I want to send some filtered logs from open search dashboard to kafka topics. is it possible to do that 1 post - 1 participant Read full topic ..read more

Hello, I have written below code to accept input from keyboard and retrieve data from elasticsearch cluster from elasticsearch import Elasticsearch from datetime import datetime es = Elasticsearch (“https://localhost”, api_key=“ACKRUSGHUSGHEHYFIRHU==”) Index_pattern = “test-*” service_name = input("Enter service name: ") query = { “query”: { “bool”: { “must”: [ { “range”: { “@timestamp”: { “gte”: “now-1h” } } }, { “term”: { “service.name”: ‘service_name’ #here using above declared variable } } ] } } } result = es.search(index=index_pattern, body=query) for hit in result[‘hits’][hits’]: Print(h ..read more

I want kinbana to redirect to login page when session times out! opendistro_security.cookie.ttl: 1800000 opendistro_security.session.ttl: 60000 i have kept these, so after 60 secs kibana’s session should time out and it should redirect to login page but it only happens when I interact with kibana i.e. update or change something or press a button. 1 post - 1 participant Read full topic ..read more

Hy, everyone i hope all of you very well, i have issue during for agent adding time i’m not able to add agent i have installed wazuh through quickstart on my ubuntu virtual machine when i want to add agent to my window desktop i give my ip which i have login also i have installed window installer agent on my window desktop window machine and run the wizard but they are not add on my wazuh machine . and also I had did to try adding agent throgh instruction on wazuh manager in window opption via powershell but still not add agent . 2 posts - 2 participants Read full topic ..read more

My scenario is that I export some index patterns from one instance of OpenSearch and import them into another instance of OpenSearch. This can be for migration or moving from development to production. The new instance may not contain all the data that the previous instance had at the time the index patterns are imported are into it. I am finding that the new instance index patterns do not contain all the fields that were included in the index pattern definition. As the new instance receives data, I have to manually refresh the index patterns to force additional fields to be added. This wouldn ..read more

When I create a line or pie chart, they only use 5 colors. If there are more than 5 data series (more than 5 pie slices), the 5 colors are reused. Is there to get opensearch to use more than 5 colors by default? I am running opensearch 2.11.1 in a container on RHEL 9. 1 post - 1 participant Read full topic ..read more

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser): OpenSearch 2.12 Logstash 8.9.0 Ubuntu 20.04 Firefox Describe the issue: Thing is i am trying to set up a Logstash pipeline with Auditbeat and Filebeat as inputs, and this is my pipelines.yml: Then when i try running it, it shows no error but there are no indices in my Opensearch Dashboard. Im considering using multiple pipelines right now. Can anyone explain to me why i see no index although there are no errors when trying to run that pipelines.yml? And can you show me how to config Logstash to use multiple pipelines? Thanks for y ..read more

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser): OpenSearch 2.12 Logstash 8.9.0 Ubuntu 20.04 Firefox Describe the issue: I have installed and managed to use Opensearch and Opensearch Dashboard, as well as able to use Logstash to input logs to Opensearch Dashboard. But now i want to create a pipeline including Auditbeat, Filebeat to push data to Logstash and then to Opensearch. I have searched for a lot of docs but there are still no docs that have clear guide about that. Can someone suggest me docs or briefly explain to me what i should do? Thanks Gray 2 posts - 2 participants Rea ..read more

I have set up an alert with a webhook to Microsoft Teams. This is working fine so far. However, I want to include relevant information from the log, that triggered the alert, in the message sent to Teams. This information is dynamic and changes with each log, so I cannot insert a static text. Is there any way to include information from the log that triggered the alert in the message? 2 posts - 2 participants Read full topic ..read more

How can we increase log storage duration of domains, For Example lets say I want to keep log storage for 7 days, how can I achieve it 1 post - 1 participant Read full topic ..read more