Any chance to deploy new Wazuh Indexer with the existing?

[sang thanh]

Hi guys,

I have the Wazuh Manager which using version 4.3.7 and all the components just running with single node and in the same server.(Wazuh Manager | Indexer | Dashboard).

So can I install the new Wazuh Indexer in another server and join that in the existing system?

Any suggestion from you guys and the way to doing that or the link for that?

Many thanks.

[Julio Gasco]

Hi,

Thanks for using our community.

You can install Wazuh-indexer on another server. to install it you need to follow the default procedure:

https://documentation.wazuh.com/current/installation-guide/wazuh-indexer/step-by-step.html

Take into account you will need to deploy the certificates for the new server as you did for the actual all in one installation.

Once you have it installed you have to choices you will have to follow the procedure to add a node to the cluster, adding the required configuration to the indexer so it is part of the cluster.

      https://documentation.wazuh.com/current/installation-guide/wazuh-indexer/step-by-step.html#configuring-the-wazuh-indexer

 And then reinitialize the cluster on all nodes

      https://documentation.wazuh.com/current/installation-guide/wazuh-indexer/step-by-step.html#cluster-initialization

After that you will need to add the new wazuh-indexer info into the filebeat configuration like explained in the following link:

https://documentation.wazuh.com/current/installation-guide/wazuh-server/step-by-step.html#configuring-filebeat

And change the dashboard configuration to add the new wazuh-indexer also

https://documentation.wazuh.com/current/installation-guide/wazuh-dashboard/step-by-step.html#configuring-the-wazuh-dashboard

Then you will have the two wazuh-indexer working on the cluster.

If you want to stop using the wazuh-indexer in the all in one deployment, you can remove it from the wazuh-dashboard and wazuh-indexer configurations and then remove it from the cluster.

Let me know if this helps

Regards!

[sang thanh]

Got it,

Thanks alot.

Vào lúc 18:46:05 UTC+7 ngày Thứ Tư, 5 tháng 10, 2022, julio...@wazuh.com đã viết:

[Daniel Chung]

Hi, 

I have similar situation to add 2nd node to form Indexer cluster.

The problem I'm having now is that the initial node and the 2nd node are up but somehow they can't join the cluster. I run command "curl -k -u admin:admin https://<WAZUH_INDEXER_IP>:9200/_cat/nodes?v", each indexer is up and running individually, but they are not connecting each other. Tried telnet from each other on port 9200 without problem so network connection should be fine.

Can you explain a bit detail on how to reinitialize the cluster on all nodes? Actually, I have re-run the initialize command "/usr/share/wazuh-indexer/bin/indexer-security-init.sh" on the 1st node, but somehow it didn't resolve the issue, and most importantly the command had reset the password of admin (I'm not sure if passwords of other accounts have been reset as well) which is the result the guide didn't mention...

Thanks,

Daniel