Unable to restart indexer --Help!!
54 views
Skip to first unread message
Kenny
Apr 8, 2025, 5:28:39 PMApr 8
to Wazuh | Mailing List
When I try to go to my Wazuh instance I'm Getting Error "
Wazuh dashboard server is not ready yet"
Olamilekan Abdullateef Ajani
Apr 8, 2025, 5:38:04 PMApr 8
to Wazuh | Mailing List
Hello Kenny,
The error "Wazuh dashboard server is not ready yet" typically means there is an issue with the wazuh-indexer.
Did you perform an upgrade which lead to this?
What is the current version of your wazuh instance
What is your setup type, all-in-one or distributed.
Please share the log file to the commands below for further analysis.
Wazuh indexer log:
cat /var/log/wazuh-indexer/wazuh-cluster.log | grep -i -E "error|warn"
Wazuh server log:
cat /var/log/filebeat/filebeat | grep -i -E "error|warn"
filebeat test output
filebeat test output
Kenny
Apr 9, 2025, 11:22:33 AMApr 9
to Wazuh | Mailing List
Did you perform an upgrade which lead to this?
Yes, I upgraded after noticing errors logging in.
What is the current version of your wazuh instance
4.11.2
What is your setup type, all-in-one or distributed.
All-in-one
Please share the log file to the commands below for further analysis.
Wazuh indexer log:
cat /var/log/wazuh-indexer/wazuh-cluster.log | grep -i -E "error|warn"
Attached as "cat var-log-wazuh-indexer.txt"
Wazuh server log:
cat /var/log/filebeat/filebeat | grep -i -E "error|warn"
filebeat test output
filebeat test output
root@wazuh:/# cat /var/log/filebeat/filebeat | grep -i -E "error|warn"
2025-04-08T14:02:58.851-0500 ERROR [publisher_pipeline_output] pipeline/output.go:154 Failed to connect to backoff(elasticsearch(https://127.0.0.1:9200)): Get "https://127.0.0.1:9200": dial tcp 127.0.0.1:9200: connect: connection refused
2025-04-08T14:03:02.141-0500 ERROR [publisher_pipeline_output] pipeline/output.go:154 Failed to connect to backoff(elasticsearch(https://127.0.0.1:9200)): Get "https://127.0.0.1:9200": dial tcp 127.0.0.1:9200: connect: connection refused
2025-04-08T14:03:09.128-0500 ERROR [publisher_pipeline_output] pipeline/output.go:154 Failed to connect to backoff(elasticsearch(https://127.0.0.1:9200)): Get "https://127.0.0.1:9200": dial tcp 127.0.0.1:9200: connect: connection refused
2025-04-08T14:03:24.765-0500 ERROR [publisher_pipeline_output] pipeline/output.go:154 Failed to connect to backoff(elasticsearch(https://127.0.0.1:9200)): Get "https://127.0.0.1:9200": dial tcp 127.0.0.1:9200: connect: connection refused
2025-04-08T14:03:47.325-0500 ERROR [publisher_pipeline_output] pipeline/output.go:154 Failed to connect to backoff(elasticsearch(https://127.0.0.1:9200)): Get "https://127.0.0.1:9200": dial tcp 127.0.0.1:9200: connect: connection refused
2025-04-08T14:04:24.414-0500 ERROR [publisher_pipeline_output] pipeline/output.go:154 Failed to connect to backoff(elasticsearch(https://127.0.0.1:9200)): Get "https://127.0.0.1:9200": dial tcp 127.0.0.1:9200: connect: connection refused
2025-04-08T14:05:13.395-0500 ERROR [publisher_pipeline_output] pipeline/output.go:154 Failed to connect to backoff(elasticsearch(https://127.0.0.1:9200)): Get "https://127.0.0.1:9200": dial tcp 127.0.0.1:9200: connect: connection refused
2025-04-08T14:06:09.930-0500 ERROR [publisher_pipeline_output] pipeline/output.go:154 Failed to connect to backoff(elasticsearch(https://127.0.0.1:9200)): Get "https://127.0.0.1:9200": dial tcp 127.0.0.1:9200: connect: connection refused
2025-04-08T14:06:52.499-0500 ERROR [publisher_pipeline_output] pipeline/output.go:154 Failed to connect to backoff(elasticsearch(https://127.0.0.1:9200)): Get "https://127.0.0.1:9200": dial tcp 127.0.0.1:9200: connect: connection refused
2025-04-08T14:07:48.786-0500 ERROR [publisher_pipeline_output] pipeline/output.go:154 Failed to connect to backoff(elasticsearch(https://127.0.0.1:9200)): Get "https://127.0.0.1:9200": dial tcp 127.0.0.1:9200: connect: connection refused
2025-04-08T14:08:28.299-0500 ERROR [publisher_pipeline_output] pipeline/output.go:154 Failed to connect to backoff(elasticsearch(https://127.0.0.1:9200)): Get "https://127.0.0.1:9200": dial tcp 127.0.0.1:9200: connect: connection refused
2025-04-08T14:09:23.378-0500 ERROR [publisher_pipeline_output] pipeline/output.go:154 Failed to connect to backoff(elasticsearch(https://127.0.0.1:9200)): Get "https://127.0.0.1:9200": dial tcp 127.0.0.1:9200: connect: connection refused
2025-04-08T14:10:03.323-0500 ERROR [publisher_pipeline_output] pipeline/output.go:154 Failed to connect to backoff(elasticsearch(https://127.0.0.1:9200)): Get "https://127.0.0.1:9200": dial tcp 127.0.0.1:9200: connect: connection refused
2025-04-08T14:10:43.341-0500 ERROR [publisher_pipeline_output] pipeline/output.go:154 Failed to connect to backoff(elasticsearch(https://127.0.0.1:9200)): Get "https://127.0.0.1:9200": dial tcp 127.0.0.1:9200: connect: connection refused
2025-04-08T14:02:58.851-0500 ERROR [publisher_pipeline_output] pipeline/output.go:154 Failed to connect to backoff(elasticsearch(https://127.0.0.1:9200)): Get "https://127.0.0.1:9200": dial tcp 127.0.0.1:9200: connect: connection refused
2025-04-08T14:03:02.141-0500 ERROR [publisher_pipeline_output] pipeline/output.go:154 Failed to connect to backoff(elasticsearch(https://127.0.0.1:9200)): Get "https://127.0.0.1:9200": dial tcp 127.0.0.1:9200: connect: connection refused
2025-04-08T14:03:09.128-0500 ERROR [publisher_pipeline_output] pipeline/output.go:154 Failed to connect to backoff(elasticsearch(https://127.0.0.1:9200)): Get "https://127.0.0.1:9200": dial tcp 127.0.0.1:9200: connect: connection refused
2025-04-08T14:03:24.765-0500 ERROR [publisher_pipeline_output] pipeline/output.go:154 Failed to connect to backoff(elasticsearch(https://127.0.0.1:9200)): Get "https://127.0.0.1:9200": dial tcp 127.0.0.1:9200: connect: connection refused
2025-04-08T14:03:47.325-0500 ERROR [publisher_pipeline_output] pipeline/output.go:154 Failed to connect to backoff(elasticsearch(https://127.0.0.1:9200)): Get "https://127.0.0.1:9200": dial tcp 127.0.0.1:9200: connect: connection refused
2025-04-08T14:04:24.414-0500 ERROR [publisher_pipeline_output] pipeline/output.go:154 Failed to connect to backoff(elasticsearch(https://127.0.0.1:9200)): Get "https://127.0.0.1:9200": dial tcp 127.0.0.1:9200: connect: connection refused
2025-04-08T14:05:13.395-0500 ERROR [publisher_pipeline_output] pipeline/output.go:154 Failed to connect to backoff(elasticsearch(https://127.0.0.1:9200)): Get "https://127.0.0.1:9200": dial tcp 127.0.0.1:9200: connect: connection refused
2025-04-08T14:06:09.930-0500 ERROR [publisher_pipeline_output] pipeline/output.go:154 Failed to connect to backoff(elasticsearch(https://127.0.0.1:9200)): Get "https://127.0.0.1:9200": dial tcp 127.0.0.1:9200: connect: connection refused
2025-04-08T14:06:52.499-0500 ERROR [publisher_pipeline_output] pipeline/output.go:154 Failed to connect to backoff(elasticsearch(https://127.0.0.1:9200)): Get "https://127.0.0.1:9200": dial tcp 127.0.0.1:9200: connect: connection refused
2025-04-08T14:07:48.786-0500 ERROR [publisher_pipeline_output] pipeline/output.go:154 Failed to connect to backoff(elasticsearch(https://127.0.0.1:9200)): Get "https://127.0.0.1:9200": dial tcp 127.0.0.1:9200: connect: connection refused
2025-04-08T14:08:28.299-0500 ERROR [publisher_pipeline_output] pipeline/output.go:154 Failed to connect to backoff(elasticsearch(https://127.0.0.1:9200)): Get "https://127.0.0.1:9200": dial tcp 127.0.0.1:9200: connect: connection refused
2025-04-08T14:09:23.378-0500 ERROR [publisher_pipeline_output] pipeline/output.go:154 Failed to connect to backoff(elasticsearch(https://127.0.0.1:9200)): Get "https://127.0.0.1:9200": dial tcp 127.0.0.1:9200: connect: connection refused
2025-04-08T14:10:03.323-0500 ERROR [publisher_pipeline_output] pipeline/output.go:154 Failed to connect to backoff(elasticsearch(https://127.0.0.1:9200)): Get "https://127.0.0.1:9200": dial tcp 127.0.0.1:9200: connect: connection refused
2025-04-08T14:10:43.341-0500 ERROR [publisher_pipeline_output] pipeline/output.go:154 Failed to connect to backoff(elasticsearch(https://127.0.0.1:9200)): Get "https://127.0.0.1:9200": dial tcp 127.0.0.1:9200: connect: connection refused
Olamilekan Abdullateef Ajani
Apr 10, 2025, 9:56:11 AMApr 10
to Wazuh | Mailing List
Hello,
"Yes, I upgraded after noticing errors logging in." What error did you notice, the same error?
Can you please run the following command: /usr/share/wazuh-indexer/bin/indexer-security-init.sh
Add --accept-red-cluster to allow securityadmin to operate on a red cluster.
Add --accept-red-cluster to allow securityadmin to operate on a red cluster.
Please share the output
Kenny
Apr 10, 2025, 11:28:05 AMApr 10
to Wazuh | Mailing List
root@wazuh:/# ./usr/share/wazuh-indexer/bin/indexer-security-init.sh --accept-red-cluster
Usage: ./usr/share/wazuh-indexer/bin/indexer-security-init.sh [OPTIONS]
-ho, --host <host> [Optional] Target IP or DNS to configure security.
--port <port> [Optional] wazuh-indexer security port.
--options <options> [Optional] Custom securityadmin options.
-h, --help Show this help.
root@wazuh:/# ./usr/share/wazuh-indexer/bin/indexer-security-init.sh
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200
ERR: Seems there is no OpenSearch running on 127.0.0.1:9200 - Will exit
root@wazuh:/# ./usr/share/wazuh-indexer/bin/indexer-security-init.sh --options --accept-red-cluster
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200
ERR: Seems there is no OpenSearch running on 127.0.0.1:9200 - Will exit
root@wazuh:/#
Usage: ./usr/share/wazuh-indexer/bin/indexer-security-init.sh [OPTIONS]
-ho, --host <host> [Optional] Target IP or DNS to configure security.
--port <port> [Optional] wazuh-indexer security port.
--options <options> [Optional] Custom securityadmin options.
-h, --help Show this help.
root@wazuh:/# ./usr/share/wazuh-indexer/bin/indexer-security-init.sh
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200
ERR: Seems there is no OpenSearch running on 127.0.0.1:9200 - Will exit
root@wazuh:/# ./usr/share/wazuh-indexer/bin/indexer-security-init.sh --options --accept-red-cluster
**************************************************************************
** This tool will be deprecated in the next major release of OpenSearch **
** https://github.com/opensearch-project/security/issues/1755 **
**************************************************************************
Security Admin v7
Will connect to 127.0.0.1:9200
ERR: Seems there is no OpenSearch running on 127.0.0.1:9200 - Will exit
root@wazuh:/#
Reply all
Reply to author
Forward
0 new messages