Cannot import OpenSearch Dashboard's configuration files from dashboard.ndjson

aws-samples / siem-on-amazon-opensearch-service

A solution for collecting, correlating and visualizing multiple types of logs to help investigate security incidents.

MIT No Attribution

558 stars 185 forks source link

Cannot import OpenSearch Dashboard's configuration files from dashboard.ndjson #439

Open uniuuu opened 4 months ago

uniuuu commented 4 months ago

Dear @nakajiak

When trying to import dashboards from saved_objects.zip it returns error Sorry, there was an error The file could not be processed due to error: "", see it on the screenshot Screenshot from 2024-03-13 23-51-55

uniuuu commented 4 months ago

@nakajiak Please note, SIEM on Amazon OpenSearch Service has been deployed via cdk.

nakajiak commented 3 months ago

Hello

Please provide the following information:

Version of SIEM on OpenSearch
Version of Amazon OpenSearch
Result of the following command:
- ls -l dashboard.ndjson
- jq empty < dashboard.ndjson 2>&1 > /dev/null

uniuuu commented 3 months ago

Hi @nakajiak. Thank you for you reply. Please see the details below: Version of SIEM on OpenSearch: commit: 8a0b92e3a64d9879d585d18b4c87cd78b1f83363 (after v2.10.2a) Version of Amazon OpenSearch: from dashboard v 2.9.0 ; Service software version: OpenSearch_2_9_R20230928-P3 (latest) Result of the commands:

nakajiak commented 3 months ago

Hi, thanks for the information. dashboards.json looks like a correct JSON file. Did you import dashboards.json instead of saved_objects.zip? If so, it's not a template issue, it's an OpenSearch Service issue. Please contact AWS Support.

uniuuu commented 3 months ago

Hi @nakajiak To which OpenSearch version that had no issue with the template can we regress? We use Basic Support plan and it doesn't allow to submit technical issue to AWS Support. If to import zip then the error will be different Screenshot from 2024-04-05 00-09-25