Wazuh 4.4.0 ML-Plugin
435 views
Skip to first unread message
Mihail-Iulian Pleșa
Apr 4, 2023, 8:49:47 AM4/4/23
to Wazuh mailing list
Dear all,
I installed Wazuh 4.4.0 and saw that the ML plugin is already installed (I used the command /bin/opensearch-plugin list). It's something we've been waiting for a long time so thank you!
The problem is that the ML plugin does not appear in Wazuh Dashboard. When I try to enable the ml-commons from opensearch_dashboards.yml file (by adding the config line ml_commons_dashboards.enabled: true) the dashboard service does not start because it does not recognise the config line.
My questions are:
1. Can we have access to ml-commons from the dashboard?
2. If yes, how can we enable the ml-common plugin in the dashboard?
I installed Wazuh 4.4.0 and saw that the ML plugin is already installed (I used the command /bin/opensearch-plugin list). It's something we've been waiting for a long time so thank you!
The problem is that the ML plugin does not appear in Wazuh Dashboard. When I try to enable the ml-commons from opensearch_dashboards.yml file (by adding the config line ml_commons_dashboards.enabled: true) the dashboard service does not start because it does not recognise the config line.
My questions are:
1. Can we have access to ml-commons from the dashboard?
2. If yes, how can we enable the ml-common plugin in the dashboard?
Thank you!
Best regards,
Mihail
Leandro David Sayanes
Apr 4, 2023, 3:44:45 PM4/4/23
to Wazuh mailing list
Hi Mihail-Iulian Pleșa!
Yes, ml-commons can be accessed from the Wazuh Dashboard.
Install the ml-commons dashboards plugin:
- sudo /usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/4.x/ui/kibana/ml-commons-dashboards-1.10.0_7.10.2.zip
Restart the Kibana service
After installing the plugin, you need to restart the Kibana service using the following command:
- sudo systemctl restart wazuh-kibana.service
Once the service has restarted, you should be able to see the ml-commons dashboards plugin in the Wazuh Dashboard.
I hope this help you!
Mihail-Iulian Pleșa
Apr 5, 2023, 2:36:14 AM4/5/23
to Wazuh mailing list
Hi!
I don't have the /usr/share/kibana/bin/kibana-plugin . Should I use open search dashboards with cabana plugin?
Mihail-Iulian Pleșa
Apr 5, 2023, 3:00:15 AM4/5/23
to Wazuh mailing list
It seems that there is no way to get ml-commons plugin in Wazuh dashboards which is pretty sad.
Leandro David Sayanes
Apr 5, 2023, 7:02:10 AM4/5/23
to Mihail-Iulian Pleșa, Wazuh mailing list
Hi! I did some tests about this and here is a link to a document where it explains how to enable it:
At the top of the page there is an important warning that the feature cannot be used in production.
On the other hand, in Wazuh dashboard some plugins are removed.
Here you can see that several plugins are removed for Wazuh dashboard:
The ml-commons plugin does not appear to be one of the ones removed.
Could you tell me why you want to use the ml-commons plugin in OpenSearch Dashboards 2.6.0, as the warning on the documentation page seems a bit strange and maybe that is why it is not included in Wazuh dashboard, or that the base OpenSearch Dashboards distributable that was used to build Wazuh dashboard 4.4.0 does not have it.
I deployed Wazuh dashboard (via the Docker imange of Wazuh dashboard 4.4.0 which is based on OpenSearch Dashboards 2.6.0) and it does not appear that the ml-commons plugin is there.
wazuh-dashboard@wazuh:~$ ls plugins/
alertingDashboards customImportMapDashboards ganttChartDashboards indexManagementDashboards notificationsDashboards reportsDashboards securityDashboards wazuh
If the plugin is not present and a configuration related to the plugin is set in the Wazuh dashboards configuration file (opensearch_dashboards.yml), then it will fail to start.
As far as I saw the ml-commons plugin is not included in Wazuh dashboard.
If you had the ml-commons plugin package, this could perhaps be installed on Wazuh dashboard but I don't know if it is available as standalone, you can also try to build it from the OpenSearch Dashboards:
Could you tell me why you want to use the ml-commons plugin in OpenSearch Dashboards 2.6.0, as the warning on the documentation page seems a bit strange and maybe that is why it is not included in Wazuh dashboard, or that the base OpenSearch Dashboards distributable that was used to build Wazuh dashboard 4.4.0 does not have it.
I deployed Wazuh dashboard (via the Docker imange of Wazuh dashboard 4.4.0 which is based on OpenSearch Dashboards 2.6.0) and it does not appear that the ml-commons plugin is there.
wazuh-dashboard@wazuh:~$ ls plugins/
alertingDashboards customImportMapDashboards ganttChartDashboards indexManagementDashboards notificationsDashboards reportsDashboards securityDashboards wazuh
If the plugin is not present and a configuration related to the plugin is set in the Wazuh dashboards configuration file (opensearch_dashboards.yml), then it will fail to start.
As far as I saw the ml-commons plugin is not included in Wazuh dashboard.
If you had the ml-commons plugin package, this could perhaps be installed on Wazuh dashboard but I don't know if it is available as standalone, you can also try to build it from the OpenSearch Dashboards:
https://github.com/opensearch-project/ml-commons-dashboards/tree/2.6.0.0 plugin source code.
If the package can be built, it could possibly be installed on Wazuh dashboard 4.4.0.
--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/7a116cb0-5170-4f22-9288-49e9b9540ff8n%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages