Kibana Server Not Ready Yet
213 views
Skip to first unread message
Tom Powers
Sep 2, 2022, 11:02:37 AM9/2/22
to Wazuh mailing list
We have a new system that has been running for a couple months and then just started giving the "Kibana Server not ready yet" screen.
I posted this earlier and got a response, but the thread went dead...so I'm trying again before being forced to rebuild this server from scratch.
Here's the commands and results showing the status of the server:
1. systemctl status kibana
2. systemctl status elasticsearch
3. curl -sS -k -u <USER>:<PASS> -XGET https://localhost:9200/_cluster/settings?include_defaults=true
4. curl -sS -k -u <USER>:<PASS> -XGET https://localhost:9200/_cluster/stats?filter_path=indices.shards.total
5. curl -u <USER>:<PASS> -k -X GET https://localhost:9200/_cluster/health?pretty
1. ● kibana.service - Kibana
Loaded: loaded (/etc/systemd/system/kibana.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2022-08-30 16:37:13 UTC; 1h 14min ago
Docs: https://www.elastic.co
Main PID: 10312 (node)
Tasks: 11 (limit: 38428)
Memory: 236.4M
CGroup: /system.slice/kibana.service
└─10312 /usr/share/kibana/bin/../node/bin/node /usr/share/kibana/bin/../src/cli/dist --logging.dest=/var/log/kibana/kibana.log --pid.file=/run/>
Aug 30 16:37:13 PB-Wazuh systemd[1]: Started Kibana.
2. ● elasticsearch.service - Elasticsearch
Loaded: loaded (/lib/systemd/system/elasticsearch.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2022-08-30 16:37:06 UTC; 1h 14min ago
Docs: https://www.elastic.co
Main PID: 9982 (java)
Tasks: 120 (limit: 38428)
Memory: 18.3G
CGroup: /system.slice/elasticsearch.service
├─ 9982 /usr/share/elasticsearch/jdk/bin/java -Xshare:auto -Des.networkaddress.cache.ttl=60 -Des.networkaddress.cache.negative.ttl=10 -XX:+Alwa>
└─10196 /usr/share/elasticsearch/modules/x-pack-ml/platform/linux-x86_64/bin/controller
Aug 30 16:36:51 PB-Wazuh systemd[1]: Starting Elasticsearch...
Aug 30 16:37:06 PB-Wazuh systemd[1]: Started Elasticsearch.
3.
{"persistent":{},"transient":{},"defaults":{"cluster":{"max_voting_config_exclusions":"10","auto_shrink_voting_configuration":"true","election":{"duration":"500ms","initial_timeout":"100ms","max_timeout":"10s","back_off_time":"100ms","strategy":"supports_voting_only"},"no_master_block":"write","persistent_tasks":{"allocation":{"enable":"all","recheck_interval":"30s"}},"blocks":{"read_only_allow_delete":"false","read_only":"false"},"remote":{"node":{"attr":""},"initial_connect_timeout":"30s","connect":"true","connections_per_cluster":"3"},"follower_lag":{"timeout":"90000ms"},"routing":{"use_adaptive_replica_selection":"true","rebalance":{"enable":"all"},"allocation":{"enforce_default_tier_preference":"false","node_concurrent_incoming_recoveries":"2","include":{"_tier":""},"node_initial_primaries_recoveries":"4","same_shard":{"host":"false"},"total_shards_per_node":"-1","require":{"_tier":""},"shard_state":{"reroute":{"priority":"NORMAL"}},"type":"balanced","disk":{"threshold_enabled":"true","watermark":{"flood_stage.frozen.max_headroom":"20GB","flood_stage":"95%","high":"90%","low":"85%","enable_for_single_data_node":"false","flood_stage.frozen":"95%"},"include_relocations":"true","reroute_interval":"60s"},"awareness":{"attributes":[]},"balance":{"index":"0.55","threshold":"1.0","shard":"0.45"},"enable":"all","node_concurrent_outgoing_recoveries":"2","allow_rebalance":"indices_all_active","cluster_concurrent_rebalance":"2","node_concurrent_recoveries":"2","exclude":{"_tier":""}}},"indices":{"tombstones":{"size":"500"},"close":{"enable":"true"}},"max_shards_per_node.frozen":"3000","nodes":{"reconnect_interval":"10s"},"service":{"master_service_starvation_logging_threshold":"5m","slow_master_task_logging_threshold":"10s","slow_task_logging_threshold":"30s"},"publish":{"timeout":"30000ms","info_timeout":"10000ms"},"name":"elasticsearch","fault_detection":{"leader_check":{"interval":"1000ms","timeout":"10000ms","retry_count":"3"},"follower_check":{"interval":"1000ms","timeout":"10000ms","retry_count":"3"}},"join":{"timeout":"60000ms"},"max_shards_per_node":"1000","initial_master_nodes":["elasticsearch"],"deprecation_indexing":{"enabled":"true","x_opaque_id_used":{"enabled":"true"}},"snapshot":{"info":{"max_concurrent_fetches":"5"}},"info":{"update":{"interval":"30s","timeout":"15s"}}},"stack":{"templates":{"enabled":"true"}},"logger":{"level":"INFO"},"bootstrap":{"memory_lock":"false","system_call_filter":"true","ctrlhandler":"true"},"processors":"8","ingest":{"user_agent":{"cache_size":"1000"},"geoip":{"cache_size":"1000","downloader":{"enabled":"true","endpoint":"https://geoip.elastic.co/v1/database","poll":{"interval":"3d"}}},"grok":{"watchdog":{"max_execution_time":"1s","interval":"1s"}}},"network":{"host":["127.0.0.1"],"tcp":{"reuse_address":"true","keep_count":"-1","connect_timeout":"30s","keep_interval":"-1","no_delay":"true","keep_alive":"true","receive_buffer_size":"-1b","keep_idle":"-1","send_buffer_size":"-1b"},"bind_host":["127.0.0.1"],"server":"true","breaker":{"inflight_requests":{"limit":"100%","overhead":"2.0"}},"publish_host":["127.0.0.1"]},"pidfile":"","searchable_snapshots":{"blob_cache":{"periodic_cleanup":{"interval":"1h","batch_size":"100","pit_keep_alive":"10m","retention_period":"1h"}}},"path":{"data":["/var/lib/elasticsearch"],"logs":"/var/log/elasticsearch","shared_data":"","home":"/usr/share/elasticsearch","repo":[]},"search":{"default_search_timeout":"-1","max_open_scroll_context":"500","max_buckets":"65536","max_async_search_response_size":"-1b","keep_alive_interval":"1m","remote":{"node":{"attr":""},"initial_connect_timeout":"30s","connect":"true","connections_per_cluster":"3"},"max_keep_alive":"24h","highlight":{"term_vector_multi_value":"true"},"default_allow_partial_results":"true","low_level_cancellation":"true","allow_expensive_queries":"true","default_keep_alive":"5m","aggs":{"rewrite_to_filter_by_filter":"true"}},"security":{"manager":{"filter_bad_defaults":"true"}},"ccr":{"wait_for_metadata_timeout":"60s","indices":{"recovery":{"recovery_activity_timeout":"60s","chunk_size":"1mb","internal_action_timeout":"60s","max_bytes_per_sec":"40mb","max_concurrent_file_chunks":"5"}},"auto_follow":{"wait_for_metadata_timeout":"60s"}},"repositories":{"fs":{"compress":"false","chunk_size":"9223372036854775807b","location":""},"url":{"supported_protocols":["http","https","ftp","file","jar"],"allowed_urls":[],"url":"http:"}},"action":{"auto_create_index":"true","search":{"pre_filter_shard_size":{"default":"128"},"shard_count":{"limit":"9223372036854775807"}},"destructive_requires_name":"false"},"client":{"type":"node","transport":{"ignore_cluster_name":"false","nodes_sampler_interval":"5s","sniff":"false","ping_timeout":"5s"}},"enrich":{"max_force_merge_attempts":"3","cleanup_period":"15m","fetch_size":"10000","cache_size":"1000","coordinator_proxy":{"max_concurrent_requests":"8","max_lookups_per_request":"128","queue_capacity":"1024"},"max_concurrent_policy_executions":"50"},"xpack":{"flattened":{"enabled":"true"},"watcher":{"execution":{"scroll":{"size":"0","timeout":""},"default_throttle_period":"5s"},"internal":{"ops":{"bulk":{"default_timeout":""},"index":{"default_timeout":""},"search":{"default_timeout":""}}},"thread_pool":{"queue_size":"1000","size":"40"},"index":{"rest":{"direct_access":""}},"use_ilm_index_management":"true","history":{"cleaner_service":{"enabled":"true"}},"trigger":{"schedule":{"ticker":{"tick_interval":"500ms"}}},"enabled":"true","input":{"search":{"default_timeout":""}},"encrypt_sensitive_data":"false","transform":{"search":{"default_timeout":""}},"stop":{"timeout":"30s"},"watch":{"scroll":{"size":"0"}},"bulk":{"concurrent_requests":"0","flush_interval":"1s","size":"1mb","actions":"1"},"actions":{"bulk":{"default_timeout":""},"index":{"default_timeout":""}}},"eql":{"enabled":"true"},"data_frame":{"enabled":"true"},"ilm":{"enabled":"true"},"monitoring":{"migration":{"decommission_alerts":"false"},"collection":{"cluster":{"stats":{"timeout":"10s"}},"node":{"stats":{"timeout":"10s"}},"indices":[],"ccr":{"stats":{"timeout":"10s"}},"enrich":{"stats":{"timeout":"10s"}},"index":{"stats":{"timeout":"10s"},"recovery":{"active_only":"false","timeout":"10s"}},"interval":"10s","enabled":"false","ml":{"job":{"stats":{"timeout":"10s"}}}},"history":{"duration":"168h"},"elasticsearch":{"collection":{"enabled":"true"}},"enabled":"true"},"graph":{"enabled":"true"},"searchable":{"snapshot":{"allocate_on_rolling_restart":"false","cache":{"range_size":"32mb","sync":{"max_files":"10000","interval":"60s","shutdown_timeout":"10s"},"recovery_range_size":"128kb"},"shared_cache":{"recovery_range_size":"128kb","region_size":"16mb","size":"0","min_time_delta":"60s","decay":{"interval":"60s"},"size.max_headroom":"-1","range_size":"16mb","max_freq":"100"}}},"rollup":{"enabled":"true","task_thread_pool":{"queue_size":"-1","size":"1"}},"sql":{"enabled":"true"},"searchable_snapshots":{"cache_fetch_async_thread_pool":{"core":"0","max":"24","keep_alive":"30s"},"cache_prewarming_thread_pool":{"core":"0","max":"16","keep_alive":"30s"}},"license":{"upload":{"types":["standard","gold","platinum","enterprise","trial"]},"self_generated":{"type":"basic"}},"logstash":{"enabled":"true"},"notification":{"pagerduty":{"default_account":""},"email":{"account":{"domain_allowlist":["*"]},"default_account":"","html":{"sanitization":{"allow":["body","head","_tables","_links","_blocks","_formatting","img:embedded"],"disallow":[],"enabled":"true"}}},"reporting":{"retries":"40","warning":{"enabled":"true"},"interval":"15s"},"jira":{"default_account":""},"slack":{"default_account":""}},"security":{"operator_privileges":{"enabled":"false"},"dls_fls":{"enabled":"true"},"dls":{"bitset":{"cache":{"size":"10%","ttl":"2h"}}},"transport":{"filter":{"allow":[],"deny":[],"enabled":"true"},"ssl":{"enabled":"true"}},"ssl":{"diagnose":{"trust":"true"}},"enabled":"true","crypto":{"thread_pool":{"queue_size":"1000","size":"4"}},"filter":{"always_allow_bound_address":"true"},"encryption":{"algorithm":"AES/CTR/NoPadding"},"audit":{"enabled":"false","logfile":{"emit_node_id":"true","emit_node_host_name":"false","emit_node_name":"false","events":{"emit_request_body":"false","include":["ACCESS_DENIED","ACCESS_GRANTED","ANONYMOUS_ACCESS_DENIED","AUTHENTICATION_FAILED","CONNECTION_DENIED","TAMPERED_REQUEST","RUN_AS_DENIED","RUN_AS_GRANTED","SECURITY_CONFIG_CHANGE"],"exclude":[]},"emit_node_host_address":"false"}},"authc":{"password_hashing":{"algorithm":"bcrypt"},"success_cache":{"size":"10000","enabled":"true","expire_after_access":"1h"},"api_key":{"doc_cache":{"ttl":"5m"},"cache":{"hash_algo":"ssha256","max_keys":"25000","ttl":"24h"},"delete":{"interval":"24h","timeout":"-1"},"enabled":"false","hashing":{"algorithm":"pbkdf2"}},"anonymous":{"authz_exception":"true","roles":[],"username":"_anonymous"},"run_as":{"enabled":"true"},"reserved_realm":{"enabled":"true"},"service_token":{"cache":{"hash_algo":"ssha256","max_tokens":"100000","ttl":"20m"}},"token":{"delete":{"interval":"30m","timeout":"-1"},"enabled":"false","thread_pool":{"queue_size":"1000","size":"1"},"timeout":"20m"}},"fips_mode":{"enabled":"false"},"encryption_key":{"length":"128","algorithm":"AES"},"http":{"filter":{"allow":[],"deny":[],"enabled":"true"},"ssl":{"enabled":"true"}},"automata":{"max_determinized_states":"100000","cache":{"size":"10000","ttl":"48h","enabled":"true"}},"user":null,"authz":{"timer":{"indices":{"enabled":"false","threshold":{"warn":"200ms","debug":"20ms","info":"100ms"}}},"store":{"privileges":{"cache":{"ttl":"24h","max_size":"10000"}},"roles":{"index":{"cache":{"ttl":"20m","max_size":"10000"}},"cache":{"max_size":"10000"},"negative_lookup_cache":{"max_size":"10000"},"field_permissions":{"cache":{"max_size_in_bytes":"104857600"}}}}}},"transform":{"num_transform_failure_retries":"10","enabled":"true"},"vectors":{"enabled":"true"},"ccr":{"enabled":"true","ccr_thread_pool":{"queue_size":"100","size":"32"}},"idp":{"privileges":{"application":"","cache":{"size":"100","ttl":"90m"}},"metadata":{"signing":{"keystore":{"alias":""}}},"slo_endpoint":{"post":"https:","redirect":"https:"},"defaults":{"nameid_format":"urn:oasis:names:tc:SAML:2.0:nameid-format:transient","authn_expiry":"5m"},"allowed_nameid_formats":["urn:oasis:names:tc:SAML:2.0:nameid-format:transient"],"contact":{"given_name":"","email":"","surname":""},"organization":{"display_name":"","name":"","url":"http:"},"sso_endpoint":{"post":"https:","redirect":"https:"},"entity_id":"","signing":{"keystore":{"alias":""}},"sp":{"cache":{"size":"1000","ttl":"60m"},"wildcard":{"path":"wildcard_services.json"}},"enabled":"false"},"slm":{"enabled":"true"},"enrich":{"enabled":"true"},"http":{"tcp":{"keep_alive":"true"},"default_connection_timeout":"10s","proxy":{"host":"","scheme":"","port":"0"},"connection_pool_ttl":"-1","max_response_size":"10mb","whitelist":["*"],"default_read_timeout":"10s"},"autoscaling":{"memory":{"monitor":{"timeout":"15s"}}},"ml":{"utility_thread_pool":{"core":"1","max":"2048","keep_alive":"10m"},"max_anomaly_records":"500","enable_config_migration":"true","max_open_jobs":"512","delayed_data_check_freq":"15m","min_disk_space_off_heap":"5gb","use_auto_machine_memory_percent":"false","inference_model":{"cache_size":"40%","time_to_live":"5m"},"nightly_maintenance_requests_per_second":"-1.0","node_concurrent_job_allocations":"2","max_model_memory_limit":"0b","enabled":"true","max_lazy_ml_nodes":"0","max_ml_node_size":"0b","max_machine_memory_percent":"30","persist_results_max_retries":"20","autodetect_process":"true","datafeed_thread_pool":{"core":"1","max":"512","keep_alive":"1m"},"max_inference_processors":"50","process_connect_timeout":"10s","job_comms_thread_pool":{"core":"4","max":"2048","keep_alive":"1m"}}},"rest":{"action":{"multi":{"allow_explicit_index":"true"}}},"cache":{"recycler":{"page":{"limit":{"heap":"10%"},"type":"CONCURRENT","weight":{"longs":"1.0","ints":"1.0","bytes":"1.0","objects":"0.1"}}}},"async_search":{"index_cleanup_interval":"1h"},"reindex":{"remote":{"whitelist":[]}},"resource":{"reload":{"enabled":"true","interval":{"low":"60s","high":"5s","medium":"30s"}}},"thread_pool":{"force_merge":{"queue_size":"-1","size":"1"},"search_coordination":{"queue_size":"1000","size":"4"},"snapshot_meta":{"core":"1","max":"24","keep_alive":"30s"},"fetch_shard_started":{"core":"1","max":"16","keep_alive":"5m"},"listener":{"queue_size":"-1","size":"4"},"estimated_time_interval.warn_threshold":"5s","scheduler":{"warn_threshold":"5s"},"search":{"max_queue_size":"1000","queue_size":"1000","size":"13","auto_queue_frame_size":"2000","target_response_time":"1s","min_queue_size":"1000"},"fetch_shard_store":{"core":"1","max":"16","keep_alive":"5m"},"flush":{"core":"1","max":"4","keep_alive":"5m"},"vectortile":{"queue_size":"-1","size":"1"},"get":{"queue_size":"1000","size":"8"},"system_read":{"queue_size":"2000","size":"4"},"system_critical_read":{"queue_size":"2000","size":"4"},"estimated_time_interval":"200ms","write":{"queue_size":"10000","size":"8"},"system_critical_write":{"queue_size":"1500","size":"4"},"refresh":{"core":"1","max":"4","keep_alive":"5m"},"system_write":{"queue_size":"1000","size":"4"},"generic":{"core":"4","max":"128","keep_alive":"30s"},"warmer":{"core":"1","max":"4","keep_alive":"5m"},"auto_complete":{"queue_size":"100","size":"2"},"management":{"core":"1","max":"5","keep_alive":"5m"},"analyze":{"queue_size":"16","size":"1"},"snapshot":{"core":"1","max":"4","keep_alive":"5m"},"search_throttled":{"max_queue_size":"100","queue_size":"100","size":"1","auto_queue_frame_size":"200","target_response_time":"1s","min_queue_size":"100"}},"index":{"codec":"default","recovery":{"type":""},"store":{"type":"","fs":{"fs_lock":"native"},"preload":[],"snapshot":{"uncached_chunk_size":"-1b","cache":{"excluded_file_types":[]}}}},"monitor":{"jvm":{"gc":{"enabled":"true","overhead":{"warn":"50","debug":"10","info":"25"},"refresh_interval":"1s"},"refresh_interval":"1s"},"process":{"refresh_interval":"1s"},"os":{"refresh_interval":"1s"},"fs":{"health":{"enabled":"true","refresh_interval":"120s","slow_path_logging_threshold":"5s"},"refresh_interval":"1s"}},"runtime_fields":{"grok":{"watchdog":{"max_execution_time":"1s","interval":"1s"}}},"transport":{"tcp":{"reuse_address":"true","keep_count":"-1","connect_timeout":"30s","keep_interval":"-1","compress":"FALSE","port":"9300-9400","no_delay":"true","keep_alive":"true","receive_buffer_size":"-1b","keep_idle":"-1","send_buffer_size":"-1b"},"bind_host":[],"connect_timeout":"30s","compress":"FALSE","ping_schedule":"-1","connections_per_node":{"recovery":"2","state":"1","bulk":"3","reg":"6","ping":"1"},"tracer":{"include":[],"exclude":["internal:discovery/zen/fd*","internal:coordination/fault_detection/*","cluster:monitor/nodes/liveness"]},"type":"security4","slow_operation_logging_threshold":"5s","type.default":"netty4","features":{"x-pack":"true"},"port":"9300-9400","compression_scheme":"DEFLATE","host":[],"publish_port":"-1","tcp_no_delay":"true","publish_host":[],"netty":{"receive_predictor_size":"64kb","receive_predictor_max":"64kb","worker_count":"8","receive_predictor_min":"64kb","boss_count":"1"}},"deprecation":{"skip_deprecated_settings":[]},"script":{"allowed_contexts":[],"max_compilations_rate":"150/5m","cache":{"max_size":"3000","expire":"0ms"},"painless":{"regex":{"enabled":"limited","limit-factor":"6"}},"max_size_in_bytes":"65535","allowed_types":[],"disable_max_compilations_rate":"false"},"indexing_pressure":{"memory":{"limit":"10%"}},"node":{"data":"true","bandwidth":{"recovery":{"disk":{"write":"-1","read":"-1"},"operator":{"factor.read":"0.4","factor.write":"0.4","factor":"0.4","factor.max_overcommit":"100.0"},"network":"-1"}},"roles":["data_frozen","data_warm","transform","data","remote_cluster_client","data_cold","data_content","data_hot","ingest","master","ml"],"max_local_storage_nodes":"1","processors":"8","store":{"allow_mmap":"true"},"ingest":"true","master":"true","pidfile":"/var/run/elasticsearch/elasticsearch.pid","transform":"true","remote_cluster_client":"true","enable_lucene_segment_infos_trace":"false","local_storage":"true","name":"elasticsearch","id":{"seed":"0"},"voting_only":"false","attr":{"transform":{"node":"true"},"xpack":{"installed":"true"},"ml":{"max_jvm_size":"16835936256","machine_memory":"33672167424","max_open_jobs":"512"}},"portsfile":"false","ml":"true"},"indices":{"replication":{"retry_timeout":"60s","initial_retry_backoff_bound":"50ms"},"cache":{"cleanup_interval":"1m"},"mapping":{"dynamic_timeout":"30s","max_in_flight_updates":"10"},"memory":{"interval":"5s","max_index_buffer_size":"-1","shard_inactive_time":"5m","index_buffer_size":"10%","min_index_buffer_size":"48mb"},"breaker":{"request":{"limit":"60%","type":"memory","overhead":"1.0"},"total":{"limit":"95%","use_real_memory":"true"},"accounting":{"limit":"100%","overhead":"1.0"},"fielddata":{"limit":"40%","type":"memory","overhead":"1.03"},"type":"hierarchy"},"query":{"bool":{"max_nested_depth":"20","max_clause_count":"1024"},"query_string":{"analyze_wildcard":"false","allowLeadingWildcard":"true"}},"id_field_data":{"enabled":"true"},"recovery":{"internal_action_retry_timeout":"1m","recovery_activity_timeout":"1800000ms","retry_delay_network":"5s","internal_action_timeout":"15m","max_concurrent_snapshot_file_downloads_per_node":"25","retry_delay_state_sync":"500ms","max_concurrent_snapshot_file_downloads":"5","internal_action_long_timeout":"1800000ms","max_concurrent_operations":"1","use_snapshots":"true","max_bytes_per_sec":"40mb","max_concurrent_file_chunks":"2"},"requests":{"cache":{"size":"1%","expire":"0ms"}},"store":{"delete":{"shard":{"timeout":"30s"}}},"analysis":{"hunspell":{"dictionary":{"ignore_case":"false","lazy":"false"}}},"queries":{"cache":{"count":"10000","size":"10%","all_segments":"false"}},"lifecycle":{"history_index_enabled":"true","poll_interval":"10m","step":{"master_timeout":"30s"}},"fielddata":{"cache":{"size":"-1b"}}},"plugin":{"mandatory":[]},"slm":{"minimum_interval":"15m","retention_schedule":"0 30 1 * * ?","retention_duration":"1h","history_index_enabled":"true"},"discovery":{"seed_hosts":[],"unconfigured_bootstrap_timeout":"3s","request_peers_timeout":"3000ms","zen":{"commit_timeout":"30s","no_master_block":"write","join_retry_delay":"100ms","join_retry_attempts":"3","ping":{"unicast":{"concurrent_connects":"10","hosts":[],"hosts.resolve_timeout":"5s"}},"master_election":{"ignore_non_master_pings":"false","wait_for_joins_timeout":"30000ms"},"send_leave_request":"true","ping_timeout":"3s","bwc_ping_timeout":"3s","join_timeout":"60000ms","publish_diff":{"enable":"true"},"publish":{"max_pending_cluster_states":"25"},"minimum_master_nodes":"-1","unsafe_rolling_upgrades_enabled":"true","hosts_provider":[],"publish_timeout":"30s","fd":{"connect_on_network_disconnect":"false","ping_interval":"1s","ping_retries":"3","register_connection_listener":"true","ping_timeout":"30s"},"max_pings_from_another_master":"3"},"initial_state_timeout":"30s","cluster_formation_warning_timeout":"10000ms","seed_providers":[],"type":"zen","seed_resolver":{"max_concurrent_resolvers":"10","timeout":"5s"},"find_peers_interval":"1000ms","probe":{"connect_timeout":"30s","handshake_timeout":"30s"}},"http":{"cors":{"max-age":"1728000","allow-origin":"","allow-headers":"X-Requested-With,Content-Type,Content-Length","allow-credentials":"false","allow-methods":"OPTIONS,HEAD,GET,POST,PUT,DELETE","enabled":"false"},"max_chunk_size":"8kb","compression_level":"3","max_initial_line_length":"4kb","type":"security4","pipelining":{"max_events":"10000"},"type.default":"netty4","content_type":{"required":"true"},"host":[],"publish_port":"-1","read_timeout":"0ms","max_content_length":"100mb","netty":{"receive_predictor_size":"64kb","max_composite_buffer_components":"69905","worker_count":"0"},"tcp":{"reuse_address":"true","keep_count":"-1","keep_interval":"-1","no_delay":"true","keep_alive":"true","receive_buffer_size":"-1b","keep_idle":"-1","send_buffer_size":"-1b"},"bind_host":[],"client_stats":{"enabled":"true","closed_channels":{"max_age":"5m","max_count":"10000"}},"reset_cookies":"false","max_warning_header_count":"-1","tracer":{"include":[],"exclude":[]},"max_warning_header_size":"-1b","detailed_errors":{"enabled":"true"},"port":"9200-9300","max_header_size":"8kb","tcp_no_delay":"true","compression":"false","publish_host":[]},"gateway":{"recover_after_master_nodes":"0","expected_nodes":"-1","recover_after_data_nodes":"-1","expected_data_nodes":"-1","write_dangling_indices_info":"true","slow_write_logging_threshold":"10s","recover_after_time":"0ms","expected_master_nodes":"-1","recover_after_nodes":"-1","auto_import_dangling_indices":"false"},"snapshot":{"refresh_repo_uuid_on_restore":"true","max_concurrent_operations":"1000"}}}
4. {"indices":{"shards":{"total":146}}}
5. {
"cluster_name" : "elasticsearch",
"status" : "green",
"timed_out" : false,
"number_of_nodes" : 1,
"number_of_data_nodes" : 1,
"active_primary_shards" : 146,
"active_shards" : 146,
"relocating_shards" : 0,
"initializing_shards" : 0,
"unassigned_shards" : 0,
"delayed_unassigned_shards" : 0,
"number_of_pending_tasks" : 0,
"number_of_in_flight_fetch" : 0,
"task_max_waiting_in_queue_millis" : 0,
"active_shards_percent_as_number" : 100.0
2. systemctl status elasticsearch
3. curl -sS -k -u <USER>:<PASS> -XGET https://localhost:9200/_cluster/settings?include_defaults=true
4. curl -sS -k -u <USER>:<PASS> -XGET https://localhost:9200/_cluster/stats?filter_path=indices.shards.total
5. curl -u <USER>:<PASS> -k -X GET https://localhost:9200/_cluster/health?pretty
1. ● kibana.service - Kibana
Loaded: loaded (/etc/systemd/system/kibana.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2022-08-30 16:37:13 UTC; 1h 14min ago
Docs: https://www.elastic.co
Main PID: 10312 (node)
Tasks: 11 (limit: 38428)
Memory: 236.4M
CGroup: /system.slice/kibana.service
└─10312 /usr/share/kibana/bin/../node/bin/node /usr/share/kibana/bin/../src/cli/dist --logging.dest=/var/log/kibana/kibana.log --pid.file=/run/>
Aug 30 16:37:13 PB-Wazuh systemd[1]: Started Kibana.
2. ● elasticsearch.service - Elasticsearch
Loaded: loaded (/lib/systemd/system/elasticsearch.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2022-08-30 16:37:06 UTC; 1h 14min ago
Docs: https://www.elastic.co
Main PID: 9982 (java)
Tasks: 120 (limit: 38428)
Memory: 18.3G
CGroup: /system.slice/elasticsearch.service
├─ 9982 /usr/share/elasticsearch/jdk/bin/java -Xshare:auto -Des.networkaddress.cache.ttl=60 -Des.networkaddress.cache.negative.ttl=10 -XX:+Alwa>
└─10196 /usr/share/elasticsearch/modules/x-pack-ml/platform/linux-x86_64/bin/controller
Aug 30 16:36:51 PB-Wazuh systemd[1]: Starting Elasticsearch...
Aug 30 16:37:06 PB-Wazuh systemd[1]: Started Elasticsearch.
3.
{"persistent":{},"transient":{},"defaults":{"cluster":{"max_voting_config_exclusions":"10","auto_shrink_voting_configuration":"true","election":{"duration":"500ms","initial_timeout":"100ms","max_timeout":"10s","back_off_time":"100ms","strategy":"supports_voting_only"},"no_master_block":"write","persistent_tasks":{"allocation":{"enable":"all","recheck_interval":"30s"}},"blocks":{"read_only_allow_delete":"false","read_only":"false"},"remote":{"node":{"attr":""},"initial_connect_timeout":"30s","connect":"true","connections_per_cluster":"3"},"follower_lag":{"timeout":"90000ms"},"routing":{"use_adaptive_replica_selection":"true","rebalance":{"enable":"all"},"allocation":{"enforce_default_tier_preference":"false","node_concurrent_incoming_recoveries":"2","include":{"_tier":""},"node_initial_primaries_recoveries":"4","same_shard":{"host":"false"},"total_shards_per_node":"-1","require":{"_tier":""},"shard_state":{"reroute":{"priority":"NORMAL"}},"type":"balanced","disk":{"threshold_enabled":"true","watermark":{"flood_stage.frozen.max_headroom":"20GB","flood_stage":"95%","high":"90%","low":"85%","enable_for_single_data_node":"false","flood_stage.frozen":"95%"},"include_relocations":"true","reroute_interval":"60s"},"awareness":{"attributes":[]},"balance":{"index":"0.55","threshold":"1.0","shard":"0.45"},"enable":"all","node_concurrent_outgoing_recoveries":"2","allow_rebalance":"indices_all_active","cluster_concurrent_rebalance":"2","node_concurrent_recoveries":"2","exclude":{"_tier":""}}},"indices":{"tombstones":{"size":"500"},"close":{"enable":"true"}},"max_shards_per_node.frozen":"3000","nodes":{"reconnect_interval":"10s"},"service":{"master_service_starvation_logging_threshold":"5m","slow_master_task_logging_threshold":"10s","slow_task_logging_threshold":"30s"},"publish":{"timeout":"30000ms","info_timeout":"10000ms"},"name":"elasticsearch","fault_detection":{"leader_check":{"interval":"1000ms","timeout":"10000ms","retry_count":"3"},"follower_check":{"interval":"1000ms","timeout":"10000ms","retry_count":"3"}},"join":{"timeout":"60000ms"},"max_shards_per_node":"1000","initial_master_nodes":["elasticsearch"],"deprecation_indexing":{"enabled":"true","x_opaque_id_used":{"enabled":"true"}},"snapshot":{"info":{"max_concurrent_fetches":"5"}},"info":{"update":{"interval":"30s","timeout":"15s"}}},"stack":{"templates":{"enabled":"true"}},"logger":{"level":"INFO"},"bootstrap":{"memory_lock":"false","system_call_filter":"true","ctrlhandler":"true"},"processors":"8","ingest":{"user_agent":{"cache_size":"1000"},"geoip":{"cache_size":"1000","downloader":{"enabled":"true","endpoint":"https://geoip.elastic.co/v1/database","poll":{"interval":"3d"}}},"grok":{"watchdog":{"max_execution_time":"1s","interval":"1s"}}},"network":{"host":["127.0.0.1"],"tcp":{"reuse_address":"true","keep_count":"-1","connect_timeout":"30s","keep_interval":"-1","no_delay":"true","keep_alive":"true","receive_buffer_size":"-1b","keep_idle":"-1","send_buffer_size":"-1b"},"bind_host":["127.0.0.1"],"server":"true","breaker":{"inflight_requests":{"limit":"100%","overhead":"2.0"}},"publish_host":["127.0.0.1"]},"pidfile":"","searchable_snapshots":{"blob_cache":{"periodic_cleanup":{"interval":"1h","batch_size":"100","pit_keep_alive":"10m","retention_period":"1h"}}},"path":{"data":["/var/lib/elasticsearch"],"logs":"/var/log/elasticsearch","shared_data":"","home":"/usr/share/elasticsearch","repo":[]},"search":{"default_search_timeout":"-1","max_open_scroll_context":"500","max_buckets":"65536","max_async_search_response_size":"-1b","keep_alive_interval":"1m","remote":{"node":{"attr":""},"initial_connect_timeout":"30s","connect":"true","connections_per_cluster":"3"},"max_keep_alive":"24h","highlight":{"term_vector_multi_value":"true"},"default_allow_partial_results":"true","low_level_cancellation":"true","allow_expensive_queries":"true","default_keep_alive":"5m","aggs":{"rewrite_to_filter_by_filter":"true"}},"security":{"manager":{"filter_bad_defaults":"true"}},"ccr":{"wait_for_metadata_timeout":"60s","indices":{"recovery":{"recovery_activity_timeout":"60s","chunk_size":"1mb","internal_action_timeout":"60s","max_bytes_per_sec":"40mb","max_concurrent_file_chunks":"5"}},"auto_follow":{"wait_for_metadata_timeout":"60s"}},"repositories":{"fs":{"compress":"false","chunk_size":"9223372036854775807b","location":""},"url":{"supported_protocols":["http","https","ftp","file","jar"],"allowed_urls":[],"url":"http:"}},"action":{"auto_create_index":"true","search":{"pre_filter_shard_size":{"default":"128"},"shard_count":{"limit":"9223372036854775807"}},"destructive_requires_name":"false"},"client":{"type":"node","transport":{"ignore_cluster_name":"false","nodes_sampler_interval":"5s","sniff":"false","ping_timeout":"5s"}},"enrich":{"max_force_merge_attempts":"3","cleanup_period":"15m","fetch_size":"10000","cache_size":"1000","coordinator_proxy":{"max_concurrent_requests":"8","max_lookups_per_request":"128","queue_capacity":"1024"},"max_concurrent_policy_executions":"50"},"xpack":{"flattened":{"enabled":"true"},"watcher":{"execution":{"scroll":{"size":"0","timeout":""},"default_throttle_period":"5s"},"internal":{"ops":{"bulk":{"default_timeout":""},"index":{"default_timeout":""},"search":{"default_timeout":""}}},"thread_pool":{"queue_size":"1000","size":"40"},"index":{"rest":{"direct_access":""}},"use_ilm_index_management":"true","history":{"cleaner_service":{"enabled":"true"}},"trigger":{"schedule":{"ticker":{"tick_interval":"500ms"}}},"enabled":"true","input":{"search":{"default_timeout":""}},"encrypt_sensitive_data":"false","transform":{"search":{"default_timeout":""}},"stop":{"timeout":"30s"},"watch":{"scroll":{"size":"0"}},"bulk":{"concurrent_requests":"0","flush_interval":"1s","size":"1mb","actions":"1"},"actions":{"bulk":{"default_timeout":""},"index":{"default_timeout":""}}},"eql":{"enabled":"true"},"data_frame":{"enabled":"true"},"ilm":{"enabled":"true"},"monitoring":{"migration":{"decommission_alerts":"false"},"collection":{"cluster":{"stats":{"timeout":"10s"}},"node":{"stats":{"timeout":"10s"}},"indices":[],"ccr":{"stats":{"timeout":"10s"}},"enrich":{"stats":{"timeout":"10s"}},"index":{"stats":{"timeout":"10s"},"recovery":{"active_only":"false","timeout":"10s"}},"interval":"10s","enabled":"false","ml":{"job":{"stats":{"timeout":"10s"}}}},"history":{"duration":"168h"},"elasticsearch":{"collection":{"enabled":"true"}},"enabled":"true"},"graph":{"enabled":"true"},"searchable":{"snapshot":{"allocate_on_rolling_restart":"false","cache":{"range_size":"32mb","sync":{"max_files":"10000","interval":"60s","shutdown_timeout":"10s"},"recovery_range_size":"128kb"},"shared_cache":{"recovery_range_size":"128kb","region_size":"16mb","size":"0","min_time_delta":"60s","decay":{"interval":"60s"},"size.max_headroom":"-1","range_size":"16mb","max_freq":"100"}}},"rollup":{"enabled":"true","task_thread_pool":{"queue_size":"-1","size":"1"}},"sql":{"enabled":"true"},"searchable_snapshots":{"cache_fetch_async_thread_pool":{"core":"0","max":"24","keep_alive":"30s"},"cache_prewarming_thread_pool":{"core":"0","max":"16","keep_alive":"30s"}},"license":{"upload":{"types":["standard","gold","platinum","enterprise","trial"]},"self_generated":{"type":"basic"}},"logstash":{"enabled":"true"},"notification":{"pagerduty":{"default_account":""},"email":{"account":{"domain_allowlist":["*"]},"default_account":"","html":{"sanitization":{"allow":["body","head","_tables","_links","_blocks","_formatting","img:embedded"],"disallow":[],"enabled":"true"}}},"reporting":{"retries":"40","warning":{"enabled":"true"},"interval":"15s"},"jira":{"default_account":""},"slack":{"default_account":""}},"security":{"operator_privileges":{"enabled":"false"},"dls_fls":{"enabled":"true"},"dls":{"bitset":{"cache":{"size":"10%","ttl":"2h"}}},"transport":{"filter":{"allow":[],"deny":[],"enabled":"true"},"ssl":{"enabled":"true"}},"ssl":{"diagnose":{"trust":"true"}},"enabled":"true","crypto":{"thread_pool":{"queue_size":"1000","size":"4"}},"filter":{"always_allow_bound_address":"true"},"encryption":{"algorithm":"AES/CTR/NoPadding"},"audit":{"enabled":"false","logfile":{"emit_node_id":"true","emit_node_host_name":"false","emit_node_name":"false","events":{"emit_request_body":"false","include":["ACCESS_DENIED","ACCESS_GRANTED","ANONYMOUS_ACCESS_DENIED","AUTHENTICATION_FAILED","CONNECTION_DENIED","TAMPERED_REQUEST","RUN_AS_DENIED","RUN_AS_GRANTED","SECURITY_CONFIG_CHANGE"],"exclude":[]},"emit_node_host_address":"false"}},"authc":{"password_hashing":{"algorithm":"bcrypt"},"success_cache":{"size":"10000","enabled":"true","expire_after_access":"1h"},"api_key":{"doc_cache":{"ttl":"5m"},"cache":{"hash_algo":"ssha256","max_keys":"25000","ttl":"24h"},"delete":{"interval":"24h","timeout":"-1"},"enabled":"false","hashing":{"algorithm":"pbkdf2"}},"anonymous":{"authz_exception":"true","roles":[],"username":"_anonymous"},"run_as":{"enabled":"true"},"reserved_realm":{"enabled":"true"},"service_token":{"cache":{"hash_algo":"ssha256","max_tokens":"100000","ttl":"20m"}},"token":{"delete":{"interval":"30m","timeout":"-1"},"enabled":"false","thread_pool":{"queue_size":"1000","size":"1"},"timeout":"20m"}},"fips_mode":{"enabled":"false"},"encryption_key":{"length":"128","algorithm":"AES"},"http":{"filter":{"allow":[],"deny":[],"enabled":"true"},"ssl":{"enabled":"true"}},"automata":{"max_determinized_states":"100000","cache":{"size":"10000","ttl":"48h","enabled":"true"}},"user":null,"authz":{"timer":{"indices":{"enabled":"false","threshold":{"warn":"200ms","debug":"20ms","info":"100ms"}}},"store":{"privileges":{"cache":{"ttl":"24h","max_size":"10000"}},"roles":{"index":{"cache":{"ttl":"20m","max_size":"10000"}},"cache":{"max_size":"10000"},"negative_lookup_cache":{"max_size":"10000"},"field_permissions":{"cache":{"max_size_in_bytes":"104857600"}}}}}},"transform":{"num_transform_failure_retries":"10","enabled":"true"},"vectors":{"enabled":"true"},"ccr":{"enabled":"true","ccr_thread_pool":{"queue_size":"100","size":"32"}},"idp":{"privileges":{"application":"","cache":{"size":"100","ttl":"90m"}},"metadata":{"signing":{"keystore":{"alias":""}}},"slo_endpoint":{"post":"https:","redirect":"https:"},"defaults":{"nameid_format":"urn:oasis:names:tc:SAML:2.0:nameid-format:transient","authn_expiry":"5m"},"allowed_nameid_formats":["urn:oasis:names:tc:SAML:2.0:nameid-format:transient"],"contact":{"given_name":"","email":"","surname":""},"organization":{"display_name":"","name":"","url":"http:"},"sso_endpoint":{"post":"https:","redirect":"https:"},"entity_id":"","signing":{"keystore":{"alias":""}},"sp":{"cache":{"size":"1000","ttl":"60m"},"wildcard":{"path":"wildcard_services.json"}},"enabled":"false"},"slm":{"enabled":"true"},"enrich":{"enabled":"true"},"http":{"tcp":{"keep_alive":"true"},"default_connection_timeout":"10s","proxy":{"host":"","scheme":"","port":"0"},"connection_pool_ttl":"-1","max_response_size":"10mb","whitelist":["*"],"default_read_timeout":"10s"},"autoscaling":{"memory":{"monitor":{"timeout":"15s"}}},"ml":{"utility_thread_pool":{"core":"1","max":"2048","keep_alive":"10m"},"max_anomaly_records":"500","enable_config_migration":"true","max_open_jobs":"512","delayed_data_check_freq":"15m","min_disk_space_off_heap":"5gb","use_auto_machine_memory_percent":"false","inference_model":{"cache_size":"40%","time_to_live":"5m"},"nightly_maintenance_requests_per_second":"-1.0","node_concurrent_job_allocations":"2","max_model_memory_limit":"0b","enabled":"true","max_lazy_ml_nodes":"0","max_ml_node_size":"0b","max_machine_memory_percent":"30","persist_results_max_retries":"20","autodetect_process":"true","datafeed_thread_pool":{"core":"1","max":"512","keep_alive":"1m"},"max_inference_processors":"50","process_connect_timeout":"10s","job_comms_thread_pool":{"core":"4","max":"2048","keep_alive":"1m"}}},"rest":{"action":{"multi":{"allow_explicit_index":"true"}}},"cache":{"recycler":{"page":{"limit":{"heap":"10%"},"type":"CONCURRENT","weight":{"longs":"1.0","ints":"1.0","bytes":"1.0","objects":"0.1"}}}},"async_search":{"index_cleanup_interval":"1h"},"reindex":{"remote":{"whitelist":[]}},"resource":{"reload":{"enabled":"true","interval":{"low":"60s","high":"5s","medium":"30s"}}},"thread_pool":{"force_merge":{"queue_size":"-1","size":"1"},"search_coordination":{"queue_size":"1000","size":"4"},"snapshot_meta":{"core":"1","max":"24","keep_alive":"30s"},"fetch_shard_started":{"core":"1","max":"16","keep_alive":"5m"},"listener":{"queue_size":"-1","size":"4"},"estimated_time_interval.warn_threshold":"5s","scheduler":{"warn_threshold":"5s"},"search":{"max_queue_size":"1000","queue_size":"1000","size":"13","auto_queue_frame_size":"2000","target_response_time":"1s","min_queue_size":"1000"},"fetch_shard_store":{"core":"1","max":"16","keep_alive":"5m"},"flush":{"core":"1","max":"4","keep_alive":"5m"},"vectortile":{"queue_size":"-1","size":"1"},"get":{"queue_size":"1000","size":"8"},"system_read":{"queue_size":"2000","size":"4"},"system_critical_read":{"queue_size":"2000","size":"4"},"estimated_time_interval":"200ms","write":{"queue_size":"10000","size":"8"},"system_critical_write":{"queue_size":"1500","size":"4"},"refresh":{"core":"1","max":"4","keep_alive":"5m"},"system_write":{"queue_size":"1000","size":"4"},"generic":{"core":"4","max":"128","keep_alive":"30s"},"warmer":{"core":"1","max":"4","keep_alive":"5m"},"auto_complete":{"queue_size":"100","size":"2"},"management":{"core":"1","max":"5","keep_alive":"5m"},"analyze":{"queue_size":"16","size":"1"},"snapshot":{"core":"1","max":"4","keep_alive":"5m"},"search_throttled":{"max_queue_size":"100","queue_size":"100","size":"1","auto_queue_frame_size":"200","target_response_time":"1s","min_queue_size":"100"}},"index":{"codec":"default","recovery":{"type":""},"store":{"type":"","fs":{"fs_lock":"native"},"preload":[],"snapshot":{"uncached_chunk_size":"-1b","cache":{"excluded_file_types":[]}}}},"monitor":{"jvm":{"gc":{"enabled":"true","overhead":{"warn":"50","debug":"10","info":"25"},"refresh_interval":"1s"},"refresh_interval":"1s"},"process":{"refresh_interval":"1s"},"os":{"refresh_interval":"1s"},"fs":{"health":{"enabled":"true","refresh_interval":"120s","slow_path_logging_threshold":"5s"},"refresh_interval":"1s"}},"runtime_fields":{"grok":{"watchdog":{"max_execution_time":"1s","interval":"1s"}}},"transport":{"tcp":{"reuse_address":"true","keep_count":"-1","connect_timeout":"30s","keep_interval":"-1","compress":"FALSE","port":"9300-9400","no_delay":"true","keep_alive":"true","receive_buffer_size":"-1b","keep_idle":"-1","send_buffer_size":"-1b"},"bind_host":[],"connect_timeout":"30s","compress":"FALSE","ping_schedule":"-1","connections_per_node":{"recovery":"2","state":"1","bulk":"3","reg":"6","ping":"1"},"tracer":{"include":[],"exclude":["internal:discovery/zen/fd*","internal:coordination/fault_detection/*","cluster:monitor/nodes/liveness"]},"type":"security4","slow_operation_logging_threshold":"5s","type.default":"netty4","features":{"x-pack":"true"},"port":"9300-9400","compression_scheme":"DEFLATE","host":[],"publish_port":"-1","tcp_no_delay":"true","publish_host":[],"netty":{"receive_predictor_size":"64kb","receive_predictor_max":"64kb","worker_count":"8","receive_predictor_min":"64kb","boss_count":"1"}},"deprecation":{"skip_deprecated_settings":[]},"script":{"allowed_contexts":[],"max_compilations_rate":"150/5m","cache":{"max_size":"3000","expire":"0ms"},"painless":{"regex":{"enabled":"limited","limit-factor":"6"}},"max_size_in_bytes":"65535","allowed_types":[],"disable_max_compilations_rate":"false"},"indexing_pressure":{"memory":{"limit":"10%"}},"node":{"data":"true","bandwidth":{"recovery":{"disk":{"write":"-1","read":"-1"},"operator":{"factor.read":"0.4","factor.write":"0.4","factor":"0.4","factor.max_overcommit":"100.0"},"network":"-1"}},"roles":["data_frozen","data_warm","transform","data","remote_cluster_client","data_cold","data_content","data_hot","ingest","master","ml"],"max_local_storage_nodes":"1","processors":"8","store":{"allow_mmap":"true"},"ingest":"true","master":"true","pidfile":"/var/run/elasticsearch/elasticsearch.pid","transform":"true","remote_cluster_client":"true","enable_lucene_segment_infos_trace":"false","local_storage":"true","name":"elasticsearch","id":{"seed":"0"},"voting_only":"false","attr":{"transform":{"node":"true"},"xpack":{"installed":"true"},"ml":{"max_jvm_size":"16835936256","machine_memory":"33672167424","max_open_jobs":"512"}},"portsfile":"false","ml":"true"},"indices":{"replication":{"retry_timeout":"60s","initial_retry_backoff_bound":"50ms"},"cache":{"cleanup_interval":"1m"},"mapping":{"dynamic_timeout":"30s","max_in_flight_updates":"10"},"memory":{"interval":"5s","max_index_buffer_size":"-1","shard_inactive_time":"5m","index_buffer_size":"10%","min_index_buffer_size":"48mb"},"breaker":{"request":{"limit":"60%","type":"memory","overhead":"1.0"},"total":{"limit":"95%","use_real_memory":"true"},"accounting":{"limit":"100%","overhead":"1.0"},"fielddata":{"limit":"40%","type":"memory","overhead":"1.03"},"type":"hierarchy"},"query":{"bool":{"max_nested_depth":"20","max_clause_count":"1024"},"query_string":{"analyze_wildcard":"false","allowLeadingWildcard":"true"}},"id_field_data":{"enabled":"true"},"recovery":{"internal_action_retry_timeout":"1m","recovery_activity_timeout":"1800000ms","retry_delay_network":"5s","internal_action_timeout":"15m","max_concurrent_snapshot_file_downloads_per_node":"25","retry_delay_state_sync":"500ms","max_concurrent_snapshot_file_downloads":"5","internal_action_long_timeout":"1800000ms","max_concurrent_operations":"1","use_snapshots":"true","max_bytes_per_sec":"40mb","max_concurrent_file_chunks":"2"},"requests":{"cache":{"size":"1%","expire":"0ms"}},"store":{"delete":{"shard":{"timeout":"30s"}}},"analysis":{"hunspell":{"dictionary":{"ignore_case":"false","lazy":"false"}}},"queries":{"cache":{"count":"10000","size":"10%","all_segments":"false"}},"lifecycle":{"history_index_enabled":"true","poll_interval":"10m","step":{"master_timeout":"30s"}},"fielddata":{"cache":{"size":"-1b"}}},"plugin":{"mandatory":[]},"slm":{"minimum_interval":"15m","retention_schedule":"0 30 1 * * ?","retention_duration":"1h","history_index_enabled":"true"},"discovery":{"seed_hosts":[],"unconfigured_bootstrap_timeout":"3s","request_peers_timeout":"3000ms","zen":{"commit_timeout":"30s","no_master_block":"write","join_retry_delay":"100ms","join_retry_attempts":"3","ping":{"unicast":{"concurrent_connects":"10","hosts":[],"hosts.resolve_timeout":"5s"}},"master_election":{"ignore_non_master_pings":"false","wait_for_joins_timeout":"30000ms"},"send_leave_request":"true","ping_timeout":"3s","bwc_ping_timeout":"3s","join_timeout":"60000ms","publish_diff":{"enable":"true"},"publish":{"max_pending_cluster_states":"25"},"minimum_master_nodes":"-1","unsafe_rolling_upgrades_enabled":"true","hosts_provider":[],"publish_timeout":"30s","fd":{"connect_on_network_disconnect":"false","ping_interval":"1s","ping_retries":"3","register_connection_listener":"true","ping_timeout":"30s"},"max_pings_from_another_master":"3"},"initial_state_timeout":"30s","cluster_formation_warning_timeout":"10000ms","seed_providers":[],"type":"zen","seed_resolver":{"max_concurrent_resolvers":"10","timeout":"5s"},"find_peers_interval":"1000ms","probe":{"connect_timeout":"30s","handshake_timeout":"30s"}},"http":{"cors":{"max-age":"1728000","allow-origin":"","allow-headers":"X-Requested-With,Content-Type,Content-Length","allow-credentials":"false","allow-methods":"OPTIONS,HEAD,GET,POST,PUT,DELETE","enabled":"false"},"max_chunk_size":"8kb","compression_level":"3","max_initial_line_length":"4kb","type":"security4","pipelining":{"max_events":"10000"},"type.default":"netty4","content_type":{"required":"true"},"host":[],"publish_port":"-1","read_timeout":"0ms","max_content_length":"100mb","netty":{"receive_predictor_size":"64kb","max_composite_buffer_components":"69905","worker_count":"0"},"tcp":{"reuse_address":"true","keep_count":"-1","keep_interval":"-1","no_delay":"true","keep_alive":"true","receive_buffer_size":"-1b","keep_idle":"-1","send_buffer_size":"-1b"},"bind_host":[],"client_stats":{"enabled":"true","closed_channels":{"max_age":"5m","max_count":"10000"}},"reset_cookies":"false","max_warning_header_count":"-1","tracer":{"include":[],"exclude":[]},"max_warning_header_size":"-1b","detailed_errors":{"enabled":"true"},"port":"9200-9300","max_header_size":"8kb","tcp_no_delay":"true","compression":"false","publish_host":[]},"gateway":{"recover_after_master_nodes":"0","expected_nodes":"-1","recover_after_data_nodes":"-1","expected_data_nodes":"-1","write_dangling_indices_info":"true","slow_write_logging_threshold":"10s","recover_after_time":"0ms","expected_master_nodes":"-1","recover_after_nodes":"-1","auto_import_dangling_indices":"false"},"snapshot":{"refresh_repo_uuid_on_restore":"true","max_concurrent_operations":"1000"}}}
4. {"indices":{"shards":{"total":146}}}
5. {
"cluster_name" : "elasticsearch",
"status" : "green",
"timed_out" : false,
"number_of_nodes" : 1,
"number_of_data_nodes" : 1,
"active_primary_shards" : 146,
"active_shards" : 146,
"relocating_shards" : 0,
"initializing_shards" : 0,
"unassigned_shards" : 0,
"delayed_unassigned_shards" : 0,
"number_of_pending_tasks" : 0,
"number_of_in_flight_fetch" : 0,
"task_max_waiting_in_queue_millis" : 0,
"active_shards_percent_as_number" : 100.0
Roman Luna
Sep 2, 2022, 4:24:44 PM9/2/22
to Wazuh mailing list
Hi,
What version of Wazuh manager and elastic stack do you have installed?
Moreover, can you provide the logs from Kibana and from elastic, you can view them by doing:
journalctl -xeu kibana
cat /var/log/elasticsearch/<elasticsearch-cluster-name>.log Regards,
Roman Luna.
Tom Powers
Sep 6, 2022, 9:00:14 AM9/6/22
to Wazuh mailing list
Hello...apologies for the delayed response... Holiday weekend and all.
Aug 30 16:37:13 PB-Wazuh systemd[1]: Started Kibana.
Versions of components:
Elasticsearch 7.17.3
Kibana 7.17.3
Wazuh 4.3.0
Result of Elasticsearch Cat:
root@PB-Wazuh:/usr/share/kibana# cat /var/log/elasticsearch/elasticsearch.log
[2022-09-06T00:00:01,354][INFO ][o.e.c.m.MetadataCreateIndexService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06] creating index, cause [auto(bulk api)], templates [wazuh], shards [3]/[0]
[2022-09-06T00:00:01,605][INFO ][o.e.c.r.a.AllocationService] [elasticsearch] Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[wazuh-alerts-4.x--windows-2022.09.06][1], [wazuh-alerts-4.x--windows-2022.09.06][2], [wazuh-alerts-4.x--windows-2022.09.06][0]]]).
[2022-09-06T00:00:01,660][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:00:02,306][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:00:02,447][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:00:04,471][INFO ][o.e.c.m.MetadataCreateIndexService] [elasticsearch] [wazuh-alerts-4.x-2022.09.06] creating index, cause [auto(bulk api)], templates [wazuh], shards [3]/[0]
[2022-09-06T00:00:04,717][INFO ][o.e.c.r.a.AllocationService] [elasticsearch] Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[wazuh-alerts-4.x-2022.09.06][2], [wazuh-alerts-4.x-2022.09.06][0]]]).
[2022-09-06T00:00:04,777][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x-2022.09.06/iAW3d0g0SSK33VUWYt7ZVw] update_mapping [_doc]
[2022-09-06T00:00:04,825][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:00:04,829][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:00:04,910][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:00:04,999][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:00:05,094][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:00:05,201][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:00:05,367][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:00:07,500][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:00:11,498][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x-2022.09.06/iAW3d0g0SSK33VUWYt7ZVw] update_mapping [_doc]
[2022-09-06T00:00:11,642][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x-2022.09.06/iAW3d0g0SSK33VUWYt7ZVw] update_mapping [_doc]
[2022-09-06T00:00:21,508][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:00:23,667][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x-2022.09.06/iAW3d0g0SSK33VUWYt7ZVw] update_mapping [_doc]
[2022-09-06T00:00:25,526][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:00:27,569][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:00:41,121][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:00:46,602][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:00:46,839][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:01:39,736][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x-2022.09.06/iAW3d0g0SSK33VUWYt7ZVw] update_mapping [_doc]
[2022-09-06T00:01:45,781][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:02:28,935][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:02:32,897][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x-2022.09.06/iAW3d0g0SSK33VUWYt7ZVw] update_mapping [_doc]
[2022-09-06T00:03:09,017][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x-2022.09.06/iAW3d0g0SSK33VUWYt7ZVw] update_mapping [_doc]
[2022-09-06T00:03:53,151][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:03:58,125][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:04:14,261][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:04:14,321][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:05:00,275][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x-2022.09.06/iAW3d0g0SSK33VUWYt7ZVw] update_mapping [_doc]
[2022-09-06T00:05:36,495][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x-2022.09.06/iAW3d0g0SSK33VUWYt7ZVw] update_mapping [_doc]
[2022-09-06T00:06:36,574][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:07:16,722][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x-2022.09.06/iAW3d0g0SSK33VUWYt7ZVw] update_mapping [_doc]
[2022-09-06T00:08:07,902][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:09:21,099][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:09:39,148][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:09:53,186][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:09:53,306][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:10:52,400][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:13:25,813][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:13:26,775][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:16:50,381][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:17:57,526][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:17:57,569][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:19:54,852][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:20:55,124][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:35:56,185][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x-2022.09.06/iAW3d0g0SSK33VUWYt7ZVw] update_mapping [_doc]
[2022-09-06T00:36:04,214][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x-2022.09.06/iAW3d0g0SSK33VUWYt7ZVw] update_mapping [_doc]
[2022-09-06T00:36:13,311][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x-2022.09.06/iAW3d0g0SSK33VUWYt7ZVw] update_mapping [_doc]
[2022-09-06T00:39:54,910][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:58:44,140][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x-2022.09.06/iAW3d0g0SSK33VUWYt7ZVw] update_mapping [_doc]
[2022-09-06T00:59:14,203][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T01:00:18,390][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T01:09:16,935][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T01:17:16,532][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T01:21:25,751][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T01:30:00,000][INFO ][o.e.x.m.MlDailyMaintenanceService] [elasticsearch] triggering scheduled [ML] maintenance tasks
[2022-09-06T01:30:00,007][INFO ][o.e.x.m.a.TransportDeleteExpiredDataAction] [elasticsearch] Deleting expired data
[2022-09-06T01:30:00,000][INFO ][o.e.x.s.SnapshotRetentionTask] [elasticsearch] starting SLM retention snapshot cleanup task
[2022-09-06T01:30:00,010][INFO ][o.e.x.s.SnapshotRetentionTask] [elasticsearch] there are no repositories to fetch, SLM retention snapshot cleanup task complete
[2022-09-06T01:30:00,016][INFO ][o.e.x.m.j.r.UnusedStatsRemover] [elasticsearch] Successfully deleted [0] unused stats documents
[2022-09-06T01:30:00,018][INFO ][o.e.x.m.a.TransportDeleteExpiredDataAction] [elasticsearch] Completed deletion of expired ML data
[2022-09-06T01:30:00,018][INFO ][o.e.x.m.MlDailyMaintenanceService] [elasticsearch] Successfully completed [ML] maintenance task: triggerDeleteExpiredDataTask
[2022-09-06T01:35:51,428][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x-2022.09.06/iAW3d0g0SSK33VUWYt7ZVw] update_mapping [_doc]
[2022-09-06T01:39:06,703][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T03:17:24,929][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T03:51:03,509][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T04:14:09,165][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T07:16:16,751][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x-2022.09.06/iAW3d0g0SSK33VUWYt7ZVw] update_mapping [_doc]
[2022-09-06T09:18:23,966][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T10:12:06,511][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T10:22:27,092][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T11:58:22,526][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T11:58:22,608][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T12:30:16,567][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x-2022.09.06/iAW3d0g0SSK33VUWYt7ZVw] update_mapping [_doc]
[2022-09-06T12:30:55,587][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T12:31:40,642][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T12:32:27,721][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T12:32:35,734][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x-2022.09.06/iAW3d0g0SSK33VUWYt7ZVw] update_mapping [_doc]
[2022-09-06T12:45:46,722][WARN ][o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [elasticsearch] received plaintext http traffic on an https channel, closing connection Netty4HttpChannel{localAddress=/127.0.0.1:9200, remoteAddress=/127.0.0.1:54270}
[2022-09-06T00:00:01,354][INFO ][o.e.c.m.MetadataCreateIndexService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06] creating index, cause [auto(bulk api)], templates [wazuh], shards [3]/[0]
[2022-09-06T00:00:01,605][INFO ][o.e.c.r.a.AllocationService] [elasticsearch] Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[wazuh-alerts-4.x--windows-2022.09.06][1], [wazuh-alerts-4.x--windows-2022.09.06][2], [wazuh-alerts-4.x--windows-2022.09.06][0]]]).
[2022-09-06T00:00:01,660][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:00:02,306][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:00:02,447][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:00:04,471][INFO ][o.e.c.m.MetadataCreateIndexService] [elasticsearch] [wazuh-alerts-4.x-2022.09.06] creating index, cause [auto(bulk api)], templates [wazuh], shards [3]/[0]
[2022-09-06T00:00:04,717][INFO ][o.e.c.r.a.AllocationService] [elasticsearch] Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[wazuh-alerts-4.x-2022.09.06][2], [wazuh-alerts-4.x-2022.09.06][0]]]).
[2022-09-06T00:00:04,777][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x-2022.09.06/iAW3d0g0SSK33VUWYt7ZVw] update_mapping [_doc]
[2022-09-06T00:00:04,825][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:00:04,829][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:00:04,910][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:00:04,999][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:00:05,094][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:00:05,201][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:00:05,367][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:00:07,500][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:00:11,498][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x-2022.09.06/iAW3d0g0SSK33VUWYt7ZVw] update_mapping [_doc]
[2022-09-06T00:00:11,642][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x-2022.09.06/iAW3d0g0SSK33VUWYt7ZVw] update_mapping [_doc]
[2022-09-06T00:00:21,508][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:00:23,667][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x-2022.09.06/iAW3d0g0SSK33VUWYt7ZVw] update_mapping [_doc]
[2022-09-06T00:00:25,526][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:00:27,569][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:00:41,121][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:00:46,602][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:00:46,839][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:01:39,736][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x-2022.09.06/iAW3d0g0SSK33VUWYt7ZVw] update_mapping [_doc]
[2022-09-06T00:01:45,781][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:02:28,935][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:02:32,897][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x-2022.09.06/iAW3d0g0SSK33VUWYt7ZVw] update_mapping [_doc]
[2022-09-06T00:03:09,017][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x-2022.09.06/iAW3d0g0SSK33VUWYt7ZVw] update_mapping [_doc]
[2022-09-06T00:03:53,151][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:03:58,125][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:04:14,261][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:04:14,321][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:05:00,275][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x-2022.09.06/iAW3d0g0SSK33VUWYt7ZVw] update_mapping [_doc]
[2022-09-06T00:05:36,495][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x-2022.09.06/iAW3d0g0SSK33VUWYt7ZVw] update_mapping [_doc]
[2022-09-06T00:06:36,574][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:07:16,722][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x-2022.09.06/iAW3d0g0SSK33VUWYt7ZVw] update_mapping [_doc]
[2022-09-06T00:08:07,902][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:09:21,099][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:09:39,148][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:09:53,186][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:09:53,306][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:10:52,400][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:13:25,813][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:13:26,775][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:16:50,381][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:17:57,526][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:17:57,569][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:19:54,852][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:20:55,124][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:35:56,185][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x-2022.09.06/iAW3d0g0SSK33VUWYt7ZVw] update_mapping [_doc]
[2022-09-06T00:36:04,214][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x-2022.09.06/iAW3d0g0SSK33VUWYt7ZVw] update_mapping [_doc]
[2022-09-06T00:36:13,311][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x-2022.09.06/iAW3d0g0SSK33VUWYt7ZVw] update_mapping [_doc]
[2022-09-06T00:39:54,910][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T00:58:44,140][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x-2022.09.06/iAW3d0g0SSK33VUWYt7ZVw] update_mapping [_doc]
[2022-09-06T00:59:14,203][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T01:00:18,390][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T01:09:16,935][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T01:17:16,532][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T01:21:25,751][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T01:30:00,000][INFO ][o.e.x.m.MlDailyMaintenanceService] [elasticsearch] triggering scheduled [ML] maintenance tasks
[2022-09-06T01:30:00,007][INFO ][o.e.x.m.a.TransportDeleteExpiredDataAction] [elasticsearch] Deleting expired data
[2022-09-06T01:30:00,000][INFO ][o.e.x.s.SnapshotRetentionTask] [elasticsearch] starting SLM retention snapshot cleanup task
[2022-09-06T01:30:00,010][INFO ][o.e.x.s.SnapshotRetentionTask] [elasticsearch] there are no repositories to fetch, SLM retention snapshot cleanup task complete
[2022-09-06T01:30:00,016][INFO ][o.e.x.m.j.r.UnusedStatsRemover] [elasticsearch] Successfully deleted [0] unused stats documents
[2022-09-06T01:30:00,018][INFO ][o.e.x.m.a.TransportDeleteExpiredDataAction] [elasticsearch] Completed deletion of expired ML data
[2022-09-06T01:30:00,018][INFO ][o.e.x.m.MlDailyMaintenanceService] [elasticsearch] Successfully completed [ML] maintenance task: triggerDeleteExpiredDataTask
[2022-09-06T01:35:51,428][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x-2022.09.06/iAW3d0g0SSK33VUWYt7ZVw] update_mapping [_doc]
[2022-09-06T01:39:06,703][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T03:17:24,929][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T03:51:03,509][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T04:14:09,165][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T07:16:16,751][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x-2022.09.06/iAW3d0g0SSK33VUWYt7ZVw] update_mapping [_doc]
[2022-09-06T09:18:23,966][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T10:12:06,511][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T10:22:27,092][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T11:58:22,526][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T11:58:22,608][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T12:30:16,567][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x-2022.09.06/iAW3d0g0SSK33VUWYt7ZVw] update_mapping [_doc]
[2022-09-06T12:30:55,587][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T12:31:40,642][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T12:32:27,721][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x--windows-2022.09.06/Jw0Nb8ioRcW7tQcqL03e8Q] update_mapping [_doc]
[2022-09-06T12:32:35,734][INFO ][o.e.c.m.MetadataMappingService] [elasticsearch] [wazuh-alerts-4.x-2022.09.06/iAW3d0g0SSK33VUWYt7ZVw] update_mapping [_doc]
[2022-09-06T12:45:46,722][WARN ][o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [elasticsearch] received plaintext http traffic on an https channel, closing connection Netty4HttpChannel{localAddress=/127.0.0.1:9200, remoteAddress=/127.0.0.1:54270}
Result of Kibana Journal
root@PB-Wazuh:/usr/share/kibana# journalctl -xeu kibana
-- Subject: A stop job for unit kibana.service has begun execution
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
--
-- A stop job for unit kibana.service has begun execution.
--
-- The job identifier is 697.
Aug 30 16:20:52 PB-Wazuh systemd[1]: kibana.service: Succeeded.
-- Subject: Unit succeeded
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
--
-- The unit kibana.service has successfully entered the 'dead' state.
Aug 30 16:20:52 PB-Wazuh systemd[1]: Stopped Kibana.
-- Subject: A stop job for unit kibana.service has finished
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
--
-- A stop job for unit kibana.service has finished.
--
-- The job identifier is 697 and the job result is done.
Aug 30 16:21:40 PB-Wazuh systemd[1]: Started Kibana.
-- Subject: A start job for unit kibana.service has finished successfully
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
--
-- A start job for unit kibana.service has finished successfully.
--
-- The job identifier is 776.
Aug 30 16:35:11 PB-Wazuh systemd[1]: Stopping Kibana...
-- Subject: A stop job for unit kibana.service has begun execution
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
--
-- A stop job for unit kibana.service has begun execution.
--
-- The job identifier is 1012.
Aug 30 16:35:41 PB-Wazuh systemd[1]: kibana.service: Succeeded.
-- Subject: Unit succeeded
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
--
-- The unit kibana.service has successfully entered the 'dead' state.
Aug 30 16:35:41 PB-Wazuh systemd[1]: Stopped Kibana.
-- Subject: A stop job for unit kibana.service has finished
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
--
-- A stop job for unit kibana.service has finished.
--
-- The job identifier is 1012 and the job result is done.
-- Subject: A stop job for unit kibana.service has begun execution
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
--
-- A stop job for unit kibana.service has begun execution.
--
-- The job identifier is 697.
Aug 30 16:20:52 PB-Wazuh systemd[1]: kibana.service: Succeeded.
-- Subject: Unit succeeded
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
--
-- The unit kibana.service has successfully entered the 'dead' state.
Aug 30 16:20:52 PB-Wazuh systemd[1]: Stopped Kibana.
-- Subject: A stop job for unit kibana.service has finished
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
--
-- A stop job for unit kibana.service has finished.
--
-- The job identifier is 697 and the job result is done.
Aug 30 16:21:40 PB-Wazuh systemd[1]: Started Kibana.
-- Subject: A start job for unit kibana.service has finished successfully
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
--
-- A start job for unit kibana.service has finished successfully.
--
-- The job identifier is 776.
Aug 30 16:35:11 PB-Wazuh systemd[1]: Stopping Kibana...
-- Subject: A stop job for unit kibana.service has begun execution
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
--
-- A stop job for unit kibana.service has begun execution.
--
-- The job identifier is 1012.
Aug 30 16:35:41 PB-Wazuh systemd[1]: kibana.service: Succeeded.
-- Subject: Unit succeeded
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
--
-- The unit kibana.service has successfully entered the 'dead' state.
Aug 30 16:35:41 PB-Wazuh systemd[1]: Stopped Kibana.
-- Subject: A stop job for unit kibana.service has finished
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
--
-- A stop job for unit kibana.service has finished.
--
-- The job identifier is 1012 and the job result is done.
Aug 30 16:37:13 PB-Wazuh systemd[1]: Started Kibana.
-- Subject: A start job for unit kibana.service has finished successfully
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
--
-- A start job for unit kibana.service has finished successfully.
--
-- The job identifier is 1091.
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
--
-- A start job for unit kibana.service has finished successfully.
--
-- The job identifier is 1091.
Tom Powers
Sep 7, 2022, 2:17:43 PM9/7/22
to Wazuh mailing list
CHecking back in... any thoughts?
Would upgrading all components to the newest elastic/filebeat/kibana and Wazuih plugin help[?
On Friday, September 2, 2022 at 3:24:44 PM UTC-5 roman...@wazuh.com wrote:
Roman Luna
Sep 27, 2022, 10:16:07 AM9/27/22
to Wazuh mailing list
Hi Thomas,
Sorry for late response. Yes, you should upgrade to our latest version and moreover, check that the resources you are allocating to this server are the recommended or more, depending on the volume of logs you wish to have:
Here in the quick start you will see the recommended:
In the logs that you sent, there isn't seem to be any issues related to the Kibana. Can you share the logs of Kibana if you have them or were you able to find a solution?
Regards.
Reply all
Reply to author
Forward
0 new messages