Cherif
September 24, 2019, 12:13pm
1
Hello Dears,
I have been testing for days but no success with the installation of Wazuh, filebeat-oss, opendistro for elasticsearch and kibana.
All parts are configured but i have this error when i click on the wazuh icon after the wazuh plugin installation.
The selected index-pattern is not present. No template found for the selected index-pattern
Any suggestions would be great, thanks
Hi Cherif,
The only way that we found to make this working is disabling OpenDistro Security. After that, filebeat can create Elasticsearch Index Patterns and Template.
You can review this URLs to do this:https://opendistro.github.io/for-elasticsearch-docs/docs/security-configuration/disable/
I think in future versions this is going to be supported:
opened 02:46PM - 12 Nov 19 UTC
closed 03:17PM - 22 Apr 20 UTC
bug
priority/high
3.13.0
Hi team,
_Opendistro_ has the `tenant` feature that is similar to `spaces` in… the official Elastic version.
When it is enabled, _opendistro_ uses a `.kibana-x-username` index to store the user information. Example:
> .kibana_1
> .kibana_-1666338091_elastic
> .kibana_231986579_wazuhadmin
As you can see, only `.kibana_1` has the _index-pattern config object_.
> curl -k -u xxx_xxx "https://odfe:9200/.kibana_-1666338091_elastic/_search?pretty" | grep '"_id" :'
> "_id" : "config:7.2.0",
> curl -k -u xxx:xxx "https://odfe:9200/.kibana_1/_search?pretty" | grep '"_id" :'
> "_id" : "index-pattern:wazuh-monitoring-3.x-*",
> "_id" : "config:7.2.0",
> "_id" : "index-pattern:wazuh-alerts",
So, if I open the app using the `elastic` user, I see the following error:
If I create the index pattern manually for that user, it works properly. But, this should be performed by the app.
Regards,
