Unable to restart indexer --Help!!

53 views
Skip to first unread message

Kenny

unread,
Apr 8, 2025, 5:28:39 PMApr 8
to Wazuh | Mailing List
When I try to go to my Wazuh instance I'm Getting Error " Wazuh dashboard server is not ready yet" 
Issue.jpg

Olamilekan Abdullateef Ajani

unread,
Apr 8, 2025, 5:38:04 PMApr 8
to Wazuh | Mailing List
Hello Kenny,

The error "Wazuh dashboard server is not ready yet" typically means there is an issue with the wazuh-indexer.

Did you perform an upgrade which lead to this?
What is the current version of your wazuh instance
What is your setup type, all-in-one or distributed.

Please share the log file to the commands below for further analysis.

Wazuh indexer log:
cat /var/log/wazuh-indexer/wazuh-cluster.log | grep -i -E "error|warn"

Wazuh server log:
cat /var/log/filebeat/filebeat | grep -i -E "error|warn"
filebeat test output

Kenny

unread,
Apr 9, 2025, 11:22:33 AMApr 9
to Wazuh | Mailing List
Did you perform an upgrade which lead to this?
  Yes, I upgraded after noticing errors logging in.
What is the current version of your wazuh instance
  4.11.2
What is your setup type, all-in-one or distributed.
  All-in-one

Please share the log file to the commands below for further analysis.

Wazuh indexer log:
cat /var/log/wazuh-indexer/wazuh-cluster.log | grep -i -E "error|warn"
  Attached as "cat var-log-wazuh-indexer.txt"

Wazuh server log:
cat /var/log/filebeat/filebeat | grep -i -E "error|warn"
filebeat test output
root@wazuh:/# cat /var/log/filebeat/filebeat | grep -i -E "error|warn"
2025-04-08T14:02:58.851-0500    ERROR   [publisher_pipeline_output]     pipeline/output.go:154  Failed to connect to backoff(elasticsearch(https://127.0.0.1:9200)): Get "https://127.0.0.1:9200": dial tcp 127.0.0.1:9200: connect: connection refused
2025-04-08T14:03:02.141-0500    ERROR   [publisher_pipeline_output]     pipeline/output.go:154  Failed to connect to backoff(elasticsearch(https://127.0.0.1:9200)): Get "https://127.0.0.1:9200": dial tcp 127.0.0.1:9200: connect: connection refused
2025-04-08T14:03:09.128-0500    ERROR   [publisher_pipeline_output]     pipeline/output.go:154  Failed to connect to backoff(elasticsearch(https://127.0.0.1:9200)): Get "https://127.0.0.1:9200": dial tcp 127.0.0.1:9200: connect: connection refused
2025-04-08T14:03:24.765-0500    ERROR   [publisher_pipeline_output]     pipeline/output.go:154  Failed to connect to backoff(elasticsearch(https://127.0.0.1:9200)): Get "https://127.0.0.1:9200": dial tcp 127.0.0.1:9200: connect: connection refused
2025-04-08T14:03:47.325-0500    ERROR   [publisher_pipeline_output]     pipeline/output.go:154  Failed to connect to backoff(elasticsearch(https://127.0.0.1:9200)): Get "https://127.0.0.1:9200": dial tcp 127.0.0.1:9200: connect: connection refused
2025-04-08T14:04:24.414-0500    ERROR   [publisher_pipeline_output]     pipeline/output.go:154  Failed to connect to backoff(elasticsearch(https://127.0.0.1:9200)): Get "https://127.0.0.1:9200": dial tcp 127.0.0.1:9200: connect: connection refused
2025-04-08T14:05:13.395-0500    ERROR   [publisher_pipeline_output]     pipeline/output.go:154  Failed to connect to backoff(elasticsearch(https://127.0.0.1:9200)): Get "https://127.0.0.1:9200": dial tcp 127.0.0.1:9200: connect: connection refused
2025-04-08T14:06:09.930-0500    ERROR   [publisher_pipeline_output]     pipeline/output.go:154  Failed to connect to backoff(elasticsearch(https://127.0.0.1:9200)): Get "https://127.0.0.1:9200": dial tcp 127.0.0.1:9200: connect: connection refused
2025-04-08T14:06:52.499-0500    ERROR   [publisher_pipeline_output]     pipeline/output.go:154  Failed to connect to backoff(elasticsearch(https://127.0.0.1:9200)): Get "https://127.0.0.1:9200": dial tcp 127.0.0.1:9200: connect: connection refused
2025-04-08T14:07:48.786-0500    ERROR   [publisher_pipeline_output]     pipeline/output.go:154  Failed to connect to backoff(elasticsearch(https://127.0.0.1:9200)): Get "https://127.0.0.1:9200": dial tcp 127.0.0.1:9200: connect: connection refused
2025-04-08T14:08:28.299-0500    ERROR   [publisher_pipeline_output]     pipeline/output.go:154  Failed to connect to backoff(elasticsearch(https://127.0.0.1:9200)): Get "https://127.0.0.1:9200": dial tcp 127.0.0.1:9200: connect: connection refused
2025-04-08T14:09:23.378-0500    ERROR   [publisher_pipeline_output]     pipeline/output.go:154  Failed to connect to backoff(elasticsearch(https://127.0.0.1:9200)): Get "https://127.0.0.1:9200": dial tcp 127.0.0.1:9200: connect: connection refused
2025-04-08T14:10:03.323-0500    ERROR   [publisher_pipeline_output]     pipeline/output.go:154  Failed to connect to backoff(elasticsearch(https://127.0.0.1:9200)): Get "https://127.0.0.1:9200": dial tcp 127.0.0.1:9200: connect: connection refused
2025-04-08T14:10:43.341-0500    ERROR   [publisher_pipeline_output]     pipeline/output.go:154  Failed to connect to backoff(elasticsearch(https://127.0.0.1:9200)): Get "https://127.0.0.1:9200": dial tcp 127.0.0.1:9200: connect: connection refused

cat var-log-wazuh-indexer.txt

Olamilekan Abdullateef Ajani

unread,
Apr 10, 2025, 9:56:11 AMApr 10
to Wazuh | Mailing List
Hello,

"Yes, I upgraded after noticing errors logging in." What error did you notice, the same error?

Can you please run the following command: /usr/share/wazuh-indexer/bin/indexer-security-init.sh

Add --accept-red-cluster to allow securityadmin to operate on a red cluster.

Please share the output

Kenny

unread,
Apr 10, 2025, 11:28:05 AMApr 10
to Wazuh | Mailing List
root@wazuh:/# ./usr/share/wazuh-indexer/bin/indexer-security-init.sh --accept-red-cluster

Usage: ./usr/share/wazuh-indexer/bin/indexer-security-init.sh [OPTIONS]

    -ho, --host <host>    [Optional] Target IP or DNS to configure security.
    --port <port>         [Optional] wazuh-indexer security port.
    --options <options>   [Optional] Custom securityadmin options.
    -h, --help            Show this help.

root@wazuh:/# ./usr/share/wazuh-indexer/bin/indexer-security-init.sh
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200
ERR: Seems there is no OpenSearch running on 127.0.0.1:9200 - Will exit
root@wazuh:/# ./usr/share/wazuh-indexer/bin/indexer-security-init.sh --options --accept-red-cluster
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755           **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200
ERR: Seems there is no OpenSearch running on 127.0.0.1:9200 - Will exit
root@wazuh:/#
Reply all
Reply to author
Forward
0 new messages