problem with it hygiene

21 views
Skip to first unread message

Dirceu Goes

unread,
12:24 AM (15 hours ago) 12:24 AM
to Wazuh | Mailing List
Hey everyone, how are you? I'm having a problem with IT hygiene.

I left everything configured and active, but I noticed I have a fixed filter, wazuh.cluster.name: wazuh_cluster, that I couldn't remove. This name, wazuh.cluster.name, isn't in Discover, and that's why I can't see the boards for this item. Has anyone else experienced this?

I also tried creating a new field in the index manager, but it didn't work because I can't remove the filter.

Marc Christian Pernesita Gregorio

unread,
2:56 AM (12 hours ago) 2:56 AM
to Wazuh | Mailing List

Hi Dirceu,

The default filter wazuh.cluster.name: wazuh_cluster is actually built into the Wazuh dashboard plugin. It’s there to make sure events are filtered correctly across modules like IT Hygiene. Because of that, it can’t really be removed from the UI, and removing it may cause some dashboards or visualizations to behave unexpectedly or break.

The Wazuh plugin relies on this filter to properly separate and display events per module. That said, it shouldn’t affect the visibility of the events themselves. If you want to run custom queries, you can use Discover directly since it doesn’t enforce that default filter.

Related links:
https://groups.google.com/g/wazuh/c/HCXoCqIVIcE
https://documentation.wazuh.com/current/user-manual/wazuh-dashboard/queries.html

Hope this helps!

Dirceu Goes

unread,
9:29 AM (6 hours ago) 9:29 AM
to Marc Christian Pernesita Gregorio, Wazuh | Mailing List
root@xxxxx:/var/ossec/queue/db# /var/ossec/bin/wazuh-control info
WAZUH_VERSION="v4.14.1"
WAZUH_REVISION="rc2"
WAZUH_TYPE="server"

--
You received this message because you are subscribed to the Google Groups "Wazuh | Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/wazuh/f0f246c7-1791-44a7-a563-30a8b9efc135n%40googlegroups.com.

Dirceu Goes

unread,
9:29 AM (6 hours ago) 9:29 AM
to Marc Christian Pernesita Gregorio, Wazuh | Mailing List
Hi Marc

I'm doing some tests, for example, creating the database in /var/ossec/queue/db. I can use SQLite3, it shows me the data, but it doesn't appear in IT Hygiene. I'm using a cluster with 2 managers, 2 indexers, and 1 dashboard.

root@xxxxxxxxxx:/var/ossec/queue/db# sqlite3 047.db ".tables"
ciscat_results          sca_scan_info           sys_netiface
fim_entry               scan_info               sys_netproto
metadata                sync_info               sys_osinfo
pm_event                sys_browser_extensions  sys_ports
sca_check               sys_groups              sys_processes
sca_check_compliance    sys_hotfixes            sys_programs
sca_check_rules         sys_hwinfo              sys_services
sca_policy              sys_netaddr             sys_users

root@xxxx:/var/ossec/queue/db# sqlite3 047.db "select * from  sys_osinfo"
0|2025/12/17 13:35:00|WPS007|x86_64|Microsoft Windows 11 Pro|10.0.26200.7462||10|0||26200.7462|windows||10.0.26200.7462||2009|1765978501165327700|25H2|fb9xxxxxxxb8070e5a89579dbf1ff8d0bc9237e5


On Wed, Dec 17, 2025 at 4:56 AM 'Marc Christian Pernesita Gregorio' via Wazuh | Mailing List <wa...@googlegroups.com> wrote:
--
Reply all
Reply to author
Forward
0 new messages