Cannot Save Queries in Wazuh Dashboard
353 views
Skip to first unread message
HA
Mar 28, 2023, 5:01:41 AM3/28/23
to Wazuh mailing list
Hi all,
I cannot save Queries in Wazuh Dashboard.
Error message is
Mar 28 08:59:09 wazuh-server opensearch-dashboards[18897]: {"type":"log","@timestamp":"2023-03-28T08:59:09Z","tags":["error","opensearch","data"],"pid":18897,"message":"[cluster_block_exception]: index [.kibana_1] blocked by: [FORBIDDEN/8/index write (api)];"}
Any idea ??
Regards,
HA
HA
Mar 28, 2023, 5:19:41 AM3/28/23
to Wazuh mailing list
Wazuh version 4.3.6 with SAML Authentication
Anthony Faruna
Mar 28, 2023, 6:24:49 AM3/28/23
to HA, Wazuh mailing list
Hello HA
I am currently taking a look at your issue and will provide feedback shortly
Best Regards
--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/c0352174-37ac-4737-bc57-54d35d44cfd4n%40googlegroups.com.
Anthony Faruna
Mar 28, 2023, 6:53:44 AM3/28/23
to HA, Wazuh mailing list
Hello HA
The Forbidden message comes from the Dashboard (Kibana/GUI). The common reasons are;
1. Not enough disk space where Kibana/Dashboard is allocated.
2. Index.kibana is in read-only state.
3. User doesn't have enough permissions.
2. Index.kibana is in read-only state.
3. User doesn't have enough permissions.
Kindly confirm the following
1. The role/access that is currently mapped to the user account you are using to access the Dashboard
2. Please run the command GET _cal/allocation?v from the Dev tool section in the Elasticsearch menu. It will show you details of each node with disk usage and shards available as well.
3. Also run GET .kibana*/_settings from the Dev tool section to check state of the Index.kibana
I will be expecting your feedback.
Best Regards
Anthony Faruna
Mar 29, 2023, 4:29:24 AM3/29/23
to HA, Wazuh mailing list
Hello HA
Have you had time to perform the checks ?
Expecting your feedback
Best Regards
Message has been deleted
Anthony Faruna
Mar 29, 2023, 9:41:40 AM3/29/23
to HA, Wazuh mailing list
Hello HA
I got the email you sent privately with the information I requested using the commands.
While analyzing the output of the commands, the .kibana_1 index has write protection which might be the reason for the error.
Please execute the following on the Dev tool:
PUT .kibana_1/_settings
{
"blocks.write": false
}
Let me know if this works.
Best Regards
I got the email you sent privately with the information I requested using the commands.
While analyzing the output of the commands, the .kibana_1 index has write protection which might be the reason for the error.
Please execute the following on the Dev tool:
PUT .kibana_1/_settings
{
"blocks.write": false
}
Let me know if this works.
Best Regards
Message has been deleted
Message has been deleted
Anthony Faruna
Mar 30, 2023, 4:26:48 AM3/30/23
to HA, Wazuh mailing list
Hello HA
I'm glad to know it's working now.
Best Regards
On Thu, Mar 30, 2023 at 10:25 AM HA <hedi.abde...@gmail.com> wrote:
Hi Anthony,It works !!Many thanks for your help !Regards,HA
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/dcee08a0-e442-4598-a9e2-247b8af3660fn%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages