Demo kibanaserver user"
 opendistro_security_roles: []
 static: false

I added this changes

kibanaserver:
  hash: "hash value"
  reserved: true
  hidden: false
  backend_roles:

  - "kibanauser"
  - "readall"
  attributes: {}

  description: "Demo kibanaserver user"
  opendistro_security_roles: []
  static: false

after this i restarted the manager and the dashboard
still the same issue.
-----------------------------------------

 /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh \
>   -cd /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/ \
>   -icl -nhnv \
>   -cacert /etc/wazuh-indexer/certs/root-ca.pem \
>   -cert /etc/wazuh-indexer/certs/admin.pem \
>   -key /etc/wazuh-indexer/certs/admin-key.pem \
>   -h 127.0.0.1

**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
which: no java in (/usr/local/sbin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin)
WARNING: nor OPENSEARCH_JAVA_HOME nor JAVA_HOME is set, will use

[Diego Cappri]

Ok, seems you have missing Java, according to:

which: no java in (/usr/local/sbin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin) WARNING: nor OPENSEARCH_JAVA_HOME nor JAVA_HOME is set, will use

Please install Java and run again the: 

/usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh \
  -cd /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/ \
  -icl -nhnv \
  -cacert /etc/wazuh-indexer/certs/root-ca.pem \
  -cert /etc/wazuh-indexer/certs/admin.pem \
  -key /etc/wazuh-indexer/certs/admin-key.pem \
  -h 127.0.0.1

After that , restart wazuh-dashboard, wait for 20 secs and test

[Souraj Chakraborty]

Hi Diego

https://<the ip i used to connect to the dashboard>/app/wz-home
still the same issue. 

/usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh \
>   -cd /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/ \
>   -icl -nhnv \
>   -cacert /etc/wazuh-indexer/certs/root-ca.pem \
>   -cert /etc/wazuh-indexer/certs/admin.pem \
>   -key /etc/wazuh-indexer/certs/admin-key.pem \
>   -h 127.0.0.1
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************

WARNING: nor OPENSEARCH_JAVA_HOME nor JAVA_HOME is set, will use /bin/java
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.16.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: YELLOW
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/
ERR: Seems /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/config.yml is not in OpenSearch Security 7 format: java.io.FileNotFoundException: /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/config.yml (No such file or directory)
ERR: Seems /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/roles.yml is not in OpenSearch Security 7 format: java.io.FileNotFoundException: /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/roles.yml (No such file or directory)
ERR: Seems /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/roles_mapping.yml is not in OpenSearch Security 7 format: java.io.FileNotFoundException: /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/roles_mapping.yml (No such file or directory)
ERR: Seems /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/internal_users.yml is not in OpenSearch Security 7 format: java.io.FileNotFoundException: /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/internal_users.yml (No such file or directory)
ERR: Seems /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/action_groups.yml is not in OpenSearch Security 7 format: java.io.FileNotFoundException: /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/action_groups.yml (No such file or directory)
ERR: Seems /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/tenants.yml is not in OpenSearch Security 7 format: java.io.FileNotFoundException: /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/tenants.yml (No such file or directory)
ERR: Seems /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/nodes_dn.yml is not in OpenSearch Security 7 format: java.io.FileNotFoundException: /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/nodes_dn.yml (No such file or directory)
ERR: Seems /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/whitelist.yml is not in OpenSearch Security 7 format: java.io.FileNotFoundException: /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/whitelist.yml (No such file or directory)
ERR: cannot upload configuration, see errors above

[Diego Cappri]

Sorry, got wrong path, so the files were not present, please try this:
/usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh \
  -cd /etc/wazuh-indexer/opensearch-security/ \

  -icl -nhnv \
  -cacert /etc/wazuh-indexer/certs/root-ca.pem \
  -cert /etc/wazuh-indexer/certs/admin.pem \
  -key /etc/wazuh-indexer/certs/admin-key.pem \
  -h 127.0.0.1

Then restart -> wait -> test

[Souraj Chakraborty]

Hi Diego

[root@wazuh-server ~]# /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh \

>  -cd /etc/wazuh-indexer/opensearch-security/ \
>  -icl -nhnv \
>  -cacert /etc/wazuh-indexer/certs/root-ca.pem \
>  -cert /etc/wazuh-indexer/certs/admin.pem \
>  -key /etc/wazuh-indexer/certs/admin-key.pem \
>  -h 127.0.0.1

**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
WARNING: nor OPENSEARCH_JAVA_HOME nor JAVA_HOME is set, will use /bin/java
Security Admin v7
Will connect to 127.0.0.1:9200 ... done
Connected as "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
OpenSearch Version: 2.16.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: wazuh-cluster
Clusterstate: YELLOW
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.

Populate config from /etc/wazuh-indexer/opensearch-security/
Will update '/config' with /etc/wazuh-indexer/opensearch-security/config.yml
   SUCC: Configuration for 'config' created or updated
Will update '/roles' with /etc/wazuh-indexer/opensearch-security/roles.yml
   SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /etc/wazuh-indexer/opensearch-security/roles_mapping.yml
   SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /etc/wazuh-indexer/opensearch-security/internal_users.yml
   SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /etc/wazuh-indexer/opensearch-security/action_groups.yml
   SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /etc/wazuh-indexer/opensearch-security/tenants.yml
   SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /etc/wazuh-indexer/opensearch-security/nodes_dn.yml
   SUCC: Configuration for 'nodesdn' created or updated
Will update '/whitelist' with /etc/wazuh-indexer/opensearch-security/whitelist.yml
   SUCC: Configuration for 'whitelist' created or updated
Will update '/audit' with /etc/wazuh-indexer/opensearch-security/audit.yml
   SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /etc/wazuh-indexer/opensearch-security/allowlist.yml
   SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 10 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","actiongroups","config","internalusers"],"updated_config_size":10,"message":null} is 10 (["allowlist","tenants","rolesmapping","nodesdn","audit","roles","whitelist","actiongroups","config","internalusers"]) due to: null
Done with success

[root@wazuh-server ~]# systemctl restart wazuh-dashboard

[root@wazuh-server ~]# systemctl status wazuh-dashboard
● wazuh-dashboard.service - wazuh-dashboard
   Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: disabled)

   Active: active (running) since Tue 2025-04-29 16:53:33 UTC; 3s ago
 Main PID: 21081 (node)
   CGroup: /system.slice/wazuh-dashboard.service
           └─21081 /usr/share/wazuh-dashboard/node/fallback/bin/node --no-warnings --max-http-header-size=65536 --unhandled-rejections=warn /usr/share/wazuh-dashboard/src/cli/dist

Apr 29 16:53:35 wazuh-server opensearch-dashboards[21081]: {"type":"log","@timestamp":"2025-04-29T16:53:35Z","tags":["debug","config"],"pid":21081,"message":"Marking config path as handled: vis_type_xy"}
Apr 29 16:53:35 wazuh-server opensearch-dashboards[21081]: {"type":"log","@timestamp":"2025-04-29T16:53:35Z","tags":["debug","plugins","visualizations"],"pid":21081,"message":"\"/usr/share/wazuh-das...\"config\"."}
Apr 29 16:53:35 wazuh-server opensearch-dashboards[21081]: {"type":"log","@timestamp":"2025-04-29T16:53:35Z","tags":["debug","plugins","visualize"],"pid":21081,"message":"\"/usr/share/wazuh-dashboar...\"config\"."}
Apr 29 16:53:35 wazuh-server opensearch-dashboards[21081]: {"type":"log","@timestamp":"2025-04-29T16:53:35Z","tags":["debug","config"],"pid":21081,"message":"Marking config path as handled: workspace"}
Apr 29 16:53:35 wazuh-server opensearch-dashboards[21081]: {"type":"log","@timestamp":"2025-04-29T16:53:35Z","tags":["debug","config"],"pid":21081,"message":"Marking config path as handled: opensear..._management"}
Apr 29 16:53:35 wazuh-server opensearch-dashboards[21081]: {"type":"log","@timestamp":"2025-04-29T16:53:35Z","tags":["debug","plugins","notificationsDashboards"],"pid":21081,"message":"\"/usr/share/...\"config\"."}
Apr 29 16:53:35 wazuh-server opensearch-dashboards[21081]: {"type":"log","@timestamp":"2025-04-29T16:53:35Z","tags":["debug","plugins","ganttChartDashboards"],"pid":21081,"message":"\"/usr/share/waz...\"config\"."}
Apr 29 16:53:35 wazuh-server opensearch-dashboards[21081]: {"type":"log","@timestamp":"2025-04-29T16:53:35Z","tags":["debug","config"],"pid":21081,"message":"Marking config path as handled: opensearch_reporting"}
Apr 29 16:53:36 wazuh-server opensearch-dashboards[21081]: {"type":"log","@timestamp":"2025-04-29T16:53:36Z","tags":["debug","config"],"pid":21081,"message":"Marking config path as handled: logging"}
Apr 29 16:53:36 wazuh-server opensearch-dashboards[21081]: {"type":"log","@timestamp":"2025-04-29T16:53:36Z","tags":["debug","config"],"pid":21081,"message":"Marking config path as handled: opensearch_security"}

Hint: Some lines were ellipsized, use -l to show in full.

Same issue remains

[Diego Cappri]

Ok, please check this again:
curl -k -u kibanaserver:'your-correct-password' https://127.0.0.1:9200/_plugins/_security/api/authinfo

We need this:

is_authenticated: true
backend_roles: [kibanauser, readall]

please let me know

[Souraj Chakraborty]

Hi Diego

curl -k -u kibanaserver:password https://127.0.0.1:9200

{
  "name" : "node-1",
  "cluster_name" : "wazuh-cluster",
  "cluster_uuid" : "5PI1c8fJRU2aMu-li9qxDQ",
  "version" : {
    "number" : "7.10.2",
    "build_type" : "rpm",
    "build_hash" : "e5a68d19815af94a9883fead7927edb40181f32d",
    "build_date" : "2025-03-26T19:05:39.438663Z",
    "build_snapshot" : false,
    "lucene_version" : "9.11.1",
    "minimum_wire_compatibility_version" : "7.10.0",
    "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "The OpenSearch Project: https://opensearch.org/"
}

curl -k -u kibanaserver:password https://127.0.0.1:9200/_plugins/_security/api/authinfo
{"error":"no handler found for uri [/_plugins/_security/api/authinfo] and method [GET]"}

[Diego Cappri]

Please try this: curl -k -u kibanaserver:password https://127.0.0.1:9200/_opendistro/_security/authinfo

[Souraj Chakraborty]

Hi Diego

curl -k -u kibanaserver:password https://127.0.0.1:9200/_opendistro/_security/authinfo

{"user":"User [name=kibanaserver, backend_roles=[kibanauser, readall], requestedTenant=null]","user_name":"kibanaserver","user_requested_tenant":null,"remote_address":"127.0.0.1:33644","backend_roles":["kibanauser","readall"],"custom_attribute_names":[],"roles":["manage_wazuh_index","own_index","kibana_user","kibana_server","readall"],"tenants":{"kibanaserver":true,"global_tenant":true},"principal":null,"peer_certificates":"0","sso_logout_url":null}

[Diego Cappri]

{
  "user_name": "kibanaserver",
  "is_authenticated": true,

  "backend_roles": ["kibanauser", "readall"],

  "roles": ["manage_wazuh_index", "own_index", "kibana_user", "kibana_server", "readall"],
  "tenants": {
    "kibanaserver": true,
    "global_tenant": true
  }
}

that's good, I think you now can:

stop dashboard

clean cache (rm -rf /usr/share/wazuh-dashboard/optimize/*)

restart indexer

start dashboard 

before check, please clean you browser cache

[Souraj Chakraborty]

Hi Diego

[root@wazuh-server ~]# systemctl stop wazuh-dashboard

[root@wazuh-server ~]# systemctl status wazuh-dashboard
● wazuh-dashboard.service - wazuh-dashboard
   Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: disabled)

   Active: inactive (dead) since Wed 2025-04-30 02:47:25 UTC; 5s ago
  Process: 21081 ExecStart=/usr/share/wazuh-dashboard/bin/opensearch-dashboards (code=exited, status=0/SUCCESS)
 Main PID: 21081 (code=exited, status=0/SUCCESS)

Apr 30 02:47:24 wazuh-server opensearch-dashboards[21081]: {"type":"log","@timestamp":"2025-04-30T02:47:24Z","tags":["debug","plugins-system"],"pid":21081,"message":"Stopping plugin \"mapsLegacy\"..."}
Apr 30 02:47:24 wazuh-server opensearch-dashboards[21081]: {"type":"log","@timestamp":"2025-04-30T02:47:24Z","tags":["debug","plugins-system"],"pid":21081,"message":"Stopping plugin \"opensearchDash...Legacy\"..."}
Apr 30 02:47:24 wazuh-server opensearch-dashboards[21081]: {"type":"log","@timestamp":"2025-04-30T02:47:24Z","tags":["debug","plugins-system"],"pid":21081,"message":"Stopping plugin \"opensearchDash...ection\"..."}
Apr 30 02:47:24 wazuh-server opensearch-dashboards[21081]: {"type":"log","@timestamp":"2025-04-30T02:47:24Z","tags":["debug","plugins-system"],"pid":21081,"message":"Stopping plugin \"usageCollection\"..."}
Apr 30 02:47:24 wazuh-server opensearch-dashboards[21081]: {"type":"log","@timestamp":"2025-04-30T02:47:24Z","tags":["debug","plugins","usageCollection"],"pid":21081,"message":"Stopping plugin"}
Apr 30 02:47:24 wazuh-server opensearch-dashboards[21081]: {"type":"log","@timestamp":"2025-04-30T02:47:24Z","tags":["debug","opensearch-service"],"pid":21081,"message":"Stopping opensearch service"}
Apr 30 02:47:24 wazuh-server opensearch-dashboards[21081]: {"type":"log","@timestamp":"2025-04-30T02:47:24Z","tags":["info","savedobjects-service"],"pid":21081,"message":"Starting saved objects migrations"}
Apr 30 02:47:24 wazuh-server opensearch-dashboards[21081]: {"type":"log","@timestamp":"2025-04-30T02:47:24Z","tags":["warning","savedobjects-service"],"pid":21081,"message":"Unable to connect to Ope...is request."}
Apr 30 02:47:24 wazuh-server opensearch-dashboards[21081]: {"type":"log","@timestamp":"2025-04-30T02:47:24Z","tags":["debug","security-service"],"pid":21081,"message":"Stopping plugin"}
Apr 30 02:47:25 wazuh-server systemd[1]: Stopped wazuh-dashboard.

Hint: Some lines were ellipsized, use -l to show in full.

[root@wazuh-server ~]# rm -rf /usr/share/wazuh-dashboard/optimize/*

[root@wazuh-server ~]# systemctl restart wazuh-indexer
[root@wazuh-server ~]# systemctl status wazuh-indexer

● wazuh-indexer.service - wazuh-indexer
   Loaded: loaded (/usr/lib/systemd/system/wazuh-indexer.service; enabled; vendor preset: disabled)

   Active: active (running) since Wed 2025-04-30 02:48:28 UTC; 10s ago
     Docs: https://documentation.wazuh.com
 Main PID: 1146 (java)
   CGroup: /system.slice/wazuh-indexer.service
           └─1146 /usr/share/wazuh-indexer/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true...

Apr 30 02:48:13 wazuh-server systemd-entrypoint[1146]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.16.0.jar)
Apr 30 02:48:13 wazuh-server systemd-entrypoint[1146]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
Apr 30 02:48:13 wazuh-server systemd-entrypoint[1146]: WARNING: System::setSecurityManager will be removed in a future release
Apr 30 02:48:13 wazuh-server systemd-entrypoint[1146]: Apr 30, 2025 2:48:13 AM sun.util.locale.provider.LocaleProviderAdapter <clinit>
Apr 30 02:48:13 wazuh-server systemd-entrypoint[1146]: WARNING: COMPAT locale provider will be removed in a future release
Apr 30 02:48:14 wazuh-server systemd-entrypoint[1146]: WARNING: A terminally deprecated method in java.lang.System has been called
Apr 30 02:48:14 wazuh-server systemd-entrypoint[1146]: WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.16.0.jar)
Apr 30 02:48:14 wazuh-server systemd-entrypoint[1146]: WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
Apr 30 02:48:14 wazuh-server systemd-entrypoint[1146]: WARNING: System::setSecurityManager will be removed in a future release
Apr 30 02:48:28 wazuh-server systemd[1]: Started wazuh-indexer.
[root@wazuh-server ~]# systemctl start wazuh-dashboard

[root@wazuh-server ~]# systemctl status wazuh-dashboard
● wazuh-dashboard.service - wazuh-dashboard
   Loaded: loaded (/etc/systemd/system/wazuh-dashboard.service; enabled; vendor preset: disabled)

   Active: active (running) since Wed 2025-04-30 02:48:54 UTC; 5s ago
 Main PID: 2094 (node)
   CGroup: /system.slice/wazuh-dashboard.service
           └─2094 /usr/share/wazuh-dashboard/node/fallback/bin/node --no-warnings --max-http-header-size=65536 --unhandled-rejections=warn /usr/share/wazuh-dashboard/src/cli/dist

Apr 30 02:48:57 wazuh-server opensearch-dashboards[2094]: {"type":"log","@timestamp":"2025-04-30T02:48:57Z","tags":["debug","plugins","visualize"],"pid":2094,"message":"\"/usr/share/wazuh-dashboard/...\"config\"."}
Apr 30 02:48:57 wazuh-server opensearch-dashboards[2094]: {"type":"log","@timestamp":"2025-04-30T02:48:57Z","tags":["debug","config"],"pid":2094,"message":"Marking config path as handled: workspace"}
Apr 30 02:48:57 wazuh-server opensearch-dashboards[2094]: {"type":"log","@timestamp":"2025-04-30T02:48:57Z","tags":["debug","config"],"pid":2094,"message":"Marking config path as handled: opensearch_alerting"}
Apr 30 02:48:58 wazuh-server opensearch-dashboards[2094]: {"type":"log","@timestamp":"2025-04-30T02:48:58Z","tags":["debug","config"],"pid":2094,"message":"Marking config path as handled: custom_imp..._dashboards"}
Apr 30 02:48:58 wazuh-server opensearch-dashboards[2094]: {"type":"log","@timestamp":"2025-04-30T02:48:58Z","tags":["debug","plugins","ganttChartDashboards"],"pid":2094,"message":"\"/usr/share/wazuh...\"config\"."}
Apr 30 02:48:58 wazuh-server opensearch-dashboards[2094]: {"type":"log","@timestamp":"2025-04-30T02:48:58Z","tags":["debug","config"],"pid":2094,"message":"Marking config path as handled: opensearch..._management"}
Apr 30 02:48:58 wazuh-server opensearch-dashboards[2094]: {"type":"log","@timestamp":"2025-04-30T02:48:58Z","tags":["debug","plugins","notificationsDashboards"],"pid":2094,"message":"\"/usr/share/wa...\"config\"."}
Apr 30 02:48:58 wazuh-server opensearch-dashboards[2094]: {"type":"log","@timestamp":"2025-04-30T02:48:58Z","tags":["debug","config"],"pid":2094,"message":"Marking config path as handled: opensearch_reporting"}
Apr 30 02:48:59 wazuh-server opensearch-dashboards[2094]: {"type":"log","@timestamp":"2025-04-30T02:48:59Z","tags":["debug","config"],"pid":2094,"message":"Marking config path as handled: logging"}
Apr 30 02:48:59 wazuh-server opensearch-dashboards[2094]: {"type":"log","@timestamp":"2025-04-30T02:48:59Z","tags":["debug","config"],"pid":2094,"message":"Marking config path as handled: opensearch_security"}

Hint: Some lines were ellipsized, use -l to show in full.

I did cleared a cache in a browser and then ran this in the URL - https://10.10.0.246/app/wz-home
Same Output - Wazuh dashboard server is not ready yet


cd /usr/share/wazuh-dashboard
[root@wazuh-server wazuh-dashboard]# ls
bin  config  data  LICENSE.txt  node  node_modules  NOTICE.txt  package.json  plugins  README.txt  src  VERSION
[root@wazuh-server wazuh-dashboard]# cd src
[root@wazuh-server src]# ls
apm.js  cli  cli_keystore  cli_plugin  core  docs  legacy  optimize  plugins  setup_node_env
[root@wazuh-server src]# cd optimize/
[root@wazuh-server optimize]# ls
bundles_route  index.js  np_ui_plugin_public_dirs.js  optimize_mixin.js
I think the path is wrong, do you want me to use this path?

[Diego Cappri]

Hi! Yes please, clerar up that path. Once done you can re check: journalctl -u wazuh-dashboard -n 100 | grep -Ei "error|fail|response"
We need to be sure no errors like this one is there again:

"error":"Unauthorized"
"Authentication finally failed"

Then try using https://10.10.0.246/, avoy the rest of the url, after some seconds it should redirect to the landing page, if error persists thic can be related to Dashboard plugin initialization and is not registering.

If that's the case, please enable verbose logging in dashboard.yml with logging.verbose: true and

systemctl restart wazuh-dashboard

journalctl -u wazuh-dashboard -f

journalctl -u wazuh-dashboard -n 100 | grep -Ei "error|fail|response"

[Souraj Chakraborty]

Hi Diego

[root@wazuh-server optimize]# cat /etc/wazuh-dashboard/opensearch_dashboards.yml

server.host: 0.0.0.0
opensearch.hosts: https://127.0.0.1:9200
server.port: 443
opensearch.ssl.verificationMode: none
opensearch.username: kibanaserver

opensearch.password: Password

opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"]
opensearch_security.multitenancy.enabled: true
opensearch_security.readonly_mode.roles: ["kibana_read_only"]
server.ssl.enabled: true
server.ssl.key: "/etc/wazuh-dashboard/certs/wazuh-dashboard-key.pem"
server.ssl.certificate: "/etc/wazuh-dashboard/certs/wazuh-dashboard.pem"
opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboard/certs/root-ca.pem"]
uiSettings.overrides.defaultRoute: /app/wz-home
opensearch_security.cookie.secure: true
logging.verbose: true

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Same message in the dashboard - Wazuh dashboard server is not ready yet
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Here are the Logs
[root@wazuh-server optimize]# systemctl restart wazuh-dashboard
[root@wazuh-server optimize]# journalctl -u wazuh-dashboard -f
-- Logs begin at Fri 2022-12-09 09:00:47 UTC. --
Apr 30 11:06:08 wazuh-server opensearch-dashboards[22629]: {"type":"log","@timestamp":"2025-04-30T11:06:08Z","tags":["debug","server"],"pid":22629,"message":"starting server"}
Apr 30 11:06:08 wazuh-server opensearch-dashboards[22629]: {"type":"log","@timestamp":"2025-04-30T11:06:08Z","tags":["debug","savedobjects-service"],"pid":22629,"message":"Starting SavedObjects service"}
Apr 30 11:06:08 wazuh-server opensearch-dashboards[22629]: {"type":"log","@timestamp":"2025-04-30T11:06:08Z","tags":["debug","config"],"pid":22629,"message":"Marking config path as handled: opensearchDashboards"}
Apr 30 11:06:08 wazuh-server opensearch-dashboards[22629]: {"type":"log","@timestamp":"2025-04-30T11:06:08Z","tags":["info","savedobjects-service"],"pid":22629,"message":"Waiting until all OpenSearch nodes are compatible with OpenSearch Dashboards before starting saved objects migrations..."}
Apr 30 11:06:09 wazuh-server opensearch-dashboards[22629]: {"type":"log","@timestamp":"2025-04-30T11:06:09Z","tags":["error","opensearch","data"],"pid":22629,"message":"[ResponseError]: Response Error"}
Apr 30 11:06:09 wazuh-server opensearch-dashboards[22629]: {"type":"log","@timestamp":"2025-04-30T11:06:09Z","tags":["error","savedobjects-service"],"pid":22629,"message":"Unable to retrieve version information from OpenSearch nodes."}
Apr 30 11:06:09 wazuh-server opensearch-dashboards[22629]: {"type":"log","@timestamp":"2025-04-30T11:06:09Z","tags":["debug","status"],"pid":22629,"status":{"level":"critical","summary":"[62] services are critical","detail":"See the status page for more information","meta":{"affectedServices":{"opensearch":{"level":"critical","summary":"Unable to retrieve version information from OpenSearch nodes.","meta":{"warningNodes":[],"incompatibleNodes":[]}},"advancedSettings":{"level":"critical","summary":"[opensearch]: Unable to retrieve version information from OpenSearch nodes.","meta":{"affectedServices":{"opensearch":{"level":"critical","summary":"Unable to retrieve version information from OpenSearch nodes.","meta":{"warningNodes":[],"incompatibleNodes":[]}}}},"detail":"See the status page for more information"},"bfetch":{"level":"critical","summary":"[opensearch]: Unable to retrieve version information from OpenSearch nodes.","meta":{"affectedServices":{"opensearch":{"level":"critical","summary":"Unable to retrieve version information from OpenSearch nodes.","meta":{"warningNodes":[],"incompatibleNodes":[]}}}},"detail":"See the status page for more information"},"charts":{"level":"critical","summary":"[opensearch]: Unable to retrieve version information from OpenSearch nodes.","meta":{"affectedServices":{"opensearch":{"level":"critical","summary":"Unable to retrieve version information from OpenSearch nodes.","meta":{"warningNodes":[],"incompatibleNodes":[]}}}},"detail":"See the status page for more information"},"contentManagement":{"level":"critical","summary":"[opensearch]: Unable to retrieve version information from OpenSearch nodes.","meta":{"affectedServices":{"opensearch":{"level":"critical","summary":"Unable to retrieve version information from OpenSearch nodes.","meta":{"warningNodes":[],"incompatibleNodes":[]}}}},"detail":"See the status page for more information"},"dataExplorer":{"level":"critical","summary":"[opensearch]: Unable to retrieve version information from OpenSearch nodes.","meta":{"affectedServices":{"opensearch":{"level":"critical","summary":"Unable to retrieve version information from OpenSearch nodes.","meta":{"warningNodes":[],"incompatibleNodes":[]}}}},"detail":"See the status page for more information"},"devTools":{"level":"critical","summary":"[opensearch]: Unable to retrieve version information from OpenSearch nodes.","meta":{"affectedServices":{"opensearch":{"level":"critical","summary":"Unable to retrieve version information from OpenSearch nodes.","meta":{"warningNodes":[],"incompatibleNodes":[]}}}},"detail":"See the status page for more information"},"discover":{"level":"critical","summary":"[opensearch]: Unable to retrieve version information from OpenSearch nodes.","meta":{"affectedServices":{"opensearch":{"level":"critical","summary":"Unable to retrieve version information from OpenSearch nodes.","meta":{"warningNodes":[],"incompatibleNodes":[]}}}},"detail":"See the status page for more information"},"embeddable":{"level":"critical","summary":"[opensearch]: Unable to retrieve version information from OpenSearch nodes.","meta":{"affectedServices":{"opensearch":{"level":"critical","summary":"Unable to retrieve version information from OpenSearch nodes.","meta":{"warningNodes":[],"incompatibleNodes":[]}}}},"detail":"See the status page for more information"},"expressions":{"level":"critical","summary":"[opensearch]: Unable to retrieve version information from OpenSearch nodes.","meta":{"affectedServices":{"opensearch":{"level":"critical","summary":"Unable to retrieve version information from OpenSearch nodes.","meta":{"warningNodes":[],"incompatibleNodes":[]}}}},"detail":"See the status page for more information"},"indexPatternManagement":{"level":"critical","summary":"[opensearch]: Unable to retrieve version information from OpenSearch nodes.","meta":{"affectedServices":{"opensearch":{"level":"critical","summary":"Unable to retrieve version information from OpenSearch nodes.","meta":{"warningNodes":[],"incompatibleNodes":[]}}}},"detail":"See the status page for more information"},"inspector":{"level":"critical","summary":"[opensearch]: Unable to retrieve version information from OpenSearch nodes.","meta":{"affectedServices":{"opensearch":{"level":"critical","summary":"Unable to retrieve version information from OpenSearch nodes.","meta":{"warningNodes":[],"incompatibleNodes":[]}}}},"detail":"See the status page for more information"},"legacyExport":{"level":"critical","summary":"[opensearch]: Unable to retrieve version information from OpenSearch nodes.","meta":{"affectedServices":{"opensearch":{"level":"critical","summary":"Unable to retrieve version information from OpenSearch nodes.","meta":{"warningNodes":[],"incompatibleNodes":[]}}}},"detail":"See the status page for more information"},"management":{"level":"critical","summary":"[opensearch]: Unable to retrieve version information from OpenSearch nodes.","meta":{"affectedServices":{"opensearch":{"level":"critical","summary":"Unable to retrieve version information from OpenSearch nodes.","meta":{"warningNodes":[],"incompatibleNodes":[]}}}},"detail":"See the status page for more information"},"managementOverview":{"level":"critical","summary":"[opensearch]: Unable to retrieve version information from OpenSearch nodes.","meta":{"affectedServices":{"opensearch":{"level":"critical","summary":"Unable to retrieve version information from OpenSearch nodes.","meta":{"warningNodes":[],"incompatibleNodes":[]}}}},"detail":"See the status page for more information"},"navigation":{"level":"critical","summary":"[opensearch]: Unable to retrieve version information from OpenSearch nodes.","meta":{"affectedServices":{"opensearch":{"level":"critical","summary":"Unable to retrieve version information from OpenSearch nodes.","meta":{"warningNodes":[],"incompatibleNodes":[]}}}},"detail":"See the status page for more information"},"opensearchDashboardsOverview":{"level":"critical","summary":"[opensearch]: Unable to retrieve version information from OpenSearch nodes.","meta":{"affectedServices":{"opensearch":{"level":"critical","summary":"Unable to retrieve version information from OpenSearch nodes.","meta":{"warningNodes":[],"incompatibleNodes":[]}}}},"detail":"See the status page for more information"},"opensearchDashboardsReact":{"level":"critical","summary":"[opensearch]: Unable to retrieve version information from OpenSearch nodes.","meta":{"affectedServices":{"opensearch":{"level":"critical","summary":"Unable to retrieve version information from OpenSearch nodes.","meta":{"warningNodes":[],"incompatibleNodes":[]}}}},"detail":"See the status page for more information"},"opensearchDashboardsUsageCollection":{"level":"critical","summary":"[opensearch]: Unable to retrieve version information from OpenSearch nodes.","meta":{"affectedServices":{"opensearch":{"level":"critical","summary":"Unable to retrieve version information from OpenSearch nodes.","meta":{"warningNodes":[],"incompatibleNodes":[]}}}},"detail":"See the status page for more information"},"opensearchDashboardsUtils":{"level":"critical","summary":"[opensearch]: Unable to retrieve version information from OpenSearch nodes.","meta":{"affectedServices":{"opensearch":{"level":"critical","summary":"Unable to retrieve version information from OpenSearch nodes.","meta":{"warningNodes":[],"incompatibleNodes":[]}}}},"detail":"See the status page for more information"},"opensearchUiShared":{"level":"critical","summary":"[opensearch]: Unable to retrieve version information from OpenSearch nodes.","meta":{"affectedServices":{"opensearch":{"level":"critical","summary":"Unable to retrieve version information from OpenSearch nodes.","meta":{"warningNodes":[],"incompatibleNodes":[]}}}},"detail":"See the status page for more information"},"savedObjects":{"level":"critical","summary":"[opensearch]: Unable to retrieve version information from OpenSearch nodes.","meta":{"affectedServices":{"opensearch":{"level":"critical","summary":"Unable to retrieve version information from OpenSearch nodes.","meta":{"warningNodes":[],"incompatibleNodes":[]}}}},"detail":"See the status page for more information"},"savedObjectsManagement":{"level":"critical","summary":"[opensearch]: Unable to retrieve version information from OpenSearch nodes.","meta":{"affectedServices":{"opensearch":{"level":"critical","summary":"Unable to retrieve version information from OpenSearch nodes.","meta":{"warningNodes":[],"incompatibleNodes":[]}}}},"detail":"See the status page for more information"},"share":{"level":"critical","summary":"[opensearch]: Unable to retrieve version information from OpenSearch nodes.","meta":{"affectedServices":{"opensearch":{"level":"critical","summary":"Unable to retrieve version information from OpenSearch nodes.","meta":{"warningNodes":[],"incompatibleNodes":[]}}}},"detail":"See the status page for more information"},"uiActions":{"level":"critical","summary":"[opensearch]: Unable to retrieve version information from OpenSearch nodes.","meta":{"affectedServices":{"opensearch":{"level":"critical","summary":"Unable to retrieve version information from OpenSearch nodes.","meta":{"warningNodes":[],"incompatibleNodes":[]}}}},"detail":"See the status page for more information"},"urlForwarding":{"level":"critical","summary":"[opensearch]: Unable to retrieve version information from OpenSearch nodes.","meta":{"affectedServices":{"opensearch":{"level":"critical","summary":"Unable to retrieve version information from OpenSearch nodes.","meta":{"warningNodes":[],"incompatibleNodes":[]}}}},"detail":"See the status page for more information"},"visDefaultEditor":{"level":"critical","summary":"[opensearch]: Unable to retrieve version information from OpenSearch nodes.","meta":{"affectedServices":{"opensearch":{"level":"critical","summary":"Unable to retrieve version information from OpenSearch nodes.","meta":{"warningNodes":[],"incompatibleNodes":[]}}}},"detail":"See the status page for more information"},"visualizations":{"level":"critical","summary":"[opensearch]: Unable to retrieve version information from OpenSearch nodes.","meta":{"affectedServices":{"opensearch":{"level":"critical","summary":"Unable to retrieve version information from OpenSearch nodes.","meta":{"warningNodes":[],"incompatibleNodes":[]}}}},"detail":"See the status page for more information"},"visualize":{"level":"critical","summary":"[opensearch]: Unable to retrieve version information from OpenSearch nodes.","meta":{"affectedServices":{"opensearch":{"level":"critical","summary":"Unable to retrieve version information from OpenSearch nodes.","meta":{"warningNodes":[],"incompatibleNodes":[]}}}},"detail":"See the status page for more information"},"ganttChartDashboards":{"level":"critical","summary":"[opensearch]: Unable to retrieve version information from OpenSearch nodes.","meta":{"affectedServices":{"opensearch":{"level":"critical","summary":"Unable to retrieve version information from OpenSearch nodes.","meta":{"warningNodes":[],"incompatibleNodes":[]}}}},"detail":"See the status page for more information"},"notificationsDashboards":{"level":"critical","summary":"[opensearch]: Unable to retrieve version information from OpenSearch nodes.","meta":{"affectedServices":{"opensearch":{"level":"critical","summary":"Unable to retrieve version information from OpenSearch nodes.","meta":{"warningNodes":[],"incompatibleNodes":[]}}}},"detail":"See the status page for more information"},"wazuh":{"level":"critical","summary":"[opensearch]: Unable to retrieve version information from OpenSearch nodes.","meta":{"affectedServices":{"opensearch":{"level":"critical","summary":"Unable to retrieve version information from OpenSearch nodes.","meta":{"warningNodes":[],"incompatibleNodes":[]}}}},"detail":"See the status page for more information"},"wazuhCheckUpdates":{"level":"critical","summary":"[opensearch]: Unable to retrieve version information from OpenSearch nodes.","meta":{"affectedServices":{"opensearch":{"level":"critical","summary":"Unable to retrieve version information from OpenSearch nodes.","meta":{"warningNodes":[],"incompatibleNodes":[]}}}},"detail":"See the status page for more information"},"wazuhCore":{"level":"critical","summary":"[opensearch]: Unable to retrieve version information from OpenSearch nodes.","meta":{"affectedServices":{"opensearch":{"level":"critical","summary":"Unable to retrieve version information from OpenSearch nodes.","meta":{"warningNodes":[],"incompatibleNodes":[]}}}},"detail":"See the status page for more information"},"apmOss":{"level":"critical","summary":"[opensearch]: Unable to retrieve version information from OpenSearch nodes.","meta":{"affectedServices":{"opensearch":{"level":"critical","summary":"Unable to retrieve version information from OpenSearch nodes.","meta":{"warningNodes":[],"incompatibleNodes":[]}}}},"detail":"See the status page for more information"},"console":{"level":"critical","summary":"[opensearch]: Unable to retrieve version information from OpenSearch nodes.","meta":{"affectedServices":{"opensearch":{"level":"critical","summary":"Unable to retrieve version information from OpenSearch nodes.","meta":{"warningNodes":[],"incompatibleNodes":[]}}}},"detail":"See the status page for more information"},"dashboard":{"level":"critical","summary":"[opensearch]: Unable to retrieve version information from OpenSearch nodes.","meta":{"affectedServices":{"opensearch":{"level":"critical","summary":"Unable to retrieve version information from OpenSearch nodes.","meta":{"warningNodes":[],"incompatibleNodes":[]}}}},"detail":"See the status page for more information"},"data":{"level":"critical","summary":"[opensearch]: Unable to retrieve version information from OpenSearch nodes.","meta":{"affectedServices":{"opensearch":{"level":"critical","summary":"Unable to retrieve version information from OpenSearch nodes.","meta":{"warningNodes":[],"incompatibleNodes":[]}}}},"detail":"See the status page for more information"},"dataSourceManagement":{"level":"critical","summary":"[opensearch]: Unable to retrieve version information from OpenSearch nodes.","meta":{"affectedServices":{"opensearch":{"level":"critical","summary":"Unable to retrieve version information from OpenSearch nodes.","meta":{"warningNodes":[],"incompatibleNodes":[]}}}},"detail":"See the status page for more information"},"home":{"level":"critical","summary":"[opensearch]: Unable to retrieve version information from OpenSearch nodes.","meta":{"affectedServices":{"opensearch":{"level":"critical","summary":"Unable to retrieve version information from OpenSearch nodes.","meta":{"warningNodes":[],"incompatibleNodes":[]}}}},"detail":"See the status page for more information"},"inputControlVis":{"level":"critical","summary":"[opensearch]: Unable to retrieve version information from OpenSearch nodes.","meta":{"affectedServices":{"opensearch":{"level":"critical","summary":"Unable to retrieve version information from OpenSearch nodes.","meta":{"warningNodes":[],"incompatibleNodes":[]}}}},"detail":"See the status page for more information"},"mapsLegacy":{"level":"critical","summary":"[opensearch]: Unable to retrieve version information from OpenSearch nodes.","meta":{"affectedServices":{"opensearch":{"level":"critical","summary":"Unable to retrieve version information from OpenSearch nodes.","meta":{"warningNodes":[],"incompatibleNodes":[]}}}},"detail":"See the status page for more information"},"opensearchDashboardsLegacy":{"level":"critical","summary":"[opensearch]: Unable to retrieve version information from OpenSearch nodes.","meta":{"affectedServices":{"opensearch":{"level":"critical","summary":"Unable to retrieve version information from OpenSearch nodes.","meta":{"warningNodes":[],"incompatibleNodes":[]}}}},"detail":"See the status page for more information"},"queryEnhancements":{"level":"critical","summary":"[opensearch]: Unable to retrieve version information from OpenSearch nodes.","meta":{"affectedServices":{"opensearch":{"level":"critical","summary":"Unable to retrieve version information from OpenSearch nodes.","meta":{"warningNodes":[],"incompatibleNodes":[]}}}},"detail":"See the status page for more information"},"regionMap":{"level":"critical","summary":"[opensearch]: Unable to retrieve version information from OpenSearch nodes.","meta":{"affectedServices":{"opensearch":{"level":"critical","summary":"Unable to retrieve version information from OpenSearch nodes.","meta":{"warningNodes":[],"incompatibleNodes":[]}}}},"detail":"See the status page for more information"},"tileMap":{"level":"critical","summary":"[opensearch]: Unable to retrieve version information from OpenSearch nodes.","meta":{"affectedServices":{"opensearch":{"level":"critical","summary":"Unable to retrieve version information from OpenSearch nodes.","meta":{"warningNodes":[],"incompatibleNodes":[]}}}},"detail":"See the status page for more information"},"usageCollection":{"level":"critical","summary":"[opensearch]: Unable to retrieve version information from OpenSearch nodes.","meta":{"affectedServices":{"opensearch":{"level":"critical","summary":"Unable to retrieve version information from OpenSearch nodes.","meta":{"warningNodes":[],"incompatibleNodes":[]}}}},"detail":"See the status page for more information"},"visAugmenter":{"level":"critical","summary":"[opensearch]: Unable to retrieve version information from OpenSearch nodes.","meta":{"affectedServices":{"opensearch":{"level":"critical","summary":"Unable to retrieve version information from OpenSearch nodes.","meta":{"warningNodes":[],"incompatibleNodes":[]}}}},"detail":"See the status page for more information"},"visBuilder":{"level":"critical","summary":"[opensearch]: Unable to retrieve version information from OpenSearch nodes.","meta":{"affectedServices":{"opensearch":{"level":"critical","summary":"Unable to retrieve version information from OpenSearch nodes.","meta":{"warningNodes":[],"incompatibleNodes":[]}}}},"detail":"See the status page for more information"},"visTypeMarkdown":{"level":"critical","summary":"[opensearch]: Unable to retrieve version information from OpenSearch nodes.","meta":{"affectedServices":{"opensearch":{"level":"critical","summary":"Unable to retrieve version information from OpenSearch nodes.","meta":{"warningNodes":[],"incompatibleNodes":[]}}}},"detail":"See the status page for more information"},"visTypeMetric":{"level":"critical","summary":"[opensearch]: Unable to retrieve version information from OpenSearch nodes.","meta":{"affectedServices":{"opensearch":{"level":"critical","summary":"Unable to retrieve version information from OpenSearch nodes.","meta":{"warningNodes":[],"incompatibleNodes":[]}}}},"detail":"See the status page for more information"},"visTypeTable":{"level":"critical","summary":"[opensearch]: Unable to retrieve version information from OpenSearch nodes.","meta":{"affectedServices":{"opensearch":{"level":"critical","summary":"Unable to retrieve version information from OpenSearch nodes.","meta":{"warningNodes":[],"incompatibleNodes":[]}}}},"detail":"See the status page for more information"},"visTypeTagcloud":{"level":"critical","summary":"[opensearch]: Unable to retrieve version information from OpenSearch nodes.","meta":{"affectedServices":{"opensearch":{"level":"critical","summary":"Unable to retrieve version information from OpenSearch nodes.","meta":{"warningNodes":[],"incompatibleNodes":[]}}}},"detail":"See the status page for more information"},"visTypeTimeline":{"level":"critical","summary":"[opensearch]: Unable to retrieve version information from OpenSearch nodes.","meta":{"affectedServices":{"opensearch":{"level":"critical","summary":"Unable to retrieve version information from OpenSearch nodes.","meta":{"warningNodes":[],"incompatibleNodes":[]}}}},"detail":"See the status page for more information"},"visTypeTimeseries":{"level":"critical","summary":"[opensearch]: Unable to retrieve version information from OpenSearch nodes.","meta":{"affectedServices":{"opensearch":{"level":"critical","summary":"Unable to retrieve version information from OpenSearch nodes.","meta":{"warningNodes":[],"incompatibleNodes":[]}}}},"detail":"See the status page for more information"},"visTypeVega":{"level":"critical","summary":"[opensearch]: Unable to retrieve version information from OpenSearch nodes.","meta":{"affectedServices":{"opensearch":{"level":"critical","summary":"Unable to retrieve version information from OpenSearch nodes.","meta":{"warningNodes":[],"incompatibleNodes":[]}}}},"detail":"See the status page for more information"},"visTypeVislib":{"level":"critical","summary":"[opensearch]: Unable to retrieve version information from OpenSearch nodes.","meta":{"affectedServices":{"opensearch":{"level":"critical","summary":"Unable to retrieve version information from OpenSearch nodes.","meta":{"warningNodes":[],"incompatibleNodes":[]}}}},"detail":"See the status page for more information"},"alertingDashboards":{"level":"critical","summary":"[opensearch]: Unable to retrieve version information from OpenSearch nodes.","meta":{"affectedServices":{"opensearch":{"level":"critical","summary":"Unable to retrieve version information from OpenSearch nodes.","meta":{"warningNodes":[],"incompatibleNodes":[]}}}},"detail":"See the status page for more information"},"customImportMapDashboards":{"level":"critical","summary":"[opensearch]: Unable to retrieve version information from OpenSearch nodes.","meta":{"affectedServices":{"opensearch":{"level":"critical","summary":"Unable to retrieve version information from OpenSearch nodes.","meta":{"warningNodes":[],"incompatibleNodes":[]}}}},"detail":"See the status page for more information"},"indexManagementDashboards":{"level":"critical","summary":"[opensearch]: Unable to retrieve version information from OpenSearch nodes.","meta":{"affectedServices":{"opensearch":{"level":"critical","summary":"Unable to retrieve version information from OpenSearch nodes.","meta":{"warningNodes":[],"incompatibleNodes":[]}}}},"detail":"See the status page for more information"},"reportsDashboards":{"level":"critical","summary":"[opensearch]: Unable to retrieve version information from OpenSearch nodes.","meta":{"affectedServices":{"opensearch":{"level":"critical","summary":"Unable to retrieve version information from OpenSearch nodes.","meta":{"warningNodes":[],"incompatibleNodes":[]}}}},"detail":"See the status page for more information"},"securityDashboards":{"level":"critical","summary":"[opensearch]: Unable to retrieve version information from OpenSearch nodes.","meta":{"affectedServices":{"opensearch":{"level":"critical","summary":"Unable to retrieve version information from OpenSearch nodes.","meta":{"warningNodes":[],"incompatibleNodes":[]}}}},"detail":"See the status page for more information"}}}},"message":"Recalculated overall status"}
Apr 30 11:06:11 wazuh-server opensearch-dashboards[22629]: {"type":"log","@timestamp":"2025-04-30T11:06:11Z","tags":["error","opensearch","data"],"pid":22629,"message":"[ResponseError]: Response Error"}
Apr 30 11:06:13 wazuh-server opensearch-dashboards[22629]: {"type":"log","@timestamp":"2025-04-30T11:06:13Z","tags":["debug","metrics"],"pid":22629,"message":"Refreshing metrics"}
Apr 30 11:06:14 wazuh-server opensearch-dashboards[22629]: {"type":"log","@timestamp":"2025-04-30T11:06:14Z","tags":["error","opensearch","data"],"pid":22629,"message":"[ResponseError]: Response Error"}
Apr 30 11:06:16 wazuh-server opensearch-dashboards[22629]: {"type":"log","@timestamp":"2025-04-30T11:06:16Z","tags":["error","opensearch","data"],"pid":22629,"message":"[ResponseError]: Response Error"}
Apr 30 11:06:18 wazuh-server opensearch-dashboards[22629]: {"type":"log","@timestamp":"2025-04-30T11:06:18Z","tags":["debug","metrics"],"pid":22629,"message":"Refreshing metrics"}
Apr 30 11:06:19 wazuh-server opensearch-dashboards[22629]: {"type":"log","@timestamp":"2025-04-30T11:06:19Z","tags":["error","opensearch","data"],"pid":22629,"message":"[ResponseError]: Response Error"}
Apr 30 11:06:21 wazuh-server opensearch-dashboards[22629]: {"type":"log","@timestamp":"2025-04-30T11:06:21Z","tags":["error","opensearch","data"],"pid":22629,"message":"[ResponseError]: Response Error"}
Apr 30 11:06:23 wazuh-server opensearch-dashboards[22629]: {"type":"log","@timestamp":"2025-04-30T11:06:23Z","tags":["debug","metrics"],"pid":22629,"message":"Refreshing metrics"}
Apr 30 11:06:24 wazuh-server opensearch-dashboards[22629]: {"type":"log","@timestamp":"2025-04-30T11:06:24Z","tags":["error","opensearch","data"],"pid":22629,"message":"[ResponseError]: Response Error"}
Apr 30 11:06:26 wazuh-server opensearch-dashboards[22629]: {"type":"log","@timestamp":"2025-04-30T11:06:26Z","tags":["error","opensearch","data"],"pid":22629,"message":"[ResponseError]: Response Error"}
Apr 30 11:06:28 wazuh-server opensearch-dashboards[22629]: {"type":"log","@timestamp":"2025-04-30T11:06:28Z","tags":["debug","metrics"],"pid":22629,"message":"Refreshing metrics"}
Apr 30 11:06:29 wazuh-server opensearch-dashboards[22629]: {"type":"log","@timestamp":"2025-04-30T11:06:29Z","tags":["error","opensearch","data"],"pid":22629,"message":"[ResponseError]: Response Error"}
^XApr 30 11:06:31 wazuh-server opensearch-dashboards[22629]: {"type":"log","@timestamp":"2025-04-30T11:06:31Z","tags":["error","opensearch","data"],"pid":22629,"message":"[ResponseError]: Response Error"}
Apr 30 11:06:33 wazuh-server opensearch-dashboards[22629]: {"type":"log","@timestamp":"2025-04-30T11:06:33Z","tags":["debug","metrics"],"pid":22629,"message":"Refreshing metrics"}
^C
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
[root@wazuh-server optimize]# journalctl -u wazuh-dashboard -n 100 | grep -Ei "error|fail|response"
Apr 30 11:06:09 wazuh-server opensearch-dashboards[22629]: {"type":"log","@timestamp":"2025-04-30T11:06:09Z","tags":["error","opensearch","data"],"pid":22629,"message":"[ResponseError]: Response Error"}
Apr 30 11:06:09 wazuh-server opensearch-dashboards[22629]: {"type":"log","@timestamp":"2025-04-30T11:06:09Z","tags":["error","savedobjects-service"],"pid":22629,"message":"Unable to retrieve version information from OpenSearch nodes."}
Apr 30 11:06:11 wazuh-server opensearch-dashboards[22629]: {"type":"log","@timestamp":"2025-04-30T11:06:11Z","tags":["error","opensearch","data"],"pid":22629,"message":"[ResponseError]: Response Error"}
Apr 30 11:06:14 wazuh-server opensearch-dashboards[22629]: {"type":"log","@timestamp":"2025-04-30T11:06:14Z","tags":["error","opensearch","data"],"pid":22629,"message":"[ResponseError]: Response Error"}
Apr 30 11:06:16 wazuh-server opensearch-dashboards[22629]: {"type":"log","@timestamp":"2025-04-30T11:06:16Z","tags":["error","opensearch","data"],"pid":22629,"message":"[ResponseError]: Response Error"}
Apr 30 11:06:19 wazuh-server opensearch-dashboards[22629]: {"type":"log","@timestamp":"2025-04-30T11:06:19Z","tags":["error","opensearch","data"],"pid":22629,"message":"[ResponseError]: Response Error"}
Apr 30 11:06:21 wazuh-server opensearch-dashboards[22629]: {"type":"log","@timestamp":"2025-04-30T11:06:21Z","tags":["error","opensearch","data"],"pid":22629,"message":"[ResponseError]: Response Error"}
Apr 30 11:06:24 wazuh-server opensearch-dashboards[22629]: {"type":"log","@timestamp":"2025-04-30T11:06:24Z","tags":["error","opensearch","data"],"pid":22629,"message":"[ResponseError]: Response Error"}
Apr 30 11:06:26 wazuh-server opensearch-dashboards[22629]: {"type":"log","@timestamp":"2025-04-30T11:06:26Z","tags":["error","opensearch","data"],"pid":22629,"message":"[ResponseError]: Response Error"}
Apr 30 11:06:29 wazuh-server opensearch-dashboards[22629]: {"type":"log","@timestamp":"2025-04-30T11:06:29Z","tags":["error","opensearch","data"],"pid":22629,"message":"[ResponseError]: Response Error"}
Apr 30 11:06:31 wazuh-server opensearch-dashboards[22629]: {"type":"log","@timestamp":"2025-04-30T11:06:31Z","tags":["error","opensearch","data"],"pid":22629,"message":"[ResponseError]: Response Error"}
Apr 30 11:06:34 wazuh-server opensearch-dashboards[22629]: {"type":"log","@timestamp":"2025-04-30T11:06:34Z","tags":["error","opensearch","data"],"pid":22629,"message":"[ResponseError]: Response Error"}
Apr 30 11:06:36 wazuh-server opensearch-dashboards[22629]: {"type":"log","@timestamp":"2025-04-30T11:06:36Z","tags":["error","opensearch","data"],"pid":22629,"message":"[ResponseError]: Response Error"}
Apr 30 11:06:39 wazuh-server opensearch-dashboards[22629]: {"type":"log","@timestamp":"2025-04-30T11:06:39Z","tags":["error","opensearch","data"],"pid":22629,"message":"[ResponseError]: Response Error"}
Apr 30 11:06:41 wazuh-server opensearch-dashboards[22629]: {"type":"log","@timestamp":"2025-04-30T11:06:41Z","tags":["error","opensearch","data"],"pid":22629,"message":"[ResponseError]: Response Error"}
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

[Diego Cappri]

At this point, you'll need to check for any compatibility problem with your OpenSearch version (2.16) all the rest looks fine. Double-check your configuration files for any deprecated settings or parameters that might conflict with the newer OpenSearch version.