Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
Wazuh 4.3.10 with opensearch 2.4.1
Describe the issue:
I do change event monitoring in active directory.
If I try to search for events that occurred up to 6 hours ago, it works perfectly, but if more than 6 hours pass from the time of occurrence, no data appears.
I made an example below, the event that just occurred appears normally, but if I filter for 3 days, the log should continue to appear and show more the other events that occurred within 3 days, but it does not show any event…
I don’t know if that would be the problem, but I believe there must be a buffer or cache that limits long searches, if that is the problem, how would you increase this buffer or cache so that the search results appear?
The strange thing is that it only happens in this event, the other events that I monitor, it works correctly, if it puts 90 days… it brings all the data, now this active directory monitoring event doesn’t work…
Configuration:
Grafana v9.3.2
Relevant Logs or Screenshots:
