WAZUH Overview tab not Showing any data

Sumesh MS

unread,

Aug 27, 2017, 3:29:59 AM8/27/17

to Wazuh mailing list

Hi

I have upgraded Wazuh-manager and wazuh-api to 2.1.0 . After the upgradation the overview TAB does not show any information while the saved dashboards give exact visualizations.

Appreciate any hints on this.

Thanks

Sumesh MS

Capture.JPG

Capture11.JPG

Manuel Albarral

unread,

Aug 27, 2017, 4:44:40 AM8/27/17

to Wazuh mailing list

Hello Sumesh,

Please, go to settings tab:

And then click on refresh button:

It will solve the issue if it is a hostname problem.

If the problem persists, please, go to the console tab in the browser (press F12 and go to console tab). In Chrome it looks like that:

Probably, it will offers more info if there is some error.

Best regards,

Manuel Albarral

Sumesh MS

unread,

Aug 27, 2017, 4:54:36 AM8/27/17

to Manuel Albarral, Wazuh mailing list

Dear Manuel

Refreshing the API configuration shows success alert and shows correct hostname in the connection.

But debugging the page load gives errors:

could not locate the index-pattern-field.

Regards

Sumesh MS

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+unsubscribe@googlegroups.com.
To post to this group, send email to wa...@googlegroups.com.
Visit this group at https://groups.google.com/group/wazuh.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/31abc421-6f78-4bc5-8940-c8bf16019d67%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Manuel Albarral

unread,

Aug 27, 2017, 5:36:20 AM8/27/17

to Wazuh mailing list

It seems to be a mappings problem. Go to Kibana management > Index patterns:

In this view, it is possible that you see some issues. By clicking in refresh button, it is possible to solve some problems:

But, probably it is not your problem. Assuming you can lose your current alerts, execute the following commands in your system (I assume that you have a single host installation):

Go to Kibana management > Index patterns and delete the wazuh-alerts-* index-pattern.

systemctl stop logstash

curl -XDELETE localhost:9200/wazuh-alerts-*

   curl https://raw.githubusercontent.com/wazuh/wazuh-kibana-app/master/server/startup/integration_files/alert_sample.json | curl -XPUT "http://localhost:9200/wazuh-alerts-"`date +%Y.%m.%d`"/wazuh/sample" -H 'Content-Type: application/json' -d @-

Go to Kibana management > Index patterns and "Create Index Pattern"

Populate the Index name with "wazuh-alerts-*" and click on Create:

Don't forget to set it as default index:

Hope this works,

Manuel Albarral

On Sunday, August 27, 2017 at 9:29:59 AM UTC+2, Sumesh MS wrote:

Sumesh MS

unread,

Aug 27, 2017, 6:01:52 AM8/27/17

to Manuel Albarral, Wazuh mailing list

Dear Manuel

Followed your instructions and recreated the index.

Its working fine now.

Thanks very much

Highly appreciate your response.

Regards

Sumesh MS

--

You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+unsubscribe@googlegroups.com.
To post to this group, send email to wa...@googlegroups.com.
Visit this group at https://groups.google.com/group/wazuh.

To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/9e50f7b2-7e31-4178-9c1c-e0eaf8a46c1f%40googlegroups.com.

Sanjay Rajak

unread,

Aug 27, 2017, 9:33:08 AM8/27/17

to Wazuh mailing list

Dear Manuel,

I have installed wazuhapp-2.1.0_5.5.2, my installation in on Debian 9 with ELK (all 5.5.2). Followed the above instructions, but still overview tab is not showing any information.

Best Regards.

Manuel Albarral

unread,

Aug 27, 2017, 11:30:16 AM8/27/17

to Wazuh mailing list

Hello Sanjay,

Do you have data in the Kibana Discover tab? It could be a different issue.

If you don't have data, maybe it is not storing alerts in Elasticsearch.

Also, could you check the browser console output?

Best regards,

Manuel Albarral

Sanjay Rajak

unread,

Aug 28, 2017, 7:37:19 AM8/28/17

to Wazuh mailing list

Dear Manuel,

Kibana Discover tab is not showing any data, i am attaching the console output

Best Regards.

1.png

Manuel Albarral

unread,

Aug 28, 2017, 8:03:37 AM8/28/17

to Wazuh mailing list

Dear Sanjay,

Please, check if the file /var/ossec/logs/alerts/alerts.json is growing. If it does, run the following command:

usermod -a -G ossec logstash

Now, generate a new alert and check if it exists in Kibana.

Best regards,

Manuel

Sanjay Rajak

unread,

Aug 28, 2017, 9:14:16 AM8/28/17

to Wazuh mailing list

Dear Manuel,

After deleting the index when i try to recreate the wazuh-alert index i get error, m attaching the screen shot.

Regards.

Kibana Discover tab is not showing any data, i am attaching the console output

2.png

Manuel Albarral

unread,

Aug 28, 2017, 9:52:54 AM8/28/17

to Wazuh mailing list

Hi Sanjay,

If you deleted the index, you need to insert data before create the new index pattern. Insert the sample alert and re-create the index pattern again.

curl https://raw.githubusercontent.com/wazuh/wazuh-kibana-app/master/server/startup/integration_files/alert_sample.json | curl -XPUT "http://localhost:9200/wazuh-alerts-"`date +%Y.%m.%d`"/wazuh/sample" -H 'Content-Type: application/json' -d @-