Documentation related to the "Wazuh docker deployment upgrade" not updated

[Enaraque]

Description

During https://github.com/wazuh/wazuh/issues/25851, I found that the documentation regarding to keeping custom Docker Compose files was not up to date.

It mentions that to keep the custom Docker Compose files, the only thing that needs to be updated are the paths related to the Wazuh indexer and Wazuh dashboard.

However, if we only change this, the indexer container does not start correctly and keeps restarting continuously:

root@ip-172-31-47-153:/home/ubuntu/wazuh-docker/single-node# docker ps
CONTAINER ID   IMAGE                             COMMAND                  CREATED         STATUS         PORTS                                                                                                                                                           NAMES
c676e28d319f   wazuh/wazuh-dashboard:4.9.1-rc1   "/entrypoint.sh"         2 minutes ago   Up 2 minutes   0.0.0.0:443->443/tcp, :::443->443/tcp                                                                                                                           single-node-wazuh.dashboard-1
0e1d61f7d48a   wazuh/wazuh-indexer:4.9.1-rc1     "/entrypoint.sh open…"   2 minutes ago   Up 5 seconds   0.0.0.0:9200->9200/tcp, :::9200->9200/tcp                                                                                                                       single-node-wazuh.indexer-1
ee3f8e9018b8   wazuh/wazuh-manager:4.9.1-rc1     "/init"                  2 minutes ago   Up 2 minutes   0.0.0.0:1514-1515->1514-1515/tcp, :::1514-1515->1514-1515/tcp, 0.0.0.0:514->514/udp, :::514->514/udp, 0.0.0.0:55000->55000/tcp, :::55000->55000/tcp, 1516/tcp   single-node-wazuh.manager-1

This issue was resolved by changing the line:

environment:
      - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m"

to:

environment:
      - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"

Once this was done, the containers were relaunched, but this time it failed when trying to access the dashboard.

Conclusion

We need to investigate the fix and update the documentation so that when the containers are started, everything works as expected.

[vcerenu]

The upgrade from v4.3.0 to v4.9.0 was tested in wazuh-docker deployment and some modifications were found that need to be made for the stack to run correctly.

1) Modify the Wazuh API user (API_PASSWORD) to wazuh-wui 2) Modify the environment variable "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g" since Wazuh v4.8.0 requires more RAM allocated 3) The config directory in the path /usr/share/wazuh-indexer/ was removed, so if needed, you must modify the paths of the configuration files and keys mounted to the Wazuh indexer container 4) For Wazuh dashboard two volumes are required, which hold the configurations made.

            - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config
            - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom

Check if these paths are not being persistent in your own configuration, and if not, add these volumes to the Wazuh dashboard container

5) Modify the uiSettings.overrides.defaultRoute: /app/wz-home parameter within the opensearch_dashboards.yml file that we mounted in the Wazuh dashboard container

[vcerenu]

The upgrade tests continued, checking all the errors that were generated, modifying the base tag from v4.3.0 to v4.3.11, in which many of the corrections that were needed were already solved. The enhancement/7809-upgrade-steps branch was created in which the changes found that were not within the Docker and Kubernetes upgrade page were added.

[vcerenu]

Tests

v4.3.11 to 4.9.0

Single node:

Deploy Wazuh 4.3.11

$ git checkout v4.3.11
Previous HEAD position was 73018f8 Merge pull request #627 from wazuh/change-dash-repo
HEAD is now at e9c1ab9 Merge pull request #835 from wazuh/modify_changelog
$ cd single-node/
$ docker-compose -f generate-indexer-certs.yml run --rm generator
WARN[0000] single-node/generate-indexer-certs.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion 
[+] Creating 1/1
 ✔ Network single-node_default  Created                                                                                                                                            0.2s 
[+] Running 5/5
 ✔ generator Pulled                                                                                                                                                               16.6s 
   ✔ edaedc954fb5 Pull complete                                                                                                                                                   10.4s 
   ✔ 573f4d11a520 Pull complete                                                                                                                                                   12.8s 
   ✔ 8f200922197d Pull complete                                                                                                                                                   12.9s 
   ✔ 55a86de68c5c Pull complete                                                                                                                                                   13.0s 
The tool to create the certificates exists in the in Packages bucket
04/10/2024 16:21:51 INFO: Admin certificates created.
04/10/2024 16:21:51 INFO: Wazuh indexer certificates created.
04/10/2024 16:21:51 INFO: Wazuh server certificates created.
04/10/2024 16:21:51 INFO: Wazuh dashboard certificates created.
Moving created certificates to the destination directory
Changing certificate permissions
Setting UID indexer and dashboard
Setting UID for wazuh manager and worker
$ docker-compose up -d
WARN[0000] single-node/docker-compose.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion 
[+] Running 42/42
 ✔ wazuh.dashboard Pulled                                                                                                                                                        171.8s 
   ✔ ca1778b69356 Pull complete                                                                                                                                                   16.3s 
   ✔ 7896abcd5fb0 Pull complete                                                                                                                                                   21.3s 
   ✔ 18c07c9c69d1 Pull complete                                                                                                                                                   21.6s 
   ✔ a56c8af26d52 Pull complete                                                                                                                                                   21.9s 
   ✔ 6a09ac175392 Pull complete                                                                                                                                                   22.0s 
   ✔ 03d70a4b2468 Pull complete                                                                                                                                                   22.2s 
   ✔ bb414b59b625 Pull complete                                                                                                                                                   22.6s 
   ✔ 1dd7330b6ec9 Pull complete                                                                                                                                                   22.7s 
   ✔ f27ee0d71ab7 Pull complete                                                                                                                                                   22.9s 
   ✔ c80563a2214f Pull complete                                                                                                                                                  163.2s 
 ✔ wazuh.indexer Pulled                                                                                                                                                          125.8s 
   ✔ 1392fb2be657 Pull complete                                                                                                                                                   44.5s 
   ✔ e1f3e19fcb02 Pull complete                                                                                                                                                   45.1s 
   ✔ df5fcdab7c84 Pull complete                                                                                                                                                   45.6s 
   ✔ 0fb1d60aaa35 Pull complete                                                                                                                                                   45.7s 
   ✔ 525dea4e6659 Pull complete                                                                                                                                                   46.0s 
   ✔ 491d59cd55c8 Pull complete                                                                                                                                                   47.3s 
   ✔ eb2326905fd1 Pull complete                                                                                                                                                   47.4s 
   ✔ 91cafdc0894d Pull complete                                                                                                                                                  116.5s 
   ✔ 82e12723e36a Pull complete                                                                                                                                                  116.6s 
   ✔ 5cf18b39cfbd Pull complete                                                                                                                                                  116.8s 
   ✔ c83d9132fb7e Pull complete                                                                                                                                                  116.9s 
   ✔ 5245ef7a70e8 Pull complete                                                                                                                                                  117.1s 
 ✔ wazuh.manager Pulled                                                                                                                                                          120.8s 
   ✔ 3d015cafc3c6 Pull complete                                                                                                                                                   16.4s 
   ✔ 41bffb284616 Pull complete                                                                                                                                                   28.3s 
   ✔ 103d60740ce7 Pull complete                                                                                                                                                   28.6s 
   ✔ c33126c14953 Pull complete                                                                                                                                                   28.7s 
   ✔ ad5faa77b2eb Pull complete                                                                                                                                                   28.9s 
   ✔ c8afd4d58b61 Pull complete                                                                                                                                                  103.6s 
   ✔ 5028fa12c95d Pull complete                                                                                                                                                  107.7s 
   ✔ 34281fed179e Pull complete                                                                                                                                                  108.4s 
   ✔ 4a382317a599 Pull complete                                                                                                                                                  109.5s 
   ✔ ddfdb9940271 Pull complete                                                                                                                                                  110.1s 
   ✔ 0b0c69857eb7 Pull complete                                                                                                                                                  110.7s 
   ✔ 75339528911b Pull complete                                                                                                                                                  111.0s 
   ✔ a66ac95f1d52 Pull complete                                                                                                                                                  111.1s 
   ✔ 53b8835a8fd7 Pull complete                                                                                                                                                  111.3s 
   ✔ 7012ff94f6eb Pull complete                                                                                                                                                  111.4s 
   ✔ 993f763a9cdf Pull complete                                                                                                                                                  111.5s 
   ✔ cc7fd7e6fd94 Pull complete                                                                                                                                                  112.1s 
[+] Running 15/15
 ✔ Volume "single-node_wazuh_api_configuration"  Created                                                                                                                           0.0s 
 ✔ Volume "single-node_wazuh_etc"                Created                                                                                                                           0.0s 
 ✔ Volume "single-node_wazuh_active_response"    Created                                                                                                                           0.0s 
 ✔ Volume "single-node_wazuh-indexer-data"       Created                                                                                                                           0.0s 
 ✔ Volume "single-node_filebeat_etc"             Created                                                                                                                           0.0s 
 ✔ Volume "single-node_wazuh_agentless"          Created                                                                                                                           0.0s 
 ✔ Volume "single-node_wazuh_wodles"             Created                                                                                                                           0.0s 
 ✔ Volume "single-node_filebeat_var"             Created                                                                                                                           0.0s 
 ✔ Volume "single-node_wazuh_integrations"       Created                                                                                                                           0.0s 
 ✔ Volume "single-node_wazuh_logs"               Created                                                                                                                           0.0s 
 ✔ Volume "single-node_wazuh_queue"              Created                                                                                                                           0.0s 
 ✔ Volume "single-node_wazuh_var_multigroups"    Created                                                                                                                           0.0s 
 ✔ Container single-node-wazuh.manager-1         Started                                                                                                                           3.0s 
 ✔ Container single-node-wazuh.indexer-1         Started                                                                                                                           2.9s 
 ✔ Container single-node-wazuh.dashboard-1       Started                                                                                                                           2.3s 
$ 

Stack deployed and containers logs:

$ docker ps
CONTAINER ID   IMAGE                          COMMAND                  CREATED              STATUS              PORTS                                                                                                                                                           NAMES
062c66833b75   wazuh/wazuh-dashboard:4.3.11   "/entrypoint.sh"         About a minute ago   Up About a minute   443/tcp, 0.0.0.0:443->5601/tcp, [::]:443->5601/tcp                                                                                                              single-node-wazuh.dashboard-1
3330e1587345   wazuh/wazuh-manager:4.3.11     "/init"                  About a minute ago   Up About a minute   0.0.0.0:1514-1515->1514-1515/tcp, :::1514-1515->1514-1515/tcp, 0.0.0.0:514->514/udp, :::514->514/udp, 0.0.0.0:55000->55000/tcp, :::55000->55000/tcp, 1516/tcp   single-node-wazuh.manager-1
1bfc0b5ddfd9   wazuh/wazuh-indexer:4.3.11     "/entrypoint.sh open…"   About a minute ago   Up About a minute   0.0.0.0:9200->9200/tcp, :::9200->9200/tcp                                                                                                                       single-node-wazuh.indexer-1
$ docker logs single-node-wazuh.manager-1
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 0-wazuh-init: executing... 
/var/ossec/data_tmp/permanent/var/ossec/api/configuration/
Installing /var/ossec/api/configuration
/var/ossec/data_tmp/permanent/var/ossec/etc/
Installing /var/ossec/etc
/var/ossec/data_tmp/permanent/var/ossec/logs/
Installing /var/ossec/logs
/var/ossec/data_tmp/permanent/var/ossec/queue/
Installing /var/ossec/queue
/var/ossec/data_tmp/permanent/var/ossec/agentless/
The path /var/ossec/agentless is empty, skiped
/var/ossec/data_tmp/permanent/var/ossec/var/multigroups/
The path /var/ossec/var/multigroups is empty, skiped
/var/ossec/data_tmp/permanent/var/ossec/integrations/
The path /var/ossec/integrations is empty, skiped
/var/ossec/data_tmp/permanent/var/ossec/active-response/bin/
The path /var/ossec/active-response/bin is empty, skiped
/var/ossec/data_tmp/permanent/var/ossec/wodles/
Installing /var/ossec/wodles
/var/ossec/data_tmp/permanent/etc/filebeat/
Installing /etc/filebeat
Updating /var/ossec/etc/internal_options.conf
Updating /var/ossec/integrations/pagerduty
Updating /var/ossec/integrations/slack
Updating /var/ossec/integrations/slack.py
Updating /var/ossec/integrations/virustotal
Updating /var/ossec/integrations/virustotal.py
Updating /var/ossec/active-response/bin/default-firewall-drop
Updating /var/ossec/active-response/bin/disable-account
Updating /var/ossec/active-response/bin/firewalld-drop
Updating /var/ossec/active-response/bin/firewall-drop
Updating /var/ossec/active-response/bin/host-deny
Updating /var/ossec/active-response/bin/ip-customblock
Updating /var/ossec/active-response/bin/ipfw
Updating /var/ossec/active-response/bin/kaspersky.py
Updating /var/ossec/active-response/bin/kaspersky
Updating /var/ossec/active-response/bin/npf
Updating /var/ossec/active-response/bin/wazuh-slack
Updating /var/ossec/active-response/bin/pf
Updating /var/ossec/active-response/bin/restart-wazuh
Updating /var/ossec/active-response/bin/restart.sh
Updating /var/ossec/active-response/bin/route-null
Updating /var/ossec/agentless/sshlogin.exp
Updating /var/ossec/agentless/ssh_pixconfig_diff
Updating /var/ossec/agentless/ssh_asa-fwsmconfig_diff
Updating /var/ossec/agentless/ssh_integrity_check_bsd
Updating /var/ossec/agentless/main.exp
Updating /var/ossec/agentless/su.exp
Updating /var/ossec/agentless/ssh_integrity_check_linux
Updating /var/ossec/agentless/register_host.sh
Updating /var/ossec/agentless/ssh_generic_diff
Updating /var/ossec/agentless/ssh_foundry_diff
Updating /var/ossec/agentless/ssh_nopass.exp
Updating /var/ossec/agentless/ssh.exp
Updating /var/ossec/wodles/utils.py
Updating /var/ossec/wodles/aws/aws-s3
Updating /var/ossec/wodles/aws/aws-s3.py
Updating /var/ossec/wodles/azure/azure-logs
Updating /var/ossec/wodles/azure/azure-logs.py
Updating /var/ossec/wodles/docker/DockerListener
Updating /var/ossec/wodles/docker/DockerListener.py
Updating /var/ossec/wodles/gcloud/gcloud
Updating /var/ossec/wodles/gcloud/gcloud.py
Updating /var/ossec/wodles/gcloud/integration.py
Updating /var/ossec/wodles/gcloud/tools.py
find: '/proc/336/task/336/fd/6': No such file or directory
find: '/proc/336/task/336/fdinfo/6': No such file or directory
find: '/proc/336/fd/5': No such file or directory
find: '/proc/336/fdinfo/5': No such file or directory
find: '/proc/337/task/337/fd/6': No such file or directory
find: '/proc/337/task/337/fdinfo/6': No such file or directory
find: '/proc/337/fd/5': No such file or directory
find: '/proc/337/fdinfo/5': No such file or directory
Identified Wazuh configuration files to mount...
'/wazuh-config-mount/etc/ossec.conf' -> '/var/ossec/etc/ossec.conf'
[cont-init.d] 0-wazuh-init: exited 0.
[cont-init.d] 1-config-filebeat: executing... 
Customize Elasticsearch ouput IP
Configuring username.
Configuring password.
Configuring SSL verification mode.
Configuring Certificate Authorities.
Configuring SSL Certificate.
Configuring SSL Key.
[cont-init.d] 1-config-filebeat: exited 0.
[cont-init.d] 2-manager: executing... 
Starting Wazuh v4.3.11...
Started wazuh-apid...
Started wazuh-csyslogd...
Started wazuh-dbd...
2024/10/04 17:11:25 wazuh-integratord: INFO: Remote integrations not configured. Clean exit.
Started wazuh-integratord...
Started wazuh-agentlessd...
Started wazuh-authd...
Started wazuh-db...
Started wazuh-execd...
Started wazuh-analysisd...
Started wazuh-syscheckd...
Started wazuh-remoted...
Started wazuh-logcollector...
Started wazuh-monitord...
Started wazuh-modulesd...
Completed.
[cont-init.d] 2-manager: exited 0.
[cont-init.d] done.
[services.d] starting services
starting Filebeat
[services.d] done.
2024/10/04 17:11:31 sca: INFO: Loaded policy '/var/ossec/ruleset/sca/cis_ubuntu20-04.yml'
2024/10/04 17:11:31 sca: INFO: Starting Security Configuration Assessment scan.
2024/10/04 17:11:31 wazuh-modulesd:osquery: INFO: Module disabled. Exiting...
2024/10/04 17:11:31 wazuh-modulesd:database: INFO: Module started.
2024/10/04 17:11:31 wazuh-modulesd:syscollector: INFO: Module started.
2024/10/04 17:11:31 wazuh-modulesd:syscollector: INFO: Starting evaluation.
2024/10/04 17:11:31 wazuh-modulesd:control: INFO: Starting control thread.
2024/10/04 17:11:31 wazuh-modulesd:download: INFO: Module started.
2024/10/04 17:11:31 sca: INFO: Starting evaluation of policy: '/var/ossec/ruleset/sca/cis_ubuntu20-04.yml'
2024/10/04 17:11:31 wazuh-modulesd:syscollector: INFO: Evaluation finished.
2024-10-04T17:11:34.516Z    INFO    instance/beat.go:645    Home path: [/usr/share/filebeat] Config path: [/etc/filebeat] Data path: [/var/lib/filebeat] Logs path: [/var/log/filebeat]
2024-10-04T17:11:34.522Z    INFO    instance/beat.go:653    Beat ID: 2ed30e1f-5795-460e-b5de-0e639f165508
2024-10-04T17:11:34.524Z    INFO    [seccomp]   seccomp/seccomp.go:124  Syscall filter successfully installed
2024-10-04T17:11:34.524Z    INFO    [beat]  instance/beat.go:981    Beat info   {"system_info": {"beat": {"path": {"config": "/etc/filebeat", "data": "/var/lib/filebeat", "home": "/usr/share/filebeat", "logs": "/var/log/filebeat"}, "type": "filebeat", "uuid": "2ed30e1f-5795-460e-b5de-0e639f165508"}}}
2024-10-04T17:11:34.524Z    INFO    [beat]  instance/beat.go:990    Build info  {"system_info": {"build": {"commit": "aacf9ecd9c494aa0908f61fbca82c906b16562a8", "libbeat": "7.10.2", "time": "2021-01-12T22:10:33.000Z", "version": "7.10.2"}}}
2024-10-04T17:11:34.524Z    INFO    [beat]  instance/beat.go:993    Go runtime info {"system_info": {"go": {"os":"linux","arch":"amd64","max_procs":4,"version":"go1.14.12"}}}
2024-10-04T17:11:34.525Z    INFO    [beat]  instance/beat.go:997    Host info   {"system_info": {"host": {"architecture":"x86_64","boot_time":"2024-10-03T09:33:58Z","containerized":false,"name":"wazuh.manager","ip":["127.0.0.1/8","::1/128","172.18.0.3/16"],"kernel_version":"6.8.0-45-generic","mac":["02:42:ac:12:00:03"],"os":{"family":"debian","platform":"ubuntu","name":"Ubuntu","version":"20.04.6 LTS (Focal Fossa)","major":20,"minor":4,"patch":6,"codename":"focal"},"timezone":"UTC","timezone_offset_sec":0}}}
2024-10-04T17:11:34.526Z    INFO    [beat]  instance/beat.go:1026   Process info    {"system_info": {"process": {"capabilities": {"inheritable":null,"permitted":["chown","dac_override","fowner","fsetid","kill","setgid","setuid","setpcap","net_bind_service","net_raw","sys_chroot","mknod","audit_write","setfcap"],"effective":["chown","dac_override","fowner","fsetid","kill","setgid","setuid","setpcap","net_bind_service","net_raw","sys_chroot","mknod","audit_write","setfcap"],"bounding":["chown","dac_override","fowner","fsetid","kill","setgid","setuid","setpcap","net_bind_service","net_raw","sys_chroot","mknod","audit_write","setfcap"],"ambient":null}, "cwd": "/run/s6/services/filebeat", "exe": "/usr/share/filebeat/bin/filebeat", "name": "filebeat", "pid": 946, "ppid": 941, "seccomp": {"mode":"filter","no_new_privs":true}, "start_time": "2024-10-04T17:11:33.560Z"}}}
2024-10-04T17:11:34.527Z    INFO    instance/beat.go:299    Setup Beat: filebeat; Version: 7.10.2
2024-10-04T17:11:34.528Z    INFO    eslegclient/connection.go:99    elasticsearch url: https://wazuh.indexer:9200
2024-10-04T17:11:34.528Z    INFO    [publisher] pipeline/module.go:113  Beat name: wazuh.manager
2024-10-04T17:11:34.529Z    INFO    beater/filebeat.go:117  Enabled modules/filesets: wazuh (alerts),  ()
2024-10-04T17:11:34.529Z    INFO    instance/beat.go:455    filebeat start running.
2024-10-04T17:11:34.537Z    INFO    memlog/store.go:119 Loading data file of '/var/lib/filebeat/registry/filebeat' succeeded. Active transaction id=0
2024-10-04T17:11:34.537Z    INFO    memlog/store.go:124 Finished loading transaction log file for '/var/lib/filebeat/registry/filebeat'. Active transaction id=0
2024-10-04T17:11:34.537Z    INFO    [registrar] registrar/registrar.go:109  States Loaded from registrar: 0
2024-10-04T17:11:34.538Z    INFO    [crawler]   beater/crawler.go:71    Loading Inputs: 1
2024-10-04T17:11:34.538Z    INFO    log/input.go:157    Configured paths: [/var/ossec/logs/alerts/alerts.json]
2024-10-04T17:11:34.538Z    INFO    [crawler]   beater/crawler.go:141   Starting input (ID: 9132358592892857476)
2024-10-04T17:11:34.538Z    INFO    [crawler]   beater/crawler.go:108   Loading and starting Inputs completed. Enabled inputs: 1
2024-10-04T17:11:34.539Z    INFO    log/harvester.go:302    Harvester started for file: /var/ossec/logs/alerts/alerts.json
2024/10/04 17:11:38 sca: INFO: Evaluation finished for policy '/var/ossec/ruleset/sca/cis_ubuntu20-04.yml'
2024/10/04 17:11:38 sca: INFO: Security Configuration Assessment scan finished. Duration: 7 seconds.
2024-10-04T17:11:42.548Z    INFO    [publisher_pipeline_output] pipeline/output.go:143  Connecting to backoff(elasticsearch(https://wazuh.indexer:9200))
2024-10-04T17:11:42.548Z    INFO    [publisher] pipeline/retry.go:219   retryer: send unwait signal to consumer
2024-10-04T17:11:42.549Z    INFO    [publisher] pipeline/retry.go:223     done
2024-10-04T17:11:42.994Z    INFO    [esclientleg]   eslegclient/connection.go:314   Attempting to connect to Elasticsearch version 7.10.2
2024-10-04T17:11:43.002Z    INFO    [esclientleg]   eslegclient/connection.go:314   Attempting to connect to Elasticsearch version 7.10.2
2024-10-04T17:11:43.006Z    INFO    template/load.go:183    Existing template will be overwritten, as overwrite is enabled.
2024-10-04T17:11:43.009Z    INFO    template/load.go:117    Try loading template wazuh to Elasticsearch
2024-10-04T17:11:43.176Z    INFO    template/load.go:109    template with name 'wazuh' loaded.
2024-10-04T17:11:43.178Z    INFO    [index-management]  idxmgmt/std.go:298  Loaded index template.
2024-10-04T17:11:43.473Z    INFO    fileset/pipelines.go:143    Elasticsearch pipeline with ID 'filebeat-7.10.2-wazuh-alerts-pipeline' loaded
2024-10-04T17:11:43.475Z    INFO    [publisher_pipeline_output] pipeline/output.go:151  Connection to backoff(elasticsearch(https://wazuh.indexer:9200)) established
2024/10/04 17:11:49 rootcheck: INFO: Ending rootcheck scan.
$ docker logs single-node-wazuh.dashboard-1
Created OpenSearch Dashboards keystore in /usr/share/wazuh-dashboard/config/opensearch_dashboards.keystore
Wazuh APP already configured
{"type":"log","@timestamp":"2024-10-04T17:11:20Z","tags":["info","plugins-service"],"pid":39,"message":"Plugin \"visTypeXy\" is disabled."}
{"type":"log","@timestamp":"2024-10-04T17:11:20Z","tags":["info","plugins-system"],"pid":39,"message":"Setting up [42] plugins: [alertingDashboards,usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,home,console,apmOss,management,indexPatternManagement,advancedSettings,savedObjects,securityDashboards,reportsDashboards,indexManagementDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,timeline,visTypeTable,visTypeMarkdown,tileMap,regionMap,inputControlVis,ganttChartDashboards,visualize,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,wazuh,savedObjectsManagement,bfetch]"}
{"type":"log","@timestamp":"2024-10-04T17:11:21Z","tags":["info","savedobjects-service"],"pid":39,"message":"Waiting until all OpenSearch nodes are compatible with OpenSearch Dashboards before starting saved objects migrations..."}
{"type":"log","@timestamp":"2024-10-04T17:11:21Z","tags":["error","opensearch","data"],"pid":39,"message":"[ConnectionError]: connect ECONNREFUSED 172.18.0.2:9200"}
{"type":"log","@timestamp":"2024-10-04T17:11:21Z","tags":["error","savedobjects-service"],"pid":39,"message":"Unable to retrieve version information from OpenSearch nodes."}
{"type":"log","@timestamp":"2024-10-04T17:11:23Z","tags":["error","opensearch","data"],"pid":39,"message":"[ConnectionError]: connect ECONNREFUSED 172.18.0.2:9200"}
{"type":"log","@timestamp":"2024-10-04T17:11:26Z","tags":["error","opensearch","data"],"pid":39,"message":"[ConnectionError]: connect ECONNREFUSED 172.18.0.2:9200"}
{"type":"log","@timestamp":"2024-10-04T17:11:28Z","tags":["error","opensearch","data"],"pid":39,"message":"[ConnectionError]: connect ECONNREFUSED 172.18.0.2:9200"}
{"type":"log","@timestamp":"2024-10-04T17:11:31Z","tags":["error","opensearch","data"],"pid":39,"message":"[ResponseError]: Response Error"}
{"type":"log","@timestamp":"2024-10-04T17:11:34Z","tags":["info","savedobjects-service"],"pid":39,"message":"Starting saved objects migrations"}
{"type":"log","@timestamp":"2024-10-04T17:11:34Z","tags":["info","savedobjects-service"],"pid":39,"message":"Creating index .kibana_1."}
{"type":"log","@timestamp":"2024-10-04T17:11:34Z","tags":["info","savedobjects-service"],"pid":39,"message":"Pointing alias .kibana to .kibana_1."}
{"type":"log","@timestamp":"2024-10-04T17:11:34Z","tags":["info","savedobjects-service"],"pid":39,"message":"Finished in 462ms."}
{"type":"log","@timestamp":"2024-10-04T17:11:34Z","tags":["info","plugins-system"],"pid":39,"message":"Starting [42] plugins: [alertingDashboards,usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,home,console,apmOss,management,indexPatternManagement,advancedSettings,savedObjects,securityDashboards,reportsDashboards,indexManagementDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,timeline,visTypeTable,visTypeMarkdown,tileMap,regionMap,inputControlVis,ganttChartDashboards,visualize,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,wazuh,savedObjectsManagement,bfetch]"}
{"type":"log","@timestamp":"2024-10-04T17:11:34Z","tags":["error","opensearch","data"],"pid":39,"message":"[ResponseError]: Response Error"}
{"type":"log","@timestamp":"2024-10-04T17:11:34Z","tags":["error","opensearch","data"],"pid":39,"message":"[ResponseError]: Response Error"}
{"type":"log","@timestamp":"2024-10-04T17:11:34Z","tags":["listening","info"],"pid":39,"message":"Server running at https://0.0.0.0:5601"}
{"type":"log","@timestamp":"2024-10-04T17:11:35Z","tags":["info","http","server","OpenSearchDashboards"],"pid":39,"message":"http server running at https://0.0.0.0:5601"}
{"type":"error","@timestamp":"2024-10-04T17:11:56Z","tags":["connection","client","error"],"pid":39,"level":"error","error":{"message":"138652791342912:error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1544:SSL alert number 48\n","name":"Error","stack":"Error: 138652791342912:error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1544:SSL alert number 48\n"},"message":"138652791342912:error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1544:SSL alert number 48\n"}
{"type":"error","@timestamp":"2024-10-04T17:11:56Z","tags":["connection","client","error"],"pid":39,"level":"error","error":{"message":"138652791342912:error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1544:SSL alert number 48\n","name":"Error","stack":"Error: 138652791342912:error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1544:SSL alert number 48\n"},"message":"138652791342912:error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1544:SSL alert number 48\n"}
{"type":"response","@timestamp":"2024-10-04T17:11:59Z","tags":[],"pid":39,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/png,image/svg+xml,*/*;q=0.8","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","upgrade-insecure-requests":"1","sec-fetch-dest":"document","sec-fetch-mode":"navigate","sec-fetch-site":"none","sec-fetch-user":"?1","priority":"u=0, i"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0"},"res":{"statusCode":302,"responseTime":1106,"contentLength":9},"message":"GET / 302 1106ms - 9.0B"}
{"type":"log","@timestamp":"2024-10-04T17:12:01Z","tags":["info","branding"],"pid":39,"message":"logo default config is not found or invalid."}
{"type":"log","@timestamp":"2024-10-04T17:12:01Z","tags":["info","branding"],"pid":39,"message":"mark default config is not found or invalid."}
{"type":"log","@timestamp":"2024-10-04T17:12:01Z","tags":["info","branding"],"pid":39,"message":"loadingLogo default config is not found or invalid."}
{"type":"log","@timestamp":"2024-10-04T17:12:01Z","tags":["info","branding"],"pid":39,"message":"favicon config is not found or invalid."}
{"type":"response","@timestamp":"2024-10-04T17:12:00Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/app/wazuh","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/png,image/svg+xml,*/*;q=0.8","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","upgrade-insecure-requests":"1","sec-fetch-dest":"document","sec-fetch-mode":"navigate","sec-fetch-site":"none","sec-fetch-user":"?1","priority":"u=0, i"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0"},"res":{"statusCode":200,"responseTime":105,"contentLength":9},"message":"GET /app/wazuh 200 105ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:01Z","tags":["api"],"pid":39,"method":"get","statusCode":200,"req":{"url":"/bootstrap.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin","if-none-match":"\"80cd8cd1b1f369f9a90517b764d512f7fd21d7f2-gzip\""},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":127,"contentLength":9},"message":"GET /bootstrap.js 200 127ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:01Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/ui/favicons/apple-touch-icon.png","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"image","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin","priority":"u=6"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":14,"contentLength":9},"message":"GET /ui/favicons/apple-touch-icon.png 200 14ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:01Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/ui/favicons/favicon-16x16.png","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"image","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin","priority":"u=6"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":25,"contentLength":9},"message":"GET /ui/favicons/favicon-16x16.png 200 25ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:02Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/translations/en.json","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wazuh","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":4,"contentLength":9},"message":"GET /translations/en.json 200 4ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:02Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/node_modules/@osd/ui-framework/dist/kui_light.css","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"text/css,*/*;q=0.1","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"style","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin","priority":"u=2"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":45,"contentLength":9},"message":"GET /node_modules/@osd/ui-framework/dist/kui_light.css 200 45ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:02Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/ui/legacy_light_theme.css","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"text/css,*/*;q=0.1","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"style","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin","priority":"u=2"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":49,"contentLength":9},"message":"GET /ui/legacy_light_theme.css 200 49ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:02Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/api/v1/restapiinfo","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wazuh","content-type":"application/json","osd-version":"1.2.0","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":68,"contentLength":9},"message":"GET /api/v1/restapiinfo 200 68ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:02Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/ui/fonts/inter_ui/Inter-UI-Regular.woff2","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8","accept-language":"en-US,en;q=0.5","accept-encoding":"identity","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"font","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":35,"contentLength":9},"message":"GET /ui/fonts/inter_ui/Inter-UI-Regular.woff2 200 35ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:02Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/api/v1/configuration/account","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wazuh","content-type":"application/json","osd-version":"1.2.0","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":27,"contentLength":9},"message":"GET /api/v1/configuration/account 200 27ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:03Z","tags":[],"pid":39,"method":"post","statusCode":200,"req":{"url":"/api/core/capabilities","method":"post","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wazuh","content-type":"application/json","osd-version":"1.2.0","content-length":"322","origin":"https://0.0.0.0","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":11,"contentLength":9},"message":"POST /api/core/capabilities 200 11ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:03Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/api/v1/configuration/account","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wazuh","content-type":"application/json","osd-version":"1.2.0","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":19,"contentLength":9},"message":"GET /api/v1/configuration/account 200 19ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:03Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/1/bundles/plugin/wazuh/wazuh.chunk.31.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":7,"contentLength":9},"message":"GET /1/bundles/plugin/wazuh/wazuh.chunk.31.js 200 7ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:03Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/ui/default_branding/opensearch_logo.svg","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"image","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin","priority":"u=5, i"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":8,"contentLength":9},"message":"GET /ui/default_branding/opensearch_logo.svg 200 8ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:03Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/ui/fonts/inter_ui/Inter-UI-Medium.woff2","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8","accept-language":"en-US,en;q=0.5","accept-encoding":"identity","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"font","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":7,"contentLength":9},"message":"GET /ui/fonts/inter_ui/Inter-UI-Medium.woff2 200 7ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:03Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/1/bundles/plugin/wazuh/wazuh.chunk.5.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":5,"contentLength":9},"message":"GET /1/bundles/plugin/wazuh/wazuh.chunk.5.js 200 5ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:03Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/api/check-wazuh","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","osd-xsrf":"kibana","content-type":"application/json","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":60,"contentLength":9},"message":"GET /api/check-wazuh 200 60ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:04Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/1/bundles/plugin/wazuh/wazuh.chunk.6.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":5,"contentLength":9},"message":"GET /1/bundles/plugin/wazuh/wazuh.chunk.6.js 200 5ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:05Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/elastic/security/current-platform","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","osd-xsrf":"kibana","content-type":"application/json","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":5,"contentLength":9},"message":"GET /elastic/security/current-platform 200 5ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:05Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/plugins/wazuh/assets/images/themes/light/logo.svg","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"image","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin","priority":"u=4, i"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":5,"contentLength":9},"message":"GET /plugins/wazuh/assets/images/themes/light/logo.svg 200 5ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:05Z","tags":[],"pid":39,"method":"post","statusCode":200,"req":{"url":"/api/saved_objects/_bulk_get","method":"post","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wazuh","content-type":"application/json","osd-version":"1.2.0","content-length":"48","origin":"https://0.0.0.0","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":32,"contentLength":9},"message":"POST /api/saved_objects/_bulk_get 200 32ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:05Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/api/saved_objects/_find?fields=title&per_page=10000&type=index-pattern","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wazuh","content-type":"application/json","osd-version":"1.2.0","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":83,"contentLength":9},"message":"GET /api/saved_objects/_find?fields=title&per_page=10000&type=index-pattern 200 83ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:06Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/api/setup","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","osd-xsrf":"kibana","id":"1513629884013","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":23,"contentLength":9},"message":"GET /api/setup 200 23ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:06Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/utils/configuration","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","osd-xsrf":"kibana","id":"1513629884013","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":25,"contentLength":9},"message":"GET /utils/configuration 200 25ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:06Z","tags":[],"pid":39,"method":"post","statusCode":200,"req":{"url":"/api/saved_objects/_bulk_get","method":"post","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wazuh","content-type":"application/json","osd-version":"1.2.0","content-length":"48","origin":"https://0.0.0.0","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":103,"contentLength":9},"message":"POST /api/saved_objects/_bulk_get 200 103ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:06Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/hosts/apis","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","osd-xsrf":"kibana","id":"1513629884013","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":58,"contentLength":9},"message":"GET /hosts/apis 200 58ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:06Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/hosts/apis","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","osd-xsrf":"kibana","id":"1513629884013","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":59,"contentLength":9},"message":"GET /hosts/apis 200 59ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:06Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/hosts/apis","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","osd-xsrf":"kibana","id":"1513629884013","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":53,"contentLength":9},"message":"GET /hosts/apis 200 53ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:06Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/hosts/apis","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","osd-xsrf":"kibana","id":"1513629884013","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":50,"contentLength":9},"message":"GET /hosts/apis 200 50ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:06Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/hosts/apis","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","osd-xsrf":"kibana","id":"1513629884013","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":50,"contentLength":9},"message":"GET /hosts/apis 200 50ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:06Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/utils/configuration","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","osd-xsrf":"kibana","id":"1513629884013","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":50,"contentLength":9},"message":"GET /utils/configuration 200 50ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:06Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/api/saved_objects/_find?type=index-pattern&fields=title&fields=fields&per_page=9999","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","osd-xsrf":"kibana","id":"1513629884013","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":72,"contentLength":9},"message":"GET /api/saved_objects/_find?type=index-pattern&fields=title&fields=fields&per_page=9999 200 72ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:06Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/api/saved_objects/_find?fields=title&per_page=10000&type=index-pattern","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wazuh","content-type":"application/json","osd-version":"1.2.0","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":58,"contentLength":9},"message":"GET /api/saved_objects/_find?fields=title&per_page=10000&type=index-pattern 200 58ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:06Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/hosts/apis","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","osd-xsrf":"kibana","id":"1513629884013","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":38,"contentLength":9},"message":"GET /hosts/apis 200 38ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:06Z","tags":[],"pid":39,"method":"post","statusCode":200,"req":{"url":"/api/saved_objects/_bulk_get","method":"post","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wazuh","content-type":"application/json","osd-version":"1.2.0","content-length":"48","origin":"https://0.0.0.0","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":152,"contentLength":9},"message":"POST /api/saved_objects/_bulk_get 200 152ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:06Z","tags":[],"pid":39,"method":"post","statusCode":200,"req":{"url":"/api/saved_objects/_bulk_get","method":"post","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wazuh","content-type":"application/json","osd-version":"1.2.0","content-length":"48","origin":"https://0.0.0.0","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":121,"contentLength":9},"message":"POST /api/saved_objects/_bulk_get 200 121ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:06Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/utils/configuration","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","osd-xsrf":"kibana","id":"1513629884013","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":6,"contentLength":9},"message":"GET /utils/configuration 200 6ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:06Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/hosts/apis","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","osd-xsrf":"kibana","id":"1513629884013","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":33,"contentLength":9},"message":"GET /hosts/apis 200 33ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:06Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/hosts/apis","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","osd-xsrf":"kibana","id":"1513629884013","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":25,"contentLength":9},"message":"GET /hosts/apis 200 25ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:06Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/hosts/apis","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","osd-xsrf":"kibana","id":"1513629884013","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":14,"contentLength":9},"message":"GET /hosts/apis 200 14ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:06Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/ui/fonts/inter_ui/Inter-UI-SemiBold.woff2","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8","accept-language":"en-US,en;q=0.5","accept-encoding":"identity","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"font","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":56,"contentLength":9},"message":"GET /ui/fonts/inter_ui/Inter-UI-SemiBold.woff2 200 56ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:06Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/ui/fonts/roboto_mono/RobotoMono-Regular.ttf","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8","accept-language":"en-US,en;q=0.5","accept-encoding":"identity","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"font","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":19,"contentLength":9},"message":"GET /ui/fonts/roboto_mono/RobotoMono-Regular.ttf 200 19ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:06Z","tags":[],"pid":39,"method":"post","statusCode":200,"req":{"url":"/api/saved_objects/_bulk_get","method":"post","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wazuh","content-type":"application/json","osd-version":"1.2.0","content-length":"48","origin":"https://0.0.0.0","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":50,"contentLength":9},"message":"POST /api/saved_objects/_bulk_get 200 50ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:06Z","tags":[],"pid":39,"method":"get","statusCode":404,"req":{"url":"/api/saved_objects/index-pattern/wazuh-alerts-*?fields=title&fields=fields","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","osd-xsrf":"kibana","id":"1513629884013","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":404,"responseTime":52,"contentLength":9},"message":"GET /api/saved_objects/index-pattern/wazuh-alerts-*?fields=title&fields=fields 404 52ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:06Z","tags":[],"pid":39,"method":"get","statusCode":404,"req":{"url":"/api/saved_objects/index-pattern/wazuh-monitoring-*?fields=title&fields=fields","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","osd-xsrf":"kibana","id":"1513629884013","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":404,"responseTime":62,"contentLength":9},"message":"GET /api/saved_objects/index-pattern/wazuh-monitoring-*?fields=title&fields=fields 404 62ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:06Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/api/extensions/1513629884013","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","osd-xsrf":"kibana","id":"1513629884013","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":9,"contentLength":9},"message":"GET /api/extensions/1513629884013 200 9ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:06Z","tags":[],"pid":39,"method":"get","statusCode":404,"req":{"url":"/api/saved_objects/index-pattern/wazuh-statistics-*?fields=title&fields=fields","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","osd-xsrf":"kibana","id":"1513629884013","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":404,"responseTime":53,"contentLength":9},"message":"GET /api/saved_objects/index-pattern/wazuh-statistics-*?fields=title&fields=fields 404 53ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:06Z","tags":[],"pid":39,"method":"post","statusCode":200,"req":{"url":"/api/opensearch-dashboards/settings","method":"post","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wazuh","content-type":"application/json","osd-version":"1.2.0","content-length":"43","origin":"https://0.0.0.0","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":476,"contentLength":9},"message":"POST /api/opensearch-dashboards/settings 200 476ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:06Z","tags":[],"pid":39,"method":"post","statusCode":200,"req":{"url":"/api/login","method":"post","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","content-type":"application/json","osd-xsrf":"kibana","content-length":"40","origin":"https://0.0.0.0","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":1926,"contentLength":9},"message":"POST /api/login 200 1926ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:08Z","tags":[],"pid":39,"method":"post","statusCode":200,"req":{"url":"/api/saved_objects/_bulk_get","method":"post","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wazuh","content-type":"application/json","osd-version":"1.2.0","content-length":"48","origin":"https://0.0.0.0","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":76,"contentLength":9},"message":"POST /api/saved_objects/_bulk_get 200 76ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:08Z","tags":[],"pid":39,"method":"post","statusCode":200,"req":{"url":"/api/request","method":"post","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","content-type":"application/json","osd-xsrf":"kibana","content-length":"108","origin":"https://0.0.0.0","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":1449,"contentLength":9},"message":"POST /api/request 200 1449ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:09Z","tags":[],"pid":39,"method":"post","statusCode":200,"req":{"url":"/api/extensions","method":"post","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","content-type":"application/json","osd-xsrf":"kibana","id":"1513629884013","content-length":"242","origin":"https://0.0.0.0","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":6,"contentLength":9},"message":"POST /api/extensions 200 6ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:06Z","tags":[],"pid":39,"method":"post","statusCode":200,"req":{"url":"/api/check-stored-api","method":"post","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","content-type":"application/json","osd-xsrf":"kibana","content-length":"22","origin":"https://0.0.0.0","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":3211,"contentLength":9},"message":"POST /api/check-stored-api 200 3211ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:06Z","tags":[],"pid":39,"method":"post","statusCode":200,"req":{"url":"/api/check-stored-api","method":"post","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","content-type":"application/json","osd-xsrf":"kibana","content-length":"22","origin":"https://0.0.0.0","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":3487,"contentLength":9},"message":"POST /api/check-stored-api 200 3487ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:06Z","tags":[],"pid":39,"method":"post","statusCode":200,"req":{"url":"/api/check-stored-api","method":"post","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","content-type":"application/json","osd-xsrf":"kibana","content-length":"22","origin":"https://0.0.0.0","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":3249,"contentLength":9},"message":"POST /api/check-stored-api 200 3249ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:06Z","tags":[],"pid":39,"method":"post","statusCode":200,"req":{"url":"/api/check-stored-api","method":"post","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","content-type":"application/json","osd-xsrf":"kibana","content-length":"22","origin":"https://0.0.0.0","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":3854,"contentLength":9},"message":"POST /api/check-stored-api 200 3854ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:07Z","tags":[],"pid":39,"method":"post","statusCode":200,"req":{"url":"/api/check-stored-api","method":"post","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","content-type":"application/json","osd-xsrf":"kibana","content-length":"22","origin":"https://0.0.0.0","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":3033,"contentLength":9},"message":"POST /api/check-stored-api 200 3033ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:09Z","tags":[],"pid":39,"method":"post","statusCode":200,"req":{"url":"/api/opensearch-dashboards/settings","method":"post","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wazuh","content-type":"application/json","osd-version":"1.2.0","content-length":"113","origin":"https://0.0.0.0","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":737,"contentLength":9},"message":"POST /api/opensearch-dashboards/settings 200 737ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:10Z","tags":[],"pid":39,"method":"post","statusCode":200,"req":{"url":"/api/saved_objects/_bulk_get","method":"post","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wazuh","content-type":"application/json","osd-version":"1.2.0","content-length":"48","origin":"https://0.0.0.0","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":116,"contentLength":9},"message":"POST /api/saved_objects/_bulk_get 200 116ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:10Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/api/saved_objects/_find?type=index-pattern&fields=title&fields=fields&per_page=9999","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","osd-xsrf":"kibana","id":"1513629884013","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":60,"contentLength":9},"message":"GET /api/saved_objects/_find?type=index-pattern&fields=title&fields=fields&per_page=9999 200 60ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:10Z","tags":[],"pid":39,"method":"get","statusCode":404,"req":{"url":"/api/index_patterns/_fields_for_wildcard?pattern=wazuh-statistics-%2A&meta_fields=_source&meta_fields=_id&meta_fields=_type&meta_fields=_index&meta_fields=_score","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","osd-xsrf":"kibana","id":"1513629884013","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":404,"responseTime":87,"contentLength":9},"message":"GET /api/index_patterns/_fields_for_wildcard?pattern=wazuh-statistics-%2A&meta_fields=_source&meta_fields=_id&meta_fields=_type&meta_fields=_index&meta_fields=_score 404 87ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:10Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/api/index_patterns/_fields_for_wildcard?pattern=wazuh-monitoring-%2A&meta_fields=_source&meta_fields=_id&meta_fields=_type&meta_fields=_index&meta_fields=_score","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","osd-xsrf":"kibana","id":"1513629884013","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":125,"contentLength":9},"message":"GET /api/index_patterns/_fields_for_wildcard?pattern=wazuh-monitoring-%2A&meta_fields=_source&meta_fields=_id&meta_fields=_type&meta_fields=_index&meta_fields=_score 200 125ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:11Z","tags":[],"pid":39,"method":"post","statusCode":200,"req":{"url":"/api/saved_objects/_bulk_get","method":"post","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wazuh","content-type":"application/json","osd-version":"1.2.0","content-length":"48","origin":"https://0.0.0.0","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":40,"contentLength":9},"message":"POST /api/saved_objects/_bulk_get 200 40ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:11Z","tags":[],"pid":39,"method":"get","statusCode":404,"req":{"url":"/api/saved_objects/index-pattern/wazuh-alerts-*?fields=title&fields=fields","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","osd-xsrf":"kibana","id":"1513629884013","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":404,"responseTime":31,"contentLength":9},"message":"GET /api/saved_objects/index-pattern/wazuh-alerts-*?fields=title&fields=fields 404 31ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:11Z","tags":[],"pid":39,"method":"post","statusCode":200,"req":{"url":"/api/saved_objects/index-pattern/wazuh-monitoring-*","method":"post","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","content-type":"application/json","osd-xsrf":"kibana","id":"1513629884013","content-length":"73","origin":"https://0.0.0.0","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":1004,"contentLength":9},"message":"POST /api/saved_objects/index-pattern/wazuh-monitoring-* 200 1004ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:10Z","tags":[],"pid":39,"method":"post","statusCode":200,"req":{"url":"/api/request","method":"post","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","content-type":"application/json","osd-xsrf":"kibana","content-length":"58","origin":"https://0.0.0.0","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":2474,"contentLength":9},"message":"POST /api/request 200 2474ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:12Z","tags":[],"pid":39,"method":"post","statusCode":200,"req":{"url":"/api/saved_objects/_bulk_get","method":"post","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wazuh","content-type":"application/json","osd-version":"1.2.0","content-length":"48","origin":"https://0.0.0.0","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":72,"contentLength":9},"message":"POST /api/saved_objects/_bulk_get 200 72ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:12Z","tags":[],"pid":39,"method":"post","statusCode":200,"req":{"url":"/api/saved_objects/_bulk_get","method":"post","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wazuh","content-type":"application/json","osd-version":"1.2.0","content-length":"48","origin":"https://0.0.0.0","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":64,"contentLength":9},"message":"POST /api/saved_objects/_bulk_get 200 64ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:12Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/api/setup","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","osd-xsrf":"kibana","id":"1513629884013","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":31,"contentLength":9},"message":"GET /api/setup 200 31ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:12Z","tags":[],"pid":39,"method":"put","statusCode":200,"req":{"url":"/api/saved_objects/index-pattern/wazuh-monitoring-*","method":"put","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","content-type":"application/json","osd-xsrf":"kibana","id":"1513629884013","content-length":"1696","origin":"https://0.0.0.0","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":666,"contentLength":9},"message":"PUT /api/saved_objects/index-pattern/wazuh-monitoring-* 200 666ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:13Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/api/saved_objects/_find?fields=title&per_page=10000&type=index-pattern","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wazuh","content-type":"application/json","osd-version":"1.2.0","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":39,"contentLength":9},"message":"GET /api/saved_objects/_find?fields=title&per_page=10000&type=index-pattern 200 39ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:10Z","tags":[],"pid":39,"method":"post","statusCode":200,"req":{"url":"/api/check-stored-api","method":"post","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","content-type":"application/json","osd-xsrf":"kibana","content-length":"22","origin":"https://0.0.0.0","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":3694,"contentLength":9},"message":"POST /api/check-stored-api 200 3694ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:11Z","tags":[],"pid":39,"method":"post","statusCode":200,"req":{"url":"/api/check-stored-api","method":"post","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","content-type":"application/json","osd-xsrf":"kibana","content-length":"22","origin":"https://0.0.0.0","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":3042,"contentLength":9},"message":"POST /api/check-stored-api 200 3042ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:14Z","tags":[],"pid":39,"method":"post","statusCode":200,"req":{"url":"/api/saved_objects/_bulk_get","method":"post","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wazuh","content-type":"application/json","osd-version":"1.2.0","content-length":"48","origin":"https://0.0.0.0","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":74,"contentLength":9},"message":"POST /api/saved_objects/_bulk_get 200 74ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:14Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/api/index_patterns/_fields_for_wildcard?pattern=wazuh-alerts-%2A&meta_fields=_source&meta_fields=_id&meta_fields=_type&meta_fields=_index&meta_fields=_score","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","osd-xsrf":"kibana","id":"1513629884013","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":97,"contentLength":9},"message":"GET /api/index_patterns/_fields_for_wildcard?pattern=wazuh-alerts-%2A&meta_fields=_source&meta_fields=_id&meta_fields=_type&meta_fields=_index&meta_fields=_score 200 97ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:14Z","tags":[],"pid":39,"method":"post","statusCode":200,"req":{"url":"/api/saved_objects/_bulk_get","method":"post","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wazuh","content-type":"application/json","osd-version":"1.2.0","content-length":"48","origin":"https://0.0.0.0","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":55,"contentLength":9},"message":"POST /api/saved_objects/_bulk_get 200 55ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:14Z","tags":[],"pid":39,"method":"post","statusCode":200,"req":{"url":"/api/saved_objects/index-pattern/wazuh-statistics-*","method":"post","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","content-type":"application/json","osd-xsrf":"kibana","id":"1513629884013","content-length":"73","origin":"https://0.0.0.0","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":926,"contentLength":9},"message":"POST /api/saved_objects/index-pattern/wazuh-statistics-* 200 926ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:14Z","tags":[],"pid":39,"method":"post","statusCode":200,"req":{"url":"/api/saved_objects/index-pattern/wazuh-alerts-*","method":"post","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","content-type":"application/json","osd-xsrf":"kibana","id":"1513629884013","content-length":"340","origin":"https://0.0.0.0","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":550,"contentLength":9},"message":"POST /api/saved_objects/index-pattern/wazuh-alerts-* 200 550ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:15Z","tags":[],"pid":39,"method":"post","statusCode":200,"req":{"url":"/api/saved_objects/_bulk_get","method":"post","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wazuh","content-type":"application/json","osd-version":"1.2.0","content-length":"48","origin":"https://0.0.0.0","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":64,"contentLength":9},"message":"POST /api/saved_objects/_bulk_get 200 64ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:15Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/api/index_patterns/_fields_for_wildcard?pattern=wazuh-alerts-%2A&meta_fields=_source&meta_fields=_index","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wazuh","content-type":"application/json","osd-version":"1.2.0","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":111,"contentLength":9},"message":"GET /api/index_patterns/_fields_for_wildcard?pattern=wazuh-alerts-%2A&meta_fields=_source&meta_fields=_index 200 111ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:15Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/api/index_patterns/_fields_for_wildcard?pattern=wazuh-alerts-%2A&meta_fields=_source&meta_fields=_index","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wazuh","content-type":"application/json","osd-version":"1.2.0","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":139,"contentLength":9},"message":"GET /api/index_patterns/_fields_for_wildcard?pattern=wazuh-alerts-%2A&meta_fields=_source&meta_fields=_index 200 139ms - 9.0B"}
{"type":"log","@timestamp":"2024-10-04T17:12:16Z","tags":["error","opensearch","data"],"pid":39,"message":"[version_conflict_engine_exception]: [index-pattern:wazuh-alerts-*]: version conflict, required seqNo [6], primary term [1]. current document has seqNo [7] and primary term [1]"}
{"type":"response","@timestamp":"2024-10-04T17:12:16Z","tags":[],"pid":39,"method":"put","statusCode":409,"req":{"url":"/api/saved_objects/index-pattern/wazuh-alerts-*","method":"put","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wazuh","content-type":"application/json","osd-version":"1.2.0","content-length":"80473","origin":"https://0.0.0.0","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":409,"responseTime":77,"contentLength":9},"message":"PUT /api/saved_objects/index-pattern/wazuh-alerts-* 409 77ms - 9.0B"}
{"type":"log","@timestamp":"2024-10-04T17:12:16Z","tags":["error","opensearch","data"],"pid":39,"message":"[version_conflict_engine_exception]: [index-pattern:wazuh-alerts-*]: version conflict, required seqNo [6], primary term [1]. current document has seqNo [7] and primary term [1]"}
{"type":"response","@timestamp":"2024-10-04T17:12:16Z","tags":[],"pid":39,"method":"put","statusCode":409,"req":{"url":"/api/saved_objects/index-pattern/wazuh-alerts-*","method":"put","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wazuh","content-type":"application/json","osd-version":"1.2.0","content-length":"80473","origin":"https://0.0.0.0","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":409,"responseTime":101,"contentLength":9},"message":"PUT /api/saved_objects/index-pattern/wazuh-alerts-* 409 101ms - 9.0B"}
{"type":"log","@timestamp":"2024-10-04T17:12:16Z","tags":["error","opensearch","data"],"pid":39,"message":"[version_conflict_engine_exception]: [index-pattern:wazuh-alerts-*]: version conflict, required seqNo [6], primary term [1]. current document has seqNo [7] and primary term [1]"}
{"type":"response","@timestamp":"2024-10-04T17:12:16Z","tags":[],"pid":39,"method":"put","statusCode":409,"req":{"url":"/api/saved_objects/index-pattern/wazuh-alerts-*","method":"put","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wazuh","content-type":"application/json","osd-version":"1.2.0","content-length":"80473","origin":"https://0.0.0.0","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":409,"responseTime":51,"contentLength":9},"message":"PUT /api/saved_objects/index-pattern/wazuh-alerts-* 409 51ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:16Z","tags":[],"pid":39,"method":"post","statusCode":200,"req":{"url":"/api/saved_objects/_bulk_get","method":"post","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wazuh","content-type":"application/json","osd-version":"1.2.0","content-length":"48","origin":"https://0.0.0.0","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":225,"contentLength":9},"message":"POST /api/saved_objects/_bulk_get 200 225ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:16Z","tags":[],"pid":39,"method":"put","statusCode":200,"req":{"url":"/api/saved_objects/index-pattern/wazuh-alerts-*","method":"put","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","content-type":"application/json","osd-xsrf":"kibana","pattern":"wazuh-alerts-*","id":"1513629884013","content-length":"66928","origin":"https://0.0.0.0","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":627,"contentLength":9},"message":"PUT /api/saved_objects/index-pattern/wazuh-alerts-* 200 627ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:16Z","tags":[],"pid":39,"method":"put","statusCode":200,"req":{"url":"/api/saved_objects/index-pattern/wazuh-statistics-*","method":"put","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","content-type":"application/json","osd-xsrf":"kibana","pattern":"wazuh-alerts-*","id":"1513629884013","content-length":"13129","origin":"https://0.0.0.0","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":566,"contentLength":9},"message":"PUT /api/saved_objects/index-pattern/wazuh-statistics-* 200 566ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:16Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/ui/fonts/inter_ui/Inter-UI-Light-BETA.woff2","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8","accept-language":"en-US,en;q=0.5","accept-encoding":"identity","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"font","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":30,"contentLength":9},"message":"GET /ui/fonts/inter_ui/Inter-UI-Light-BETA.woff2 200 30ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:16Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/api/saved_objects/_find?fields=title&per_page=10000&type=index-pattern","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wazuh","content-type":"application/json","osd-version":"1.2.0","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":54,"contentLength":9},"message":"GET /api/saved_objects/_find?fields=title&per_page=10000&type=index-pattern 200 54ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:16Z","tags":[],"pid":39,"method":"post","statusCode":200,"req":{"url":"/api/saved_objects/_bulk_get","method":"post","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wazuh","content-type":"application/json","osd-version":"1.2.0","content-length":"48","origin":"https://0.0.0.0","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":22,"contentLength":9},"message":"POST /api/saved_objects/_bulk_get 200 22ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:16Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/api/saved_objects/index-pattern/wazuh-alerts-*?fields=title&fields=fields","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","osd-xsrf":"kibana","pattern":"wazuh-alerts-*","id":"1513629884013","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":22,"contentLength":9},"message":"GET /api/saved_objects/index-pattern/wazuh-alerts-*?fields=title&fields=fields 200 22ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:17Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/api/saved_objects/index-pattern/wazuh-alerts-*?fields=title&fields=fields","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","osd-xsrf":"kibana","pattern":"wazuh-alerts-*","id":"1513629884013","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":51,"contentLength":9},"message":"GET /api/saved_objects/index-pattern/wazuh-alerts-*?fields=title&fields=fields 200 51ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:17Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/api/saved_objects/index-pattern/wazuh-alerts-*?fields=title&fields=fields","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","osd-xsrf":"kibana","pattern":"wazuh-alerts-*","id":"1513629884013","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":49,"contentLength":9},"message":"GET /api/saved_objects/index-pattern/wazuh-alerts-*?fields=title&fields=fields 200 49ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:17Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/api/saved_objects/index-pattern/wazuh-alerts-*?fields=title&fields=fields","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","osd-xsrf":"kibana","pattern":"wazuh-alerts-*","id":"1513629884013","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":86,"contentLength":9},"message":"GET /api/saved_objects/index-pattern/wazuh-alerts-*?fields=title&fields=fields 200 86ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:17Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/elastic/template/wazuh-alerts-*","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","osd-xsrf":"kibana","pattern":"wazuh-alerts-*","id":"1513629884013","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":31,"contentLength":9},"message":"GET /elastic/template/wazuh-alerts-* 200 31ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:17Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/api/index_patterns/_fields_for_wildcard?pattern=wazuh-alerts-%2A&meta_fields=_source&meta_fields=_id&meta_fields=_type&meta_fields=_index&meta_fields=_score","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","osd-xsrf":"kibana","pattern":"wazuh-alerts-*","id":"1513629884013","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":63,"contentLength":9},"message":"GET /api/index_patterns/_fields_for_wildcard?pattern=wazuh-alerts-%2A&meta_fields=_source&meta_fields=_id&meta_fields=_type&meta_fields=_index&meta_fields=_score 200 63ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:16Z","tags":[],"pid":39,"method":"put","statusCode":200,"req":{"url":"/api/saved_objects/index-pattern/wazuh-alerts-*","method":"put","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wazuh","content-type":"application/json","osd-version":"1.2.0","content-length":"80946","origin":"https://0.0.0.0","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":1017,"contentLength":9},"message":"PUT /api/saved_objects/index-pattern/wazuh-alerts-* 200 1017ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:17Z","tags":[],"pid":39,"method":"post","statusCode":200,"req":{"url":"/api/opensearch-dashboards/settings","method":"post","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wazuh","content-type":"application/json","osd-version":"1.2.0","content-length":"45","origin":"https://0.0.0.0","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":569,"contentLength":9},"message":"POST /api/opensearch-dashboards/settings 200 569ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:17Z","tags":[],"pid":39,"method":"put","statusCode":200,"req":{"url":"/api/saved_objects/index-pattern/wazuh-alerts-*","method":"put","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","content-type":"application/json","osd-xsrf":"kibana","pattern":"wazuh-alerts-*","id":"1513629884013","content-length":"66928","origin":"https://0.0.0.0","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":1199,"contentLength":9},"message":"PUT /api/saved_objects/index-pattern/wazuh-alerts-* 200 1199ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:19Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/utils/configuration","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","osd-xsrf":"kibana","pattern":"wazuh-alerts-*","id":"1513629884013","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":15,"contentLength":9},"message":"GET /utils/configuration 200 15ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:19Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/hosts/apis","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","osd-xsrf":"kibana","pattern":"wazuh-alerts-*","id":"1513629884013","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":6,"contentLength":9},"message":"GET /hosts/apis 200 6ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:19Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/api/saved_objects/_find?fields=title&per_page=10000&type=index-pattern","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wazuh","content-type":"application/json","osd-version":"1.2.0","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":68,"contentLength":9},"message":"GET /api/saved_objects/_find?fields=title&per_page=10000&type=index-pattern 200 68ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:19Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/utils/configuration","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","osd-xsrf":"kibana","pattern":"wazuh-alerts-*","id":"1513629884013","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":3,"contentLength":9},"message":"GET /utils/configuration 200 3ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:19Z","tags":[],"pid":39,"method":"post","statusCode":200,"req":{"url":"/api/request","method":"post","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","content-type":"application/json","osd-xsrf":"kibana","content-length":"79","origin":"https://0.0.0.0","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":44,"contentLength":9},"message":"POST /api/request 200 44ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:19Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/1/bundles/plugin/data/data.chunk.8.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":6,"contentLength":9},"message":"GET /1/bundles/plugin/data/data.chunk.8.js 200 6ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:19Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/1/bundles/plugin/data/data.chunk.0.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":7,"contentLength":9},"message":"GET /1/bundles/plugin/data/data.chunk.0.js 200 7ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:19Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/1/bundles/plugin/data/data.chunk.4.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":4,"contentLength":9},"message":"GET /1/bundles/plugin/data/data.chunk.4.js 200 4ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:19Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/ui/fonts/inter_ui/Inter-UI-Bold.woff2","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8","accept-language":"en-US,en;q=0.5","accept-encoding":"identity","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"font","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":21,"contentLength":9},"message":"GET /ui/fonts/inter_ui/Inter-UI-Bold.woff2 200 21ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:19Z","tags":[],"pid":39,"method":"post","statusCode":200,"req":{"url":"/api/request","method":"post","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/json, text/plain, */*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","content-type":"application/json","osd-xsrf":"kibana","content-length":"79","origin":"https://0.0.0.0","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":63,"contentLength":9},"message":"POST /api/request 200 63ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:12:19Z","tags":[],"pid":39,"method":"get","statusCode":200,"req":{"url":"/1/bundles/plugin/data/data.chunk.7.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wazuh","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wazuh"},"res":{"statusCode":200,"responseTime":5,"contentLength":9},"message":"GET /1/bundles/plugin/data/data.chunk.7.js 200 5ms - 9.0B"}
$ docker logs single-node-wazuh.indexer-1
[2024-10-04T17:11:17,905][INFO ][o.o.n.Node               ] [wazuh.indexer] version[1.2.4], pid[1], build[rpm/e505b10357c03ae8d26d675172402f2f2144ef0f/2022-01-14T03:38:06.881862Z], OS[Linux/6.8.0-45-generic/amd64], JVM[AdoptOpenJDK/OpenJDK 64-Bit Server VM/15.0.1/15.0.1+9]
[2024-10-04T17:11:17,917][INFO ][o.o.n.Node               ] [wazuh.indexer] JVM home [/usr/share/wazuh-indexer/jdk], using bundled JDK [true]
[2024-10-04T17:11:17,919][INFO ][o.o.n.Node               ] [wazuh.indexer] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=SPI,COMPAT, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/tmp/opensearch-14536441334892420722, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=data, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Xms512m, -Xmx512m, -XX:MaxDirectMemorySize=268435456, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/usr/share/wazuh-indexer/config, -Dopensearch.distribution.type=rpm, -Dopensearch.bundled_jdk=true]
[2024-10-04T17:11:19,633][INFO ][o.o.s.s.t.SSLConfig      ] [wazuh.indexer] SSL dual mode is disabled
[2024-10-04T17:11:19,642][INFO ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] OpenSearch Config path is /usr/share/wazuh-indexer/config
[2024-10-04T17:11:20,097][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] JVM supports TLSv1.3
[2024-10-04T17:11:20,103][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] Config directory is /usr/share/wazuh-indexer/config/, from there the key- and truststore files are resolved relatively
[2024-10-04T17:11:20,985][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] TLS Transport Client Provider : JDK
[2024-10-04T17:11:20,986][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] TLS Transport Server Provider : JDK
[2024-10-04T17:11:20,986][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] TLS HTTP Provider             : JDK
[2024-10-04T17:11:20,987][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] Enabled TLS protocols for transport layer : [TLSv1.3, TLSv1.2, TLSv1.1]
[2024-10-04T17:11:20,987][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] Enabled TLS protocols for HTTP layer      : [TLSv1.3, TLSv1.2, TLSv1.1]
[2024-10-04T17:11:21,299][INFO ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] Clustername: opensearch
[2024-10-04T17:11:21,306][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/config/opensearch.yml has insecure file permissions (should be 0600)
[2024-10-04T17:11:21,420][INFO ][o.o.p.c.PluginSettings   ] [wazuh.indexer] Trying to create directory /dev/shm/performanceanalyzer/.
[2024-10-04T17:11:21,422][INFO ][o.o.p.c.PluginSettings   ] [wazuh.indexer] Config: metricsLocation: /dev/shm/performanceanalyzer/, metricsDeletionInterval: 1, httpsEnabled: false, cleanup-metrics-db-files: true, batch-metrics-retention-period-minutes: 7, rpc-port: 9650, webservice-port 9600
[2024-10-04T17:11:22,006][INFO ][o.o.i.r.ReindexPlugin    ] [wazuh.indexer] ReindexPlugin reloadSPI called
[2024-10-04T17:11:22,009][INFO ][o.o.i.r.ReindexPlugin    ] [wazuh.indexer] Unable to find any implementation for RemoteReindexExtension
[2024-10-04T17:11:22,029][INFO ][o.o.j.JobSchedulerPlugin ] [wazuh.indexer] Loaded scheduler extension: opendistro-index-management, index: .opendistro-ism-config
[2024-10-04T17:11:22,033][INFO ][o.o.j.JobSchedulerPlugin ] [wazuh.indexer] Loaded scheduler extension: opendistro_anomaly_detector, index: .opendistro-anomaly-detector-jobs
[2024-10-04T17:11:22,062][INFO ][o.o.j.JobSchedulerPlugin ] [wazuh.indexer] Loaded scheduler extension: reports-scheduler, index: .opendistro-reports-definitions
[2024-10-04T17:11:22,066][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [aggs-matrix-stats]
[2024-10-04T17:11:22,067][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [analysis-common]
[2024-10-04T17:11:22,068][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [geo]
[2024-10-04T17:11:22,069][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [ingest-common]
[2024-10-04T17:11:22,069][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [ingest-geoip]
[2024-10-04T17:11:22,069][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [ingest-user-agent]
[2024-10-04T17:11:22,070][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [lang-expression]
[2024-10-04T17:11:22,070][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [lang-mustache]
[2024-10-04T17:11:22,070][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [lang-painless]
[2024-10-04T17:11:22,070][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [mapper-extras]
[2024-10-04T17:11:22,072][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [opensearch-dashboards]
[2024-10-04T17:11:22,073][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [parent-join]
[2024-10-04T17:11:22,073][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [percolator]
[2024-10-04T17:11:22,073][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [rank-eval]
[2024-10-04T17:11:22,074][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [reindex]
[2024-10-04T17:11:22,074][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [repository-url]
[2024-10-04T17:11:22,074][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [systemd]
[2024-10-04T17:11:22,075][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [transport-netty4]
[2024-10-04T17:11:22,076][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-alerting]
[2024-10-04T17:11:22,076][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-anomaly-detection]
[2024-10-04T17:11:22,077][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-asynchronous-search]
[2024-10-04T17:11:22,079][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-cross-cluster-replication]
[2024-10-04T17:11:22,079][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-index-management]
[2024-10-04T17:11:22,079][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-job-scheduler]
[2024-10-04T17:11:22,079][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-knn]
[2024-10-04T17:11:22,079][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-observability]
[2024-10-04T17:11:22,080][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-performance-analyzer]
[2024-10-04T17:11:22,080][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-reports-scheduler]
[2024-10-04T17:11:22,080][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-security]
[2024-10-04T17:11:22,080][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-sql]
[2024-10-04T17:11:22,109][INFO ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] Disabled https compression by default to mitigate BREACH attacks. You can enable it by setting 'http.compression: true' in opensearch.yml
[2024-10-04T17:11:22,130][INFO ][o.o.e.NodeEnvironment    ] [wazuh.indexer] using [1] data paths, mounts [[/var/lib/wazuh-indexer (/dev/sda5)]], net usable_space [35.8gb], net total_space [99.9gb], types [ext4]
[2024-10-04T17:11:22,131][INFO ][o.o.e.NodeEnvironment    ] [wazuh.indexer] heap size [512mb], compressed ordinary object pointers [true]
[2024-10-04T17:11:22,173][INFO ][o.o.n.Node               ] [wazuh.indexer] node name [wazuh.indexer], node ID [k8kFOxF9SYWybkfeDKvTUQ], cluster name [opensearch], roles [master, remote_cluster_client, data, ingest]
[2024-10-04T17:11:26,163][WARN ][o.o.s.c.Salt             ] [wazuh.indexer] If you plan to use field masking pls configure compliance salt e1ukloTsQlOgPquJ to be a random string of 16 chars length identical on all nodes
[2024-10-04T17:11:26,176][ERROR][o.o.s.a.s.SinkProvider   ] [wazuh.indexer] Default endpoint could not be created, auditlog will not work properly.
[2024-10-04T17:11:26,178][WARN ][o.o.s.a.r.AuditMessageRouter] [wazuh.indexer] No default storage available, audit log may not work properly. Please check configuration.
[2024-10-04T17:11:26,179][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Message routing enabled: false
[2024-10-04T17:11:26,237][INFO ][o.o.s.f.SecurityFilter   ] [wazuh.indexer] <NONE> indices are made immutable.
[2024-10-04T17:11:26,524][INFO ][o.o.a.b.ADCircuitBreakerService] [wazuh.indexer] Registered memory breaker.
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by io.protostuff.runtime.PolymorphicThrowableSchema (file:/usr/share/wazuh-indexer/plugins/opensearch-anomaly-detection/protostuff-runtime-1.7.4.jar) to field java.lang.Throwable.cause
WARNING: Please consider reporting this to the maintainers of io.protostuff.runtime.PolymorphicThrowableSchema
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
[2024-10-04T17:11:27,177][INFO ][o.o.t.NettyAllocator     ] [wazuh.indexer] creating NettyAllocator with the following configs: [name=unpooled, suggested_max_allocation_size=256kb, factors={opensearch.unsafe.use_unpooled_allocator=null, g1gc_enabled=true, g1gc_region_size=1mb, heap_size=512mb}]
[2024-10-04T17:11:27,290][INFO ][o.o.d.DiscoveryModule    ] [wazuh.indexer] using discovery type [single-node] and seed hosts providers [settings]
[2024-10-04T17:11:27,896][WARN ][o.o.g.DanglingIndicesState] [wazuh.indexer] gateway.auto_import_dangling_indices is disabled, dangling indices will not be automatically detected or imported and must be managed manually
[2024-10-04T17:11:28,538][INFO ][o.o.p.h.c.PerformanceAnalyzerConfigAction] [wazuh.indexer] PerformanceAnalyzer Enabled: false
[2024-10-04T17:11:28,654][INFO ][o.o.n.Node               ] [wazuh.indexer] initialized
[2024-10-04T17:11:28,657][INFO ][o.o.n.Node               ] [wazuh.indexer] starting ...
[2024-10-04T17:11:28,984][INFO ][o.o.t.TransportService   ] [wazuh.indexer] publish_address {172.18.0.2:9300}, bound_addresses {[::]:9300}
[2024-10-04T17:11:29,452][INFO ][o.o.c.c.Coordinator      ] [wazuh.indexer] setting initial configuration to VotingConfiguration{k8kFOxF9SYWybkfeDKvTUQ}
[2024-10-04T17:11:29,710][INFO ][o.o.c.s.MasterService    ] [wazuh.indexer] elected-as-master ([1] nodes joined)[{wazuh.indexer}{k8kFOxF9SYWybkfeDKvTUQ}{PSgewyGGQxOh6SeGwDcMvw}{172.18.0.2}{172.18.0.2:9300}{dimr}{shard_indexing_pressure_enabled=true} elect leader, _BECOME_MASTER_TASK_, _FINISH_ELECTION_], term: 1, version: 1, delta: master node changed {previous [], current [{wazuh.indexer}{k8kFOxF9SYWybkfeDKvTUQ}{PSgewyGGQxOh6SeGwDcMvw}{172.18.0.2}{172.18.0.2:9300}{dimr}{shard_indexing_pressure_enabled=true}]}
[2024-10-04T17:11:29,841][INFO ][o.o.c.c.CoordinationState] [wazuh.indexer] cluster UUID set to [wgZWmmt6SPmZG2MclgkngA]
[2024-10-04T17:11:29,906][INFO ][o.o.c.s.ClusterApplierService] [wazuh.indexer] master node changed {previous [], current [{wazuh.indexer}{k8kFOxF9SYWybkfeDKvTUQ}{PSgewyGGQxOh6SeGwDcMvw}{172.18.0.2}{172.18.0.2:9300}{dimr}{shard_indexing_pressure_enabled=true}]}, term: 1, version: 1, reason: Publication{term=1, version=1}
[2024-10-04T17:11:29,957][WARN ][o.o.p.c.s.h.ConfigOverridesClusterSettingHandler] [wazuh.indexer] Config override setting update called with empty string. Ignoring.
[2024-10-04T17:11:29,964][INFO ][o.o.a.c.ADClusterEventListener] [wazuh.indexer] Cluster is not recovered yet.
[2024-10-04T17:11:30,064][INFO ][o.o.h.AbstractHttpServerTransport] [wazuh.indexer] publish_address {172.18.0.2:9200}, bound_addresses {[::]:9200}
[2024-10-04T17:11:30,065][INFO ][o.o.n.Node               ] [wazuh.indexer] started
[2024-10-04T17:11:30,066][INFO ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] Node started
[2024-10-04T17:11:30,067][INFO ][o.o.s.c.ConfigurationRepository] [wazuh.indexer] Will attempt to create index .opendistro_security and default configs if they are absent
[2024-10-04T17:11:30,069][INFO ][o.o.s.c.ConfigurationRepository] [wazuh.indexer] Background init thread started. Install default config?: true
[2024-10-04T17:11:30,071][INFO ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] 0 OpenSearch Security modules loaded so far: []
[2024-10-04T17:11:30,143][INFO ][o.o.a.c.HashRing         ] [wazuh.indexer] Node added: [k8kFOxF9SYWybkfeDKvTUQ]
[2024-10-04T17:11:30,154][INFO ][o.o.a.c.HashRing         ] [wazuh.indexer] Add data node to AD version hash ring: k8kFOxF9SYWybkfeDKvTUQ
[2024-10-04T17:11:30,159][INFO ][o.o.g.GatewayService     ] [wazuh.indexer] recovered [0] indices into cluster_state
[2024-10-04T17:11:30,159][INFO ][o.o.a.c.HashRing         ] [wazuh.indexer] All nodes with known AD version: {k8kFOxF9SYWybkfeDKvTUQ=ADNodeInfo{version=1.2.4, isEligibleDataNode=true}}
[2024-10-04T17:11:30,160][INFO ][o.o.a.c.HashRing         ] [wazuh.indexer] Rebuild AD hash ring for realtime AD with cooldown, nodeChangeEvents size 0
[2024-10-04T17:11:30,160][INFO ][o.o.a.c.HashRing         ] [wazuh.indexer] Build AD version hash ring successfully
[2024-10-04T17:11:30,164][INFO ][o.o.a.c.ADDataMigrator   ] [wazuh.indexer] Start migrating AD data
[2024-10-04T17:11:30,168][INFO ][o.o.a.c.ADDataMigrator   ] [wazuh.indexer] AD job index doesn't exist, no need to migrate
[2024-10-04T17:11:30,170][INFO ][o.o.a.c.ADClusterEventListener] [wazuh.indexer] Init AD version hash ring successfully
[2024-10-04T17:11:30,309][INFO ][o.o.c.m.MetadataCreateIndexService] [wazuh.indexer] [.opendistro_security] creating index, cause [api], templates [], shards [1]/[1]
[2024-10-04T17:11:30,335][INFO ][o.o.c.r.a.AllocationService] [wazuh.indexer] updating number_of_replicas to [0] for indices [.opendistro_security]
[2024-10-04T17:11:30,756][INFO ][o.o.c.r.a.AllocationService] [wazuh.indexer] Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[.opendistro_security][0]]]).
[2024-10-04T17:11:30,821][INFO ][o.o.s.c.ConfigurationRepository] [wazuh.indexer] Index .opendistro_security created?: true
[2024-10-04T17:11:30,823][INFO ][o.o.s.c.ConfigurationRepository] [wazuh.indexer] Node started, try to initialize it. Wait for at least yellow cluster state....
[2024-10-04T17:11:30,835][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Will update 'config' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/config.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false
[2024-10-04T17:11:31,218][INFO ][o.o.c.m.MetadataMappingService] [wazuh.indexer] [.opendistro_security/xM0M4U1gTUG6ENI60ic7iA] create_mapping [_doc]
[2024-10-04T17:11:31,538][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Doc with id 'config' and version 2 is updated in .opendistro_security index.
[2024-10-04T17:11:31,539][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Will update 'roles' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/roles.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false
[2024-10-04T17:11:31,568][INFO ][o.o.c.m.MetadataMappingService] [wazuh.indexer] [.opendistro_security/xM0M4U1gTUG6ENI60ic7iA] update_mapping [_doc]
[2024-10-04T17:11:31,612][ERROR][o.o.s.a.BackendRegistry  ] [wazuh.indexer] Not yet initialized (you may need to run securityadmin)
[2024-10-04T17:11:31,667][ERROR][o.o.s.a.BackendRegistry  ] [wazuh.indexer] Not yet initialized (you may need to run securityadmin)
[2024-10-04T17:11:31,677][ERROR][o.o.s.a.BackendRegistry  ] [wazuh.indexer] Not yet initialized (you may need to run securityadmin)
[2024-10-04T17:11:31,681][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Doc with id 'roles' and version 2 is updated in .opendistro_security index.
[2024-10-04T17:11:31,682][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Will update 'rolesmapping' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/roles_mapping.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false
[2024-10-04T17:11:31,686][ERROR][o.o.s.a.BackendRegistry  ] [wazuh.indexer] Not yet initialized (you may need to run securityadmin)
[2024-10-04T17:11:31,715][INFO ][o.o.c.m.MetadataMappingService] [wazuh.indexer] [.opendistro_security/xM0M4U1gTUG6ENI60ic7iA] update_mapping [_doc]
[2024-10-04T17:11:31,830][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Doc with id 'rolesmapping' and version 2 is updated in .opendistro_security index.
[2024-10-04T17:11:31,831][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Will update 'internalusers' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/internal_users.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false
[2024-10-04T17:11:31,860][INFO ][o.o.c.m.MetadataMappingService] [wazuh.indexer] [.opendistro_security/xM0M4U1gTUG6ENI60ic7iA] update_mapping [_doc]
[2024-10-04T17:11:31,942][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Doc with id 'internalusers' and version 2 is updated in .opendistro_security index.
[2024-10-04T17:11:31,943][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Will update 'actiongroups' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/action_groups.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false
[2024-10-04T17:11:31,981][INFO ][o.o.c.m.MetadataMappingService] [wazuh.indexer] [.opendistro_security/xM0M4U1gTUG6ENI60ic7iA] update_mapping [_doc]
[2024-10-04T17:11:32,123][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Doc with id 'actiongroups' and version 2 is updated in .opendistro_security index.
[2024-10-04T17:11:32,123][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Will update 'tenants' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/tenants.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false
[2024-10-04T17:11:32,169][INFO ][o.o.c.m.MetadataMappingService] [wazuh.indexer] [.opendistro_security/xM0M4U1gTUG6ENI60ic7iA] update_mapping [_doc]
[2024-10-04T17:11:32,293][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Doc with id 'tenants' and version 2 is updated in .opendistro_security index.
[2024-10-04T17:11:32,293][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Will update 'nodesdn' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/nodes_dn.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=true
[2024-10-04T17:11:32,312][INFO ][o.o.c.m.MetadataMappingService] [wazuh.indexer] [.opendistro_security/xM0M4U1gTUG6ENI60ic7iA] update_mapping [_doc]
[2024-10-04T17:11:32,431][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Doc with id 'nodesdn' and version 2 is updated in .opendistro_security index.
[2024-10-04T17:11:32,433][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Will update 'whitelist' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/whitelist.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=true
[2024-10-04T17:11:32,463][INFO ][o.o.c.m.MetadataMappingService] [wazuh.indexer] [.opendistro_security/xM0M4U1gTUG6ENI60ic7iA] update_mapping [_doc]
[2024-10-04T17:11:32,537][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Doc with id 'whitelist' and version 2 is updated in .opendistro_security index.
[2024-10-04T17:11:32,538][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Will update 'audit' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/audit.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false
[2024-10-04T17:11:32,571][INFO ][o.o.c.m.MetadataMappingService] [wazuh.indexer] [.opendistro_security/xM0M4U1gTUG6ENI60ic7iA] update_mapping [_doc]
[2024-10-04T17:11:32,642][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Doc with id 'audit' and version 2 is updated in .opendistro_security index.
[2024-10-04T17:11:32,847][INFO ][stdout                   ] [wazuh.indexer] [FINE] No subscribers registered for event class org.opensearch.security.securityconf.DynamicConfigFactory$NodesDnModelImpl
[2024-10-04T17:11:32,849][INFO ][stdout                   ] [wazuh.indexer] [FINE] No subscribers registered for event class org.greenrobot.eventbus.NoSubscriberEvent
[2024-10-04T17:11:32,855][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing on REST API is enabled.
[2024-10-04T17:11:32,856][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] [AUTHENTICATED, GRANTED_PRIVILEGES] are excluded from REST API auditing.
[2024-10-04T17:11:32,856][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing on Transport API is enabled.
[2024-10-04T17:11:32,856][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] [AUTHENTICATED, GRANTED_PRIVILEGES] are excluded from Transport API auditing.
[2024-10-04T17:11:32,857][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing of request body is enabled.
[2024-10-04T17:11:32,857][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Bulk requests resolution is disabled during request auditing.
[2024-10-04T17:11:32,858][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Index resolution is enabled during request auditing.
[2024-10-04T17:11:32,858][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Sensitive headers auditing is enabled.
[2024-10-04T17:11:32,858][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing requests from kibanaserver users is disabled.
[2024-10-04T17:11:32,858][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing of external configuration is disabled.
[2024-10-04T17:11:32,859][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing of internal configuration is enabled.
[2024-10-04T17:11:32,859][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing only metadata information for read request is enabled.
[2024-10-04T17:11:32,859][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing will watch {} for read requests.
[2024-10-04T17:11:32,860][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing read operation requests from kibanaserver users is disabled.
[2024-10-04T17:11:32,860][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing only metadata information for write request is enabled.
[2024-10-04T17:11:32,860][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing diffs for write requests is disabled.
[2024-10-04T17:11:32,860][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing write operation requests from kibanaserver users is disabled.
[2024-10-04T17:11:32,860][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing will watch <NONE> for write requests.
[2024-10-04T17:11:32,861][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] .opendistro_security is used as internal security index.
[2024-10-04T17:11:32,861][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Internal index used for posting audit logs is null
[2024-10-04T17:11:32,861][INFO ][o.o.s.c.ConfigurationRepository] [wazuh.indexer] Hot-reloading of audit configuration is enabled
[2024-10-04T17:11:32,862][INFO ][o.o.s.c.ConfigurationRepository] [wazuh.indexer] Node 'wazuh.indexer' initialized
[2024-10-04T17:11:34,188][INFO ][o.o.c.m.MetadataCreateIndexService] [wazuh.indexer] [.kibana_1] creating index, cause [api], templates [], shards [1]/[1]
[2024-10-04T17:11:34,194][INFO ][o.o.c.r.a.AllocationService] [wazuh.indexer] updating number_of_replicas to [0] for indices [.kibana_1]
[2024-10-04T17:11:34,393][INFO ][o.o.c.r.a.AllocationService] [wazuh.indexer] Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[.kibana_1][0]]]).
[2024-10-04T17:11:34,961][INFO ][o.o.c.m.MetadataIndexTemplateService] [wazuh.indexer] adding template [wazuh-statistics] for index patterns [wazuh-statistics-*]
[2024-10-04T17:11:35,048][INFO ][o.o.c.m.MetadataIndexTemplateService] [wazuh.indexer] adding template [wazuh-agent] for index patterns [wazuh-monitoring-*]
[2024-10-04T17:11:35,683][INFO ][o.o.c.m.MetadataCreateIndexService] [wazuh.indexer] [wazuh-monitoring-2024.40w] creating index, cause [api], templates [wazuh-agent], shards [1]/[0]
[2024-10-04T17:11:35,821][INFO ][o.o.c.r.a.AllocationService] [wazuh.indexer] Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[wazuh-monitoring-2024.40w][0]]]).
[2024-10-04T17:11:35,879][INFO ][o.o.c.m.MetadataUpdateSettingsService] [wazuh.indexer] updating number_of_replicas to [0] for indices [wazuh-monitoring-2024.40w]
Security Admin v7
Will connect to localhost:9300 ... done
[2024-10-04T17:11:43,064][INFO ][o.o.c.m.MetadataIndexTemplateService] [wazuh.indexer] adding template [wazuh] for index patterns [wazuh-alerts-4.x-*, wazuh-archives-4.x-*]
[2024-10-04T17:11:43,712][INFO ][o.o.c.m.MetadataCreateIndexService] [wazuh.indexer] [wazuh-alerts-4.x-2024.10.04] creating index, cause [auto(bulk api)], templates [wazuh], shards [3]/[0]
[2024-10-04T17:11:44,373][INFO ][o.o.c.r.a.AllocationService] [wazuh.indexer] Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[wazuh-alerts-4.x-2024.10.04][0], [wazuh-alerts-4.x-2024.10.04][2]]]).
[2024-10-04T17:11:44,607][INFO ][o.o.c.m.MetadataMappingService] [wazuh.indexer] [wazuh-alerts-4.x-2024.10.04/EEGgCRweQaW2QhkMdSjMqw] update_mapping [_doc]
[2024-10-04T17:11:44,948][INFO ][o.o.c.m.MetadataMappingService] [wazuh.indexer] [wazuh-alerts-4.x-2024.10.04/EEGgCRweQaW2QhkMdSjMqw] update_mapping [_doc]
Connected as CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US
OpenSearch Version: 1.2.4
OpenSearch Security Version: 1.2.4.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: opensearch
Clusterstate: GREEN
Number of nodes: 1
Number of data nodes: 1
.opendistro_security index already exists, so we do not need to create one.
Populate config from /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/
Will update '_doc/config' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/config.yml 
   SUCC: Configuration for 'config' created or updated
Will update '_doc/roles' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/roles.yml 
   SUCC: Configuration for 'roles' created or updated
Will update '_doc/rolesmapping' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' created or updated
Will update '_doc/internalusers' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/internal_users.yml 
   SUCC: Configuration for 'internalusers' created or updated
Will update '_doc/actiongroups' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/action_groups.yml 
   SUCC: Configuration for 'actiongroups' created or updated
Will update '_doc/tenants' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/tenants.yml 
   SUCC: Configuration for 'tenants' created or updated
Will update '_doc/nodesdn' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/nodes_dn.yml 
   SUCC: Configuration for 'nodesdn' created or updated
Will update '_doc/whitelist' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/whitelist.yml 
   SUCC: Configuration for 'whitelist' created or updated
Will update '_doc/audit' with /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/audit.yml 
   SUCC: Configuration for 'audit' created or updated
[2024-10-04T17:11:48,025][INFO ][stdout                   ] [wazuh.indexer] [FINE] No subscribers registered for event class org.opensearch.security.securityconf.DynamicConfigFactory$NodesDnModelImpl
[2024-10-04T17:11:48,027][INFO ][stdout                   ] [wazuh.indexer] [FINE] No subscribers registered for event class org.greenrobot.eventbus.NoSubscriberEvent
[2024-10-04T17:11:48,028][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing on REST API is enabled.
[2024-10-04T17:11:48,028][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] [AUTHENTICATED, GRANTED_PRIVILEGES] are excluded from REST API auditing.
[2024-10-04T17:11:48,029][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing on Transport API is enabled.
[2024-10-04T17:11:48,029][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] [AUTHENTICATED, GRANTED_PRIVILEGES] are excluded from Transport API auditing.
[2024-10-04T17:11:48,030][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing of request body is enabled.
[2024-10-04T17:11:48,030][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Bulk requests resolution is disabled during request auditing.
[2024-10-04T17:11:48,030][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Index resolution is enabled during request auditing.
[2024-10-04T17:11:48,030][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Sensitive headers auditing is enabled.
[2024-10-04T17:11:48,031][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing requests from kibanaserver users is disabled.
[2024-10-04T17:11:48,031][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing of external configuration is disabled.
[2024-10-04T17:11:48,031][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing of internal configuration is enabled.
[2024-10-04T17:11:48,031][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing only metadata information for read request is enabled.
[2024-10-04T17:11:48,031][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing will watch {} for read requests.
[2024-10-04T17:11:48,032][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing read operation requests from kibanaserver users is disabled.
[2024-10-04T17:11:48,032][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing only metadata information for write request is enabled.
[2024-10-04T17:11:48,032][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing diffs for write requests is disabled.
[2024-10-04T17:11:48,032][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing write operation requests from kibanaserver users is disabled.
[2024-10-04T17:11:48,032][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing will watch <NONE> for write requests.
[2024-10-04T17:11:48,032][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] .opendistro_security is used as internal security index.
[2024-10-04T17:11:48,032][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Internal index used for posting audit logs is null
Done with success
[2024-10-04T17:12:00,423][INFO ][o.o.c.m.MetadataMappingService] [wazuh.indexer] [.kibana_1/qgE9hSWyTdaxMWzN0b0hng] update_mapping [_doc]
[2024-10-04T17:12:11,366][INFO ][o.o.c.m.MetadataMappingService] [wazuh.indexer] [.kibana_1/qgE9hSWyTdaxMWzN0b0hng] update_mapping [_doc]
[2024-10-04T17:12:29,945][INFO ][o.o.i.i.ManagedIndexCoordinator] [wazuh.indexer] Performing move cluster state metadata.

[vcerenu]

Turn off v4.3.11 stack, modify the repository like you have customizations and turn on v4.9.0 stack

$ docker-compose down
WARN[0000] single-node/docker-compose.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion 
[+] Running 4/4
 ✔ Container single-node-wazuh.dashboard-1  Removed                                                                                                                                8.4s 
 ✔ Container single-node-wazuh.manager-1    Removed                                                                                                                                4.7s 
 ✔ Container single-node-wazuh.indexer-1    Removed                                                                                                                                1.2s 
 ✔ Network single-node_default              Removed                                                                                                                                0.4s 
$ docker-compose -f generate-indexer-certs.yml run --rm generator
WARN[0000] single-node/generate-indexer-certs.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion 
[+] Creating 1/1
 ✔ Network single-node_default  Created                                                                                                                                            0.2s 
[+] Running 5/5
 ✔ generator Pulled                                                                                                                                                               14.7s 
   ✔ 17d0386c2fff Pull complete                                                                                                                                                    9.3s 
   ✔ 7ce91ec7d1d3 Pull complete                                                                                                                                                   11.9s 
   ✔ 5249716d429c Pull complete                                                                                                                                                   12.0s 
   ✔ d7003467fd14 Pull complete                                                                                                                                                   12.1s 
The tool to create the certificates exists in the in Packages bucket
04/10/2024 17:22:10 INFO: Generating the root certificate.
04/10/2024 17:22:10 INFO: Generating Admin certificates.
04/10/2024 17:22:10 INFO: Admin certificates created.
04/10/2024 17:22:10 INFO: Generating Wazuh indexer certificates.
04/10/2024 17:22:11 INFO: Wazuh indexer certificates created.
04/10/2024 17:22:11 INFO: Generating Filebeat certificates.
04/10/2024 17:22:11 INFO: Wazuh Filebeat certificates created.
04/10/2024 17:22:11 INFO: Generating Wazuh dashboard certificates.
04/10/2024 17:22:11 INFO: Wazuh dashboard certificates created.
Moving created certificates to the destination directory
Changing certificate permissions
Setting UID indexer and dashboard
Setting UID for wazuh manager and worker
$ docker-compose up -d
WARN[0000] single-node/docker-compose.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion 
[+] Running 44/33
 ✔ wazuh.dashboard Pulled                                                                                                                                                        307.3s 
 ✔ wazuh.manager Pulled                                                                                                                                                          210.6s 
 ✔ wazuh.indexer Pulled                                                                                                                                                          252.5s 

[+] Running 3/3
 ✔ Container single-node-wazuh.indexer-1    Started                                                                                                                                3.2s 
 ✔ Container single-node-wazuh.manager-1    Started                                                                                                                                3.5s 
 ✔ Container single-node-wazuh.dashboard-1  Started  

Stack deployed and containers logs:

$ docker ps
CONTAINER ID   IMAGE                         COMMAND                  CREATED              STATUS              PORTS                                                                                                                                                           NAMES
0604cfd5e4ba   wazuh/wazuh-dashboard:4.9.0   "/entrypoint.sh"         About a minute ago   Up About a minute   443/tcp, 0.0.0.0:443->5601/tcp, [::]:443->5601/tcp                                                                                                              single-node-wazuh.dashboard-1
64f6a1fbc99e   wazuh/wazuh-indexer:4.9.0     "/entrypoint.sh open…"   About a minute ago   Up About a minute   0.0.0.0:9200->9200/tcp, :::9200->9200/tcp                                                                                                                       single-node-wazuh.indexer-1
660e80eda0d0   wazuh/wazuh-manager:4.9.0     "/init"                  About a minute ago   Up About a minute   0.0.0.0:1514-1515->1514-1515/tcp, :::1514-1515->1514-1515/tcp, 0.0.0.0:514->514/udp, :::514->514/udp, 0.0.0.0:55000->55000/tcp, :::55000->55000/tcp, 1516/tcp   single-node-wazuh.manager-1
$ docker logs single-node-wazuh.dashboard-1
Created OpenSearch Dashboards keystore in /usr/share/wazuh-dashboard/config/opensearch_dashboards.keystore
Wazuh APP already configured
{"type":"log","@timestamp":"2024-10-04T17:32:04Z","tags":["info","plugins-service"],"pid":54,"message":"Plugin \"dataSourceManagement\" has been disabled since the following direct or transitive dependencies are missing or disabled: [dataSource]"}
{"type":"log","@timestamp":"2024-10-04T17:32:04Z","tags":["info","plugins-service"],"pid":54,"message":"Plugin \"applicationConfig\" is disabled."}
{"type":"log","@timestamp":"2024-10-04T17:32:04Z","tags":["info","plugins-service"],"pid":54,"message":"Plugin \"cspHandler\" is disabled."}
{"type":"log","@timestamp":"2024-10-04T17:32:04Z","tags":["info","plugins-service"],"pid":54,"message":"Plugin \"dataSource\" is disabled."}
{"type":"log","@timestamp":"2024-10-04T17:32:04Z","tags":["info","plugins-service"],"pid":54,"message":"Plugin \"visTypeXy\" is disabled."}
{"type":"log","@timestamp":"2024-10-04T17:32:04Z","tags":["warning","config","deprecation"],"pid":54,"message":"\"opensearch.requestHeadersWhitelist\" is deprecated and has been replaced by \"opensearch.requestHeadersAllowlist\""}
[agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
{"type":"log","@timestamp":"2024-10-04T17:32:04Z","tags":["info","plugins-system"],"pid":54,"message":"Setting up [48] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,savedObjects,home,apmOss,reportsDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,alertingDashboards,tileMap,regionMap,customImportMapDashboards,inputControlVis,ganttChartDashboards,visualize,indexManagementDashboards,notificationsDashboards,management,indexPatternManagement,advancedSettings,console,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"}
[agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
[agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
[agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
[agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
[agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
[agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
[agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
[agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
{"type":"log","@timestamp":"2024-10-04T17:32:05Z","tags":["info","savedobjects-service"],"pid":54,"message":"Waiting until all OpenSearch nodes are compatible with OpenSearch Dashboards before starting saved objects migrations..."}
{"type":"log","@timestamp":"2024-10-04T17:32:05Z","tags":["error","opensearch","data"],"pid":54,"message":"[ConnectionError]: connect ECONNREFUSED 172.18.0.2:9200"}
{"type":"log","@timestamp":"2024-10-04T17:32:05Z","tags":["error","savedobjects-service"],"pid":54,"message":"Unable to retrieve version information from OpenSearch nodes."}
{"type":"log","@timestamp":"2024-10-04T17:32:07Z","tags":["error","opensearch","data"],"pid":54,"message":"[ConnectionError]: connect ECONNREFUSED 172.18.0.2:9200"}
{"type":"log","@timestamp":"2024-10-04T17:32:10Z","tags":["error","opensearch","data"],"pid":54,"message":"[ConnectionError]: connect ECONNREFUSED 172.18.0.2:9200"}
{"type":"log","@timestamp":"2024-10-04T17:32:12Z","tags":["error","opensearch","data"],"pid":54,"message":"[ConnectionError]: connect ECONNREFUSED 172.18.0.2:9200"}
{"type":"log","@timestamp":"2024-10-04T17:32:15Z","tags":["error","opensearch","data"],"pid":54,"message":"[ConnectionError]: connect ECONNREFUSED 172.18.0.2:9200"}
{"type":"log","@timestamp":"2024-10-04T17:32:17Z","tags":["error","opensearch","data"],"pid":54,"message":"[ConnectionError]: connect ECONNREFUSED 172.18.0.2:9200"}
{"type":"log","@timestamp":"2024-10-04T17:32:20Z","tags":["error","opensearch","data"],"pid":54,"message":"[ConnectionError]: connect ECONNREFUSED 172.18.0.2:9200"}
{"type":"log","@timestamp":"2024-10-04T17:32:22Z","tags":["error","opensearch","data"],"pid":54,"message":"[ConnectionError]: connect ECONNREFUSED 172.18.0.2:9200"}
{"type":"log","@timestamp":"2024-10-04T17:32:25Z","tags":["error","opensearch","data"],"pid":54,"message":"[ConnectionError]: connect ECONNREFUSED 172.18.0.2:9200"}
{"type":"log","@timestamp":"2024-10-04T17:32:28Z","tags":["info","savedobjects-service"],"pid":54,"message":"Starting saved objects migrations"}
{"type":"log","@timestamp":"2024-10-04T17:32:28Z","tags":["info","savedobjects-service"],"pid":54,"message":"Detected mapping change in \"properties.homepage\""}
{"type":"log","@timestamp":"2024-10-04T17:32:28Z","tags":["info","savedobjects-service"],"pid":54,"message":"Creating index .kibana_2."}
{"type":"log","@timestamp":"2024-10-04T17:32:28Z","tags":["info","savedobjects-service"],"pid":54,"message":"Migrating .kibana_1 saved objects to .kibana_2"}
{"type":"log","@timestamp":"2024-10-04T17:32:29Z","tags":["info","savedobjects-service"],"pid":54,"message":"Pointing alias .kibana to .kibana_2."}
{"type":"log","@timestamp":"2024-10-04T17:32:29Z","tags":["info","savedobjects-service"],"pid":54,"message":"Finished in 961ms."}
{"type":"log","@timestamp":"2024-10-04T17:32:29Z","tags":["warning","cross-compatibility-service"],"pid":54,"message":"Starting cross compatibility service"}
{"type":"log","@timestamp":"2024-10-04T17:32:29Z","tags":["info","plugins-system"],"pid":54,"message":"Starting [48] plugins: [usageCollection,opensearchDashboardsUsageCollection,opensearchDashboardsLegacy,mapsLegacy,share,opensearchUiShared,legacyExport,embeddable,expressions,data,savedObjects,home,apmOss,reportsDashboards,dashboard,visualizations,visTypeVega,visTypeTimeline,visTypeTable,visTypeMarkdown,visBuilder,visAugmenter,alertingDashboards,tileMap,regionMap,customImportMapDashboards,inputControlVis,ganttChartDashboards,visualize,indexManagementDashboards,notificationsDashboards,management,indexPatternManagement,advancedSettings,console,dataExplorer,charts,visTypeVislib,visTypeTimeseries,visTypeTagcloud,visTypeMetric,discover,savedObjectsManagement,securityDashboards,wazuhCore,wazuhCheckUpdates,wazuh,bfetch]"}
{"type":"log","@timestamp":"2024-10-04T17:32:30Z","tags":["info","plugins","wazuh","initialize"],"pid":54,"message":"dashboard index: .kibana"}
{"type":"log","@timestamp":"2024-10-04T17:32:30Z","tags":["info","plugins","wazuh","initialize"],"pid":54,"message":"App revision: 07"}
{"type":"log","@timestamp":"2024-10-04T17:32:30Z","tags":["info","plugins","wazuh","initialize"],"pid":54,"message":"Total RAM: 9946MB"}
{"type":"log","@timestamp":"2024-10-04T17:32:30Z","tags":["info","plugins","wazuh","monitoring"],"pid":54,"message":"Updated the wazuh-agent template"}
{"type":"log","@timestamp":"2024-10-04T17:32:30Z","tags":["info","plugins","wazuh","cron-scheduler"],"pid":54,"message":"Updated the wazuh-statistics template"}
{"type":"log","@timestamp":"2024-10-04T17:32:30Z","tags":["info","plugins","wazuh","monitoring"],"pid":54,"message":"Settings added to wazuh-monitoring-2024.40w index"}
{"type":"log","@timestamp":"2024-10-04T17:32:30Z","tags":["listening","info"],"pid":54,"message":"Server running at https://0.0.0.0:5601"}
{"type":"log","@timestamp":"2024-10-04T17:32:30Z","tags":["info","http","server","OpenSearchDashboards"],"pid":54,"message":"http server running at https://0.0.0.0:5601"}
{"type":"error","@timestamp":"2024-10-04T17:32:34Z","tags":["connection","client","error"],"pid":54,"level":"error","error":{"message":"0008DD57CA790000:error:0A000418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1586:SSL alert number 48\n","name":"Error","stack":"Error: 0008DD57CA790000:error:0A000418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1586:SSL alert number 48\n","code":"ERR_SSL_TLSV1_ALERT_UNKNOWN_CA"},"message":"0008DD57CA790000:error:0A000418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1586:SSL alert number 48\n"}
[agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
{"type":"response","@timestamp":"2024-10-04T17:32:37Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/png,image/svg+xml,*/*;q=0.8","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","upgrade-insecure-requests":"1","sec-fetch-dest":"document","sec-fetch-mode":"navigate","sec-fetch-site":"none","sec-fetch-user":"?1","priority":"u=0, i"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0"},"res":{"statusCode":200,"responseTime":416,"contentLength":9},"message":"GET / 200 416ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:38Z","tags":[],"pid":54,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/png,image/svg+xml,*/*;q=0.8","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","upgrade-insecure-requests":"1","sec-fetch-dest":"document","sec-fetch-mode":"navigate","sec-fetch-site":"none","sec-fetch-user":"?1","priority":"u=0, i"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0"},"res":{"statusCode":302,"responseTime":180,"contentLength":9},"message":"GET / 302 180ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:38Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/app/wz-home","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/png,image/svg+xml,*/*;q=0.8","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","upgrade-insecure-requests":"1","sec-fetch-dest":"document","sec-fetch-mode":"navigate","sec-fetch-site":"none","sec-fetch-user":"?1","priority":"u=0, i"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0"},"res":{"statusCode":200,"responseTime":105,"contentLength":9},"message":"GET /app/wz-home 200 105ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:38Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/ui/logos/spinner_on_light.svg","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"image","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin","priority":"u=5, i"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":30,"contentLength":9},"message":"GET /ui/logos/spinner_on_light.svg 200 30ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:38Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/ui/logos/wazuh_mark_on_light.svg","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"image","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin","priority":"u=5, i"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":36,"contentLength":9},"message":"GET /ui/logos/wazuh_mark_on_light.svg 200 36ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:38Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/ui/fonts/inter_ui/Inter-UI-Regular.woff2","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8","accept-language":"en-US,en;q=0.5","accept-encoding":"identity","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"font","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":34,"contentLength":9},"message":"GET /ui/fonts/inter_ui/Inter-UI-Regular.woff2 200 34ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:38Z","tags":["api"],"pid":54,"method":"get","statusCode":200,"req":{"url":"/bootstrap.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin","if-none-match":"\"52251ef97c000acd79b6bf57f25ff0131e9dd665-gzip\""},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":160,"contentLength":9},"message":"GET /bootstrap.js 200 160ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/opensearchDashboardsUtils/opensearchDashboardsUtils.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":35,"contentLength":9},"message":"GET /49007/bundles/plugin/opensearchDashboardsUtils/opensearchDashboardsUtils.plugin.js 200 35ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/usageCollection/usageCollection.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":56,"contentLength":9},"message":"GET /49007/bundles/plugin/usageCollection/usageCollection.plugin.js 200 56ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/core/core.entry.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":63,"contentLength":9},"message":"GET /49007/bundles/core/core.entry.js 200 63ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/opensearchDashboardsLegacy/opensearchDashboardsLegacy.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":60,"contentLength":9},"message":"GET /49007/bundles/plugin/opensearchDashboardsLegacy/opensearchDashboardsLegacy.plugin.js 200 60ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/urlForwarding/urlForwarding.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":93,"contentLength":9},"message":"GET /49007/bundles/plugin/urlForwarding/urlForwarding.plugin.js 200 93ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/charts/charts.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":94,"contentLength":9},"message":"GET /49007/bundles/plugin/charts/charts.plugin.js 200 94ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/visDefaultEditor/visDefaultEditor.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":51,"contentLength":9},"message":"GET /49007/bundles/plugin/visDefaultEditor/visDefaultEditor.plugin.js 200 51ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/data/data.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":56,"contentLength":9},"message":"GET /49007/bundles/plugin/data/data.plugin.js 200 56ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/wazuh/wazuh.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":41,"contentLength":9},"message":"GET /49007/bundles/plugin/wazuh/wazuh.plugin.js 200 41ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/opensearchUiShared/opensearchUiShared.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":10,"contentLength":9},"message":"GET /49007/bundles/plugin/opensearchUiShared/opensearchUiShared.plugin.js 200 10ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/inspector/inspector.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":49,"contentLength":9},"message":"GET /49007/bundles/plugin/inspector/inspector.plugin.js 200 49ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/share/share.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":18,"contentLength":9},"message":"GET /49007/bundles/plugin/share/share.plugin.js 200 18ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/embeddable/embeddable.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":13,"contentLength":9},"message":"GET /49007/bundles/plugin/embeddable/embeddable.plugin.js 200 13ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/uiActions/uiActions.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":51,"contentLength":9},"message":"GET /49007/bundles/plugin/uiActions/uiActions.plugin.js 200 51ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/home/home.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":17,"contentLength":9},"message":"GET /49007/bundles/plugin/home/home.plugin.js 200 17ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/opensearchDashboardsReact/opensearchDashboardsReact.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":15,"contentLength":9},"message":"GET /49007/bundles/plugin/opensearchDashboardsReact/opensearchDashboardsReact.plugin.js 200 15ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/discover/discover.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":16,"contentLength":9},"message":"GET /49007/bundles/plugin/discover/discover.plugin.js 200 16ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/visAugmenter/visAugmenter.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":58,"contentLength":9},"message":"GET /49007/bundles/plugin/visAugmenter/visAugmenter.plugin.js 200 58ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/savedObjectsManagement/savedObjectsManagement.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":56,"contentLength":9},"message":"GET /49007/bundles/plugin/savedObjectsManagement/savedObjectsManagement.plugin.js 200 56ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/savedObjects/savedObjects.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":21,"contentLength":9},"message":"GET /49007/bundles/plugin/savedObjects/savedObjects.plugin.js 200 21ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/visTypeVega/visTypeVega.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":25,"contentLength":9},"message":"GET /49007/bundles/plugin/visTypeVega/visTypeVega.plugin.js 200 25ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/visTypeTimeline/visTypeTimeline.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":58,"contentLength":9},"message":"GET /49007/bundles/plugin/visTypeTimeline/visTypeTimeline.plugin.js 200 58ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/visTypeTable/visTypeTable.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":58,"contentLength":9},"message":"GET /49007/bundles/plugin/visTypeTable/visTypeTable.plugin.js 200 58ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/visTypeMarkdown/visTypeMarkdown.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":13,"contentLength":9},"message":"GET /49007/bundles/plugin/visTypeMarkdown/visTypeMarkdown.plugin.js 200 13ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/visBuilder/visBuilder.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":20,"contentLength":9},"message":"GET /49007/bundles/plugin/visBuilder/visBuilder.plugin.js 200 20ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/visTypeVislib/visTypeVislib.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":20,"contentLength":9},"message":"GET /49007/bundles/plugin/visTypeVislib/visTypeVislib.plugin.js 200 20ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/tileMap/tileMap.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":17,"contentLength":9},"message":"GET /49007/bundles/plugin/tileMap/tileMap.plugin.js 200 17ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/regionMap/regionMap.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":20,"contentLength":9},"message":"GET /49007/bundles/plugin/regionMap/regionMap.plugin.js 200 20ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/managementOverview/managementOverview.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":20,"contentLength":9},"message":"GET /49007/bundles/plugin/managementOverview/managementOverview.plugin.js 200 20ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/visualizations/visualizations.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":25,"contentLength":9},"message":"GET /49007/bundles/plugin/visualizations/visualizations.plugin.js 200 25ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/inputControlVis/inputControlVis.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":12,"contentLength":9},"message":"GET /49007/bundles/plugin/inputControlVis/inputControlVis.plugin.js 200 12ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/visualize/visualize.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":25,"contentLength":9},"message":"GET /49007/bundles/plugin/visualize/visualize.plugin.js 200 25ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/opensearchDashboardsOverview/opensearchDashboardsOverview.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":42,"contentLength":9},"message":"GET /49007/bundles/plugin/opensearchDashboardsOverview/opensearchDashboardsOverview.plugin.js 200 42ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/management/management.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":66,"contentLength":9},"message":"GET /49007/bundles/plugin/management/management.plugin.js 200 66ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/indexManagementDashboards/indexManagementDashboards.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":76,"contentLength":9},"message":"GET /49007/bundles/plugin/indexManagementDashboards/indexManagementDashboards.plugin.js 200 76ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/notificationsDashboards/notificationsDashboards.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":78,"contentLength":9},"message":"GET /49007/bundles/plugin/notificationsDashboards/notificationsDashboards.plugin.js 200 78ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/visTypeTagcloud/visTypeTagcloud.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":34,"contentLength":9},"message":"GET /49007/bundles/plugin/visTypeTagcloud/visTypeTagcloud.plugin.js 200 34ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/indexPatternManagement/indexPatternManagement.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":32,"contentLength":9},"message":"GET /49007/bundles/plugin/indexPatternManagement/indexPatternManagement.plugin.js 200 32ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/bfetch/bfetch.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":29,"contentLength":9},"message":"GET /49007/bundles/plugin/bfetch/bfetch.plugin.js 200 29ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/advancedSettings/advancedSettings.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":30,"contentLength":9},"message":"GET /49007/bundles/plugin/advancedSettings/advancedSettings.plugin.js 200 30ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/securityDashboards/securityDashboards.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":34,"contentLength":9},"message":"GET /49007/bundles/plugin/securityDashboards/securityDashboards.plugin.js 200 34ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/dataExplorer/dataExplorer.plugin.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":37,"contentLength":9},"message":"GET /49007/bundles/plugin/dataExplorer/dataExplorer.plugin.js 200 37ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/ui/favicons/favicon-16x16.png","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"image","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin","priority":"u=6"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":11,"contentLength":9},"message":"GET /ui/favicons/favicon-16x16.png 200 11ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:39Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/ui/favicons/apple-touch-icon.png","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"image","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin","priority":"u=6"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":15,"contentLength":9},"message":"GET /ui/favicons/apple-touch-icon.png 200 15ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:41Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/translations/en.json","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wz-home","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":9,"contentLength":9},"message":"GET /translations/en.json 200 9ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:41Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/osd-ui-shared-deps/osd-ui-shared-deps.css","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"text/css,*/*;q=0.1","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"style","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin","priority":"u=2"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":7,"contentLength":9},"message":"GET /49007/bundles/osd-ui-shared-deps/osd-ui-shared-deps.css 200 7ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:41Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/node_modules/@osd/ui-framework/dist/kui_light.css","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"text/css,*/*;q=0.1","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"style","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin","priority":"u=2"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":58,"contentLength":9},"message":"GET /node_modules/@osd/ui-framework/dist/kui_light.css 200 58ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:41Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/ui/legacy_light_theme.css","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"text/css,*/*;q=0.1","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"style","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin","priority":"u=2"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":63,"contentLength":9},"message":"GET /ui/legacy_light_theme.css 200 63ms - 9.0B"}
[agentkeepalive:deprecated] options.freeSocketKeepAliveTimeout is deprecated, please use options.freeSocketTimeout instead
{"type":"response","@timestamp":"2024-10-04T17:32:42Z","tags":[],"pid":54,"method":"post","statusCode":200,"req":{"url":"/api/ism/apiCaller","method":"post","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wz-home","content-type":"application/json","osd-version":"2.13.0","osd-xsrf":"osd-fetch","content-length":"82","origin":"https://0.0.0.0","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":65,"contentLength":9},"message":"POST /api/ism/apiCaller 200 65ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:42Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/api/v1/restapiinfo","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wz-home","content-type":"application/json","osd-version":"2.13.0","osd-xsrf":"osd-fetch","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":43,"contentLength":9},"message":"GET /api/v1/restapiinfo 200 43ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:42Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/api/v1/configuration/account","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wz-home","content-type":"application/json","osd-version":"2.13.0","osd-xsrf":"osd-fetch","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":86,"contentLength":9},"message":"GET /api/v1/configuration/account 200 86ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:42Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/api/v1/auth/dashboardsinfo","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wz-home","content-type":"application/json","osd-version":"2.13.0","osd-xsrf":"osd-fetch","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":54,"contentLength":9},"message":"GET /api/v1/auth/dashboardsinfo 200 54ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:42Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/elastic/security/current-platform","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wz-home","content-type":"application/json","osd-version":"2.13.0","osd-xsrf":"osd-fetch","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":16,"contentLength":9},"message":"GET /elastic/security/current-platform 200 16ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:42Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/api/logos","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wz-home","content-type":"application/json","osd-version":"2.13.0","osd-xsrf":"osd-fetch","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":6,"contentLength":9},"message":"GET /api/logos 200 6ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:42Z","tags":[],"pid":54,"method":"post","statusCode":200,"req":{"url":"/api/core/capabilities","method":"post","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wz-home","content-type":"application/json","osd-version":"2.13.0","osd-xsrf":"osd-fetch","content-length":"959","origin":"https://0.0.0.0","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":13,"contentLength":9},"message":"POST /api/core/capabilities 200 13ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:43Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/api/setup","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wz-home","content-type":"application/json","osd-version":"2.13.0","osd-xsrf":"osd-fetch","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":48,"contentLength":9},"message":"GET /api/setup 200 48ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:43Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/api/v1/configuration/account","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wz-home","content-type":"application/json","osd-version":"2.13.0","osd-xsrf":"osd-fetch","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":58,"contentLength":9},"message":"GET /api/v1/configuration/account 200 58ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:43Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/49007/bundles/plugin/wazuh/wazuh.chunk.4.js","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"script","sec-fetch-mode":"no-cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":2,"contentLength":9},"message":"GET /49007/bundles/plugin/wazuh/wazuh.chunk.4.js 200 2ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:43Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/ui/fonts/inter_ui/Inter-UI-Medium.woff2","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8","accept-language":"en-US,en;q=0.5","accept-encoding":"identity","connection":"keep-alive","referer":"https://0.0.0.0/app/wz-home","sec-fetch-dest":"font","sec-fetch-mode":"cors","sec-fetch-site":"same-origin"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":11,"contentLength":9},"message":"GET /ui/fonts/inter_ui/Inter-UI-Medium.woff2 200 11ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:43Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/api/v1/auth/dashboardsinfo","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wz-home","content-type":"application/json","osd-version":"2.13.0","osd-xsrf":"osd-fetch","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":72,"contentLength":9},"message":"GET /api/v1/auth/dashboardsinfo 200 72ms - 9.0B"}
{"type":"response","@timestamp":"2024-10-04T17:32:43Z","tags":[],"pid":54,"method":"get","statusCode":200,"req":{"url":"/api/v1/auth/dashboardsinfo","method":"get","headers":{"host":"0.0.0.0","user-agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","accept":"*/*","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","referer":"https://0.0.0.0/app/wz-home","content-type":"application/json","osd-version":"2.13.0","osd-xsrf":"osd-fetch","connection":"keep-alive","sec-fetch-dest":"empty","sec-fetch-mode":"cors","sec-fetch-site":"same-origin","priority":"u=4"},"remoteAddress":"172.18.0.1","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0","referer":"https://0.0.0.0/app/wz-home"},"res":{"statusCode":200,"responseTime":64,"contentLength":9},"message":"GET /api/v1/auth/dashboardsinfo 200 64ms - 9.0B"}
$ docker logs single-node-wazuh.indexer-1
WARNING: A terminally deprecated method in java.lang.System has been called
WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.OpenSearch (file:/usr/share/wazuh-indexer/lib/opensearch-2.13.0.jar)
WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.OpenSearch
WARNING: System::setSecurityManager will be removed in a future release
Oct 04, 2024 5:32:00 PM sun.util.locale.provider.LocaleProviderAdapter <clinit>
WARNING: COMPAT locale provider will be removed in a future release
WARNING: A terminally deprecated method in java.lang.System has been called
WARNING: System::setSecurityManager has been called by org.opensearch.bootstrap.Security (file:/usr/share/wazuh-indexer/lib/opensearch-2.13.0.jar)
WARNING: Please consider reporting this to the maintainers of org.opensearch.bootstrap.Security
WARNING: System::setSecurityManager will be removed in a future release
[2024-10-04T17:32:01,592][INFO ][o.o.n.Node               ] [wazuh.indexer] version[2.13.0], pid[1], build[rpm/9fd1835bba77ae04d48550eb4dc9be4787070806/2024-08-30T10:04:33.447803Z], OS[Linux/6.8.0-45-generic/amd64], JVM[Eclipse Adoptium/OpenJDK 64-Bit Server VM/21.0.2/21.0.2+13-LTS]
[2024-10-04T17:32:01,600][INFO ][o.o.n.Node               ] [wazuh.indexer] JVM home [/usr/share/wazuh-indexer/jdk], using bundled JDK/JRE [true]
[2024-10-04T17:32:01,602][INFO ][o.o.n.Node               ] [wazuh.indexer] JVM arguments [-Xshare:auto, -Dopensearch.networkaddress.cache.ttl=60, -Dopensearch.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.security.manager=allow, -Djava.locale.providers=SPI,COMPAT, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=/tmp/opensearch-3188154812931614830, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=/var/lib/wazuh-indexer, -XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Djava.security.manager=allow, -Djava.util.concurrent.ForkJoinPool.common.threadFactory=org.opensearch.secure_sm.SecuredForkJoinWorkerThreadFactory, -Dclk.tck=100, -Djdk.attach.allowAttachSelf=true, -Djava.security.policy=file:///usr/share/wazuh-indexer/opensearch-performance-analyzer/opensearch_security.policy, --add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED, -Xms1g, -Xmx1g, -XX:MaxDirectMemorySize=536870912, -Dopensearch.path.home=/usr/share/wazuh-indexer, -Dopensearch.path.conf=/usr/share/wazuh-indexer, -Dopensearch.distribution.type=rpm, -Dopensearch.bundled_jdk=true]
[2024-10-04T17:32:04,041][INFO ][o.o.s.s.t.SSLConfig      ] [wazuh.indexer] SSL dual mode is disabled
[2024-10-04T17:32:04,042][INFO ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] OpenSearch Config path is /usr/share/wazuh-indexer
[2024-10-04T17:32:04,983][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] JVM supports TLSv1.3
[2024-10-04T17:32:04,993][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] Config directory is /usr/share/wazuh-indexer/, from there the key- and truststore files are resolved relatively
[2024-10-04T17:32:05,597][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] TLS Transport Client Provider : JDK
[2024-10-04T17:32:05,598][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] TLS Transport Server Provider : JDK
[2024-10-04T17:32:05,598][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] TLS HTTP Provider             : JDK
[2024-10-04T17:32:05,599][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] Enabled TLS protocols for transport layer : [TLSv1.3, TLSv1.2]
[2024-10-04T17:32:05,599][INFO ][o.o.s.s.DefaultSecurityKeyStore] [wazuh.indexer] Enabled TLS protocols for HTTP layer      : [TLSv1.3, TLSv1.2]
[2024-10-04T17:32:05,652][INFO ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] Clustername: opensearch
[2024-10-04T17:32:05,833][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] Directory /usr/share/wazuh-indexer/certs has insecure file permissions (should be 0700)
[2024-10-04T17:32:05,834][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] Directory /usr/share/wazuh-indexer/.cache has insecure file permissions (should be 0700)
[2024-10-04T17:32:05,834][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] Directory /usr/share/wazuh-indexer/.cache/JNA has insecure file permissions (should be 0700)
[2024-10-04T17:32:05,835][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] Directory /usr/share/wazuh-indexer/.cache/JNA/temp has insecure file permissions (should be 0700)
[2024-10-04T17:32:05,836][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] Directory /usr/share/wazuh-indexer/logs has insecure file permissions (should be 0700)
[2024-10-04T17:32:05,836][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/opensearch.yml has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,836][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/performance-analyzer-rca/bin/performance-analyzer-agent has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,837][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/performance-analyzer-rca/bin/performance-analyzer-rca has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,838][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/lib/jspawnhelper has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,838][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/lib/modules has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,838][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/serialver has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,839][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jdeprscan has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,839][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jmod has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,839][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jrunscript has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,840][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/java has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,840][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jwebserver has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,840][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jfr has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,841][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jstack has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,841][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jinfo has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,842][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/javadoc has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,842][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jlink has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,842][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jimage has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,843][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/javap has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,843][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jar has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,843][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jhsdb has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,843][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jshell has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,847][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jcmd has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,848][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jstatd has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,848][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/javac has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,849][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jps has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,849][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jdb has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,850][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jdeps has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,852][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jconsole has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,852][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jstat has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,852][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jarsigner has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,853][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jmap has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,853][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/rmiregistry has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,853][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/jpackage has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,853][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/jdk/bin/keytool has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,854][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/opensearch-security/internal_users.yml has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,855][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/plugins/opensearch-security/tools/audit_config_migrater.sh has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,858][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-certs-tool.sh has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,860][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/plugins/opensearch-security/tools/hash.sh has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,860][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-passwords-tool.sh has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,861][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,861][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/bin/opensearch-plugin has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,861][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/bin/opensearch-env has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,861][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/bin/opensearch-performance-analyzer/performance-analyzer-agent has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,862][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/bin/opensearch-performance-analyzer/performance-analyzer-agent-cli has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,862][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/bin/opensearch-env-from-file has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,862][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/bin/indexer-security-init.sh has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,862][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/bin/opensearch-upgrade has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,863][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/bin/opensearch-shard has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,863][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/bin/opensearch-cli has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,863][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/bin/systemd-entrypoint has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,863][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/bin/opensearch-keystore has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,865][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/bin/opensearch has insecure file permissions (should be 0600)
[2024-10-04T17:32:05,867][WARN ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] File /usr/share/wazuh-indexer/bin/opensearch-node has insecure file permissions (should be 0600)
[2024-10-04T17:32:15,508][INFO ][o.o.p.c.c.PluginSettings ] [wazuh.indexer] Trying to create directory /dev/shm/performanceanalyzer/.
[2024-10-04T17:32:15,509][INFO ][o.o.p.c.c.PluginSettings ] [wazuh.indexer] Config: metricsLocation: /dev/shm/performanceanalyzer/, metricsDeletionInterval: 1, httpsEnabled: false, cleanup-metrics-db-files: true, batch-metrics-retention-period-minutes: 7, rpc-port: 9650, webservice-port 9600
[2024-10-04T17:32:16,065][INFO ][o.o.i.r.ReindexPlugin    ] [wazuh.indexer] ReindexPlugin reloadSPI called
[2024-10-04T17:32:16,068][INFO ][o.o.i.r.ReindexPlugin    ] [wazuh.indexer] Unable to find any implementation for RemoteReindexExtension
[2024-10-04T17:32:16,111][INFO ][o.o.j.JobSchedulerPlugin ] [wazuh.indexer] Loaded scheduler extension: opendistro_anomaly_detector, index: .opendistro-anomaly-detector-jobs
[2024-10-04T17:32:16,142][INFO ][o.o.j.JobSchedulerPlugin ] [wazuh.indexer] Loaded scheduler extension: reports-scheduler, index: .opendistro-reports-definitions
[2024-10-04T17:32:16,144][INFO ][o.o.j.JobSchedulerPlugin ] [wazuh.indexer] Loaded scheduler extension: opendistro-index-management, index: .opendistro-ism-config
[2024-10-04T17:32:16,146][INFO ][o.o.j.JobSchedulerPlugin ] [wazuh.indexer] Loaded scheduler extension: scheduler_geospatial_ip2geo_datasource, index: .scheduler-geospatial-ip2geo-datasource
[2024-10-04T17:32:16,149][INFO ][o.o.j.JobSchedulerPlugin ] [wazuh.indexer] Loaded scheduler extension: opensearch_sap_job, index: .opensearch-sap--job
[2024-10-04T17:32:16,157][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [aggs-matrix-stats]
[2024-10-04T17:32:16,158][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [analysis-common]
[2024-10-04T17:32:16,159][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [cache-common]
[2024-10-04T17:32:16,159][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [geo]
[2024-10-04T17:32:16,159][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [ingest-common]
[2024-10-04T17:32:16,159][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [ingest-geoip]
[2024-10-04T17:32:16,160][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [ingest-user-agent]
[2024-10-04T17:32:16,160][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [lang-expression]
[2024-10-04T17:32:16,160][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [lang-mustache]
[2024-10-04T17:32:16,161][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [lang-painless]
[2024-10-04T17:32:16,161][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [mapper-extras]
[2024-10-04T17:32:16,161][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [opensearch-dashboards]
[2024-10-04T17:32:16,162][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [parent-join]
[2024-10-04T17:32:16,162][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [percolator]
[2024-10-04T17:32:16,162][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [rank-eval]
[2024-10-04T17:32:16,162][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [reindex]
[2024-10-04T17:32:16,163][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [repository-url]
[2024-10-04T17:32:16,163][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [search-pipeline-common]
[2024-10-04T17:32:16,164][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [systemd]
[2024-10-04T17:32:16,164][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded module [transport-netty4]
[2024-10-04T17:32:16,165][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-alerting]
[2024-10-04T17:32:16,165][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-anomaly-detection]
[2024-10-04T17:32:16,166][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-asynchronous-search]
[2024-10-04T17:32:16,166][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-cross-cluster-replication]
[2024-10-04T17:32:16,166][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-geospatial]
[2024-10-04T17:32:16,166][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-index-management]
[2024-10-04T17:32:16,166][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-job-scheduler]
[2024-10-04T17:32:16,166][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-knn]
[2024-10-04T17:32:16,166][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-ml]
[2024-10-04T17:32:16,166][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-neural-search]
[2024-10-04T17:32:16,167][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-notifications]
[2024-10-04T17:32:16,167][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-notifications-core]
[2024-10-04T17:32:16,167][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-observability]
[2024-10-04T17:32:16,167][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-performance-analyzer]
[2024-10-04T17:32:16,168][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-reports-scheduler]
[2024-10-04T17:32:16,168][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-security]
[2024-10-04T17:32:16,168][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-security-analytics]
[2024-10-04T17:32:16,168][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] loaded plugin [opensearch-sql]
[2024-10-04T17:32:16,324][INFO ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] Disabled https compression by default to mitigate BREACH attacks. You can enable it by setting 'http.compression: true' in opensearch.yml
[2024-10-04T17:32:16,332][INFO ][o.o.e.ExtensionsManager  ] [wazuh.indexer] ExtensionsManager initialized
[2024-10-04T17:32:16,358][INFO ][o.a.l.s.MemorySegmentIndexInputProvider] [wazuh.indexer] Using MemorySegmentIndexInput with Java 21 or later; to disable start with -Dorg.apache.lucene.store.MMapDirectory.enableMemorySegments=false
[2024-10-04T17:32:16,383][INFO ][o.o.e.NodeEnvironment    ] [wazuh.indexer] using [1] data paths, mounts [[/var/lib/wazuh-indexer (/dev/sda5)]], net usable_space [31gb], net total_space [99.9gb], types [ext4]
[2024-10-04T17:32:16,384][INFO ][o.o.e.NodeEnvironment    ] [wazuh.indexer] heap size [1gb], compressed ordinary object pointers [true]
[2024-10-04T17:32:16,546][INFO ][o.o.n.Node               ] [wazuh.indexer] node name [wazuh.indexer], node ID [k8kFOxF9SYWybkfeDKvTUQ], cluster name [opensearch], roles [ingest, remote_cluster_client, data, cluster_manager]
[2024-10-04T17:32:19,488][INFO ][o.o.n.p.NeuralSearch     ] [wazuh.indexer] Registering hybrid query phase searcher with feature flag [plugins.neural_search.hybrid_search_disabled]
[2024-10-04T17:32:20,046][WARN ][o.o.s.c.Salt             ] [wazuh.indexer] If you plan to use field masking pls configure compliance salt e1ukloTsQlOgPquJ to be a random string of 16 chars length identical on all nodes
[2024-10-04T17:32:20,071][ERROR][o.o.s.a.s.SinkProvider   ] [wazuh.indexer] Default endpoint could not be created, auditlog will not work properly.
[2024-10-04T17:32:20,073][WARN ][o.o.s.a.r.AuditMessageRouter] [wazuh.indexer] No default storage available, audit log may not work properly. Please check configuration.
[2024-10-04T17:32:20,074][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Message routing enabled: false
[2024-10-04T17:32:20,105][INFO ][o.o.s.f.SecurityFilter   ] [wazuh.indexer] <NONE> indices are made immutable.
[2024-10-04T17:32:20,565][INFO ][o.o.a.b.ADCircuitBreakerService] [wazuh.indexer] Registered memory breaker.
[2024-10-04T17:32:21,172][INFO ][o.o.m.b.MLCircuitBreakerService] [wazuh.indexer] Registered ML memory breaker.
[2024-10-04T17:32:21,173][INFO ][o.o.m.b.MLCircuitBreakerService] [wazuh.indexer] Registered ML disk breaker.
[2024-10-04T17:32:21,173][INFO ][o.o.m.b.MLCircuitBreakerService] [wazuh.indexer] Registered ML native memory breaker.
[2024-10-04T17:32:21,307][INFO ][o.r.Reflections          ] [wazuh.indexer] Reflections took 54 ms to scan 1 urls, producing 22 keys and 63 values 
[2024-10-04T17:32:21,407][WARN ][o.o.s.p.SQLPlugin        ] [wazuh.indexer] Master key is a required config for using create and update datasource APIs. Please set plugins.query.datasources.encryption.masterkey config in opensearch.yml in all the cluster nodes. More details can be found here: https://github.com/opensearch-project/sql/blob/main/docs/user/ppl/admin/datasources.rst#master-key-config-for-encrypting-credential-information
[2024-10-04T17:32:22,239][INFO ][o.o.t.NettyAllocator     ] [wazuh.indexer] creating NettyAllocator with the following configs: [name=unpooled, suggested_max_allocation_size=256kb, factors={opensearch.unsafe.use_unpooled_allocator=null, g1gc_enabled=true, g1gc_region_size=1mb, heap_size=1gb}]
[2024-10-04T17:32:22,243][INFO ][o.o.s.s.t.SSLConfig      ] [wazuh.indexer] SSL dual mode is disabled
[2024-10-04T17:32:22,412][INFO ][o.o.d.DiscoveryModule    ] [wazuh.indexer] using discovery type [single-node] and seed hosts providers [settings]
[2024-10-04T17:32:23,240][WARN ][o.o.g.DanglingIndicesState] [wazuh.indexer] gateway.auto_import_dangling_indices is disabled, dangling indices will not be automatically detected or imported and must be managed manually
[2024-10-04T17:32:24,256][INFO ][o.o.p.h.c.PerformanceAnalyzerConfigAction] [wazuh.indexer] PerformanceAnalyzer Enabled: false
[2024-10-04T17:32:24,311][INFO ][o.o.n.Node               ] [wazuh.indexer] initialized
[2024-10-04T17:32:24,313][INFO ][o.o.n.Node               ] [wazuh.indexer] starting ...
[2024-10-04T17:32:24,361][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [windows_logtype.json] log type
[2024-10-04T17:32:24,363][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [waf_logtype.json] log type
[2024-10-04T17:32:24,365][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [vpcflow_logtype.json] log type
[2024-10-04T17:32:24,366][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [test_windows_logtype.json] log type
[2024-10-04T17:32:24,367][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [s3_logtype.json] log type
[2024-10-04T17:32:24,368][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [others_web_logtype.json] log type
[2024-10-04T17:32:24,369][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [others_proxy_logtype.json] log type
[2024-10-04T17:32:24,370][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [others_macos_logtype.json] log type
[2024-10-04T17:32:24,370][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [others_compliance_logtype.json] log type
[2024-10-04T17:32:24,371][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [others_cloud_logtype.json] log type
[2024-10-04T17:32:24,372][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [others_apt_logtype.json] log type
[2024-10-04T17:32:24,373][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [others_application_logtype.json] log type
[2024-10-04T17:32:24,373][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [okta_logtype.json] log type
[2024-10-04T17:32:24,374][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [network_logtype.json] log type
[2024-10-04T17:32:24,376][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [netflow_logtype.json] log type
[2024-10-04T17:32:24,378][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [m365_logtype.json] log type
[2024-10-04T17:32:24,378][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [linux_logtype.json] log type
[2024-10-04T17:32:24,379][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [gworkspace_logtype.json] log type
[2024-10-04T17:32:24,380][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [github_logtype.json] log type
[2024-10-04T17:32:24,381][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [dns_logtype.json] log type
[2024-10-04T17:32:24,382][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [cloudtrail_logtype.json] log type
[2024-10-04T17:32:24,383][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [azure_logtype.json] log type
[2024-10-04T17:32:24,383][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [apache_access_logtype.json] log type
[2024-10-04T17:32:24,384][INFO ][o.o.s.l.BuiltinLogTypeLoader] [wazuh.indexer] Loaded [ad_ldap_logtype.json] log type
[2024-10-04T17:32:24,577][INFO ][o.o.t.TransportService   ] [wazuh.indexer] publish_address {172.18.0.2:9300}, bound_addresses {[::]:9300}
[2024-10-04T17:32:24,581][INFO ][o.o.t.TransportService   ] [wazuh.indexer] Remote clusters initialized successfully.
[2024-10-04T17:32:24,973][INFO ][o.o.c.c.Coordinator      ] [wazuh.indexer] cluster UUID [wgZWmmt6SPmZG2MclgkngA]
[2024-10-04T17:32:25,139][INFO ][o.o.c.s.MasterService    ] [wazuh.indexer] elected-as-cluster-manager ([1] nodes joined)[{wazuh.indexer}{k8kFOxF9SYWybkfeDKvTUQ}{xbQvLfCWT9Kg2mjoA3kyJQ}{172.18.0.2}{172.18.0.2:9300}{dimr}{shard_indexing_pressure_enabled=true} elect leader, _BECOME_CLUSTER_MANAGER_TASK_, _FINISH_ELECTION_], term: 3, version: 56, delta: cluster-manager node changed {previous [], current [{wazuh.indexer}{k8kFOxF9SYWybkfeDKvTUQ}{xbQvLfCWT9Kg2mjoA3kyJQ}{172.18.0.2}{172.18.0.2:9300}{dimr}{shard_indexing_pressure_enabled=true}]}
[2024-10-04T17:32:25,258][INFO ][o.o.c.s.ClusterApplierService] [wazuh.indexer] cluster-manager node changed {previous [], current [{wazuh.indexer}{k8kFOxF9SYWybkfeDKvTUQ}{xbQvLfCWT9Kg2mjoA3kyJQ}{172.18.0.2}{172.18.0.2:9300}{dimr}{shard_indexing_pressure_enabled=true}]}, term: 3, version: 56, reason: Publication{term=3, version=56}
[2024-10-04T17:32:25,269][INFO ][o.o.a.c.ADClusterEventListener] [wazuh.indexer] Cluster is not recovered yet.
[2024-10-04T17:32:25,282][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-10-04T17:32:25,311][INFO ][o.o.i.i.ManagedIndexCoordinator] [wazuh.indexer] Cache cluster manager node onClusterManager time: 1728063145311
[2024-10-04T17:32:25,325][WARN ][o.o.p.c.s.h.ConfigOverridesClusterSettingHandler] [wazuh.indexer] Config override setting update called with empty string. Ignoring.
[2024-10-04T17:32:25,336][INFO ][o.o.d.PeerFinder         ] [wazuh.indexer] setting findPeersInterval to [1s] as node commission status = [true] for local node [{wazuh.indexer}{k8kFOxF9SYWybkfeDKvTUQ}{xbQvLfCWT9Kg2mjoA3kyJQ}{172.18.0.2}{172.18.0.2:9300}{dimr}{shard_indexing_pressure_enabled=true}]
[2024-10-04T17:32:25,369][INFO ][o.o.h.AbstractHttpServerTransport] [wazuh.indexer] publish_address {172.18.0.2:9200}, bound_addresses {[::]:9200}
[2024-10-04T17:32:25,369][INFO ][o.o.n.Node               ] [wazuh.indexer] started
[2024-10-04T17:32:25,370][INFO ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] Node started
[2024-10-04T17:32:25,370][INFO ][o.o.s.c.ConfigurationRepository] [wazuh.indexer] Will attempt to create index .opendistro_security and default configs if they are absent
[2024-10-04T17:32:25,374][INFO ][o.o.s.OpenSearchSecurityPlugin] [wazuh.indexer] 0 OpenSearch Security modules loaded so far: []
[2024-10-04T17:32:25,373][INFO ][o.o.s.c.ConfigurationRepository] [wazuh.indexer] Background init thread started. Install default config?: true
[2024-10-04T17:32:25,381][INFO ][o.o.s.c.ConfigurationRepository] [wazuh.indexer] Wait for cluster to be available ...
[2024-10-04T17:32:25,439][INFO ][o.o.c.s.ClusterSettings  ] [wazuh.indexer] updating [plugins.index_state_management.template_migration.control] from [0] to [-1]
[2024-10-04T17:32:25,488][INFO ][o.o.a.c.HashRing         ] [wazuh.indexer] Node added: [k8kFOxF9SYWybkfeDKvTUQ]
[2024-10-04T17:32:25,491][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-10-04T17:32:25,494][INFO ][o.o.a.c.HashRing         ] [wazuh.indexer] Add data node to AD version hash ring: k8kFOxF9SYWybkfeDKvTUQ
[2024-10-04T17:32:25,498][INFO ][o.o.a.c.HashRing         ] [wazuh.indexer] All nodes with known AD version: {k8kFOxF9SYWybkfeDKvTUQ=ADNodeInfo{version=2.13.0, isEligibleDataNode=true}}
[2024-10-04T17:32:25,499][INFO ][o.o.a.c.HashRing         ] [wazuh.indexer] Rebuild AD hash ring for realtime AD with cooldown, nodeChangeEvents size 0
[2024-10-04T17:32:25,500][INFO ][o.o.a.c.HashRing         ] [wazuh.indexer] Build AD version hash ring successfully
[2024-10-04T17:32:25,517][INFO ][o.o.a.c.ADDataMigrator   ] [wazuh.indexer] Start migrating AD data
[2024-10-04T17:32:25,518][INFO ][o.o.a.c.ADDataMigrator   ] [wazuh.indexer] AD job index doesn't exist, no need to migrate
[2024-10-04T17:32:25,518][INFO ][o.o.a.c.ADClusterEventListener] [wazuh.indexer] Init AD version hash ring successfully
[2024-10-04T17:32:25,519][INFO ][o.o.g.GatewayService     ] [wazuh.indexer] recovered [8] indices into cluster_state
[2024-10-04T17:32:25,522][INFO ][o.o.s.l.LogTypeService   ] [wazuh.indexer] Loading builtin types!
[2024-10-04T17:32:25,527][INFO ][o.o.s.l.LogTypeService   ] [wazuh.indexer] Indexing [429] fieldMappingDocs from logTypes: 24
[2024-10-04T17:32:25,569][WARN ][o.o.o.i.ObservabilityIndex] [wazuh.indexer] message: index [.opensearch-observability/VWcRoTMLSvCq8ukqYepHUw] already exists
[2024-10-04T17:32:25,574][WARN ][o.o.s.SecurityAnalyticsPlugin] [wazuh.indexer] Failed to initialize LogType config index and builtin log types
[2024-10-04T17:32:25,787][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[.opendistro_security/xM0M4U1gTUG6ENI60ic7iA]
[2024-10-04T17:32:26,024][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[.plugins-ml-config/47ylTRfmT9KMKvWNeqHCjA]
[2024-10-04T17:32:26,050][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[.opensearch-sap-log-types-config/12bxWmGLT_6z5eSALtam6g]
[2024-10-04T17:32:26,077][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[.opensearch-observability/VWcRoTMLSvCq8ukqYepHUw]
[2024-10-04T17:32:26,199][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-10-04T17:32:26,334][INFO ][o.o.s.l.LogTypeService   ] [wazuh.indexer] Loading builtin types!
[2024-10-04T17:32:26,336][INFO ][o.o.s.l.LogTypeService   ] [wazuh.indexer] Indexing [429] fieldMappingDocs from logTypes: 24
[2024-10-04T17:32:26,380][INFO ][o.o.s.l.LogTypeService   ] [wazuh.indexer] Loading builtin types!
[2024-10-04T17:32:26,381][INFO ][o.o.s.l.LogTypeService   ] [wazuh.indexer] Indexing [429] fieldMappingDocs from logTypes: 24
[2024-10-04T17:32:26,391][INFO ][o.o.s.c.ConfigurationRepository] [wazuh.indexer] Index .opendistro_security already exists
[2024-10-04T17:32:26,391][INFO ][o.o.s.c.ConfigurationRepository] [wazuh.indexer] Node started, try to initialize it. Wait for at least yellow cluster state....
[2024-10-04T17:32:26,395][INFO ][o.o.s.i.DetectorIndexManagementService] [wazuh.indexer] info deleteOldIndices
[2024-10-04T17:32:26,401][INFO ][o.o.s.i.DetectorIndexManagementService] [wazuh.indexer] No Old Correlation Indices to delete
[2024-10-04T17:32:26,481][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-10-04T17:32:26,548][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-10-04T17:32:26,570][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Will update 'config' with /usr/share/wazuh-indexer/opensearch-security/config.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false
[2024-10-04T17:32:26,642][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[wazuh-alerts-4.x-2024.10.04/EEGgCRweQaW2QhkMdSjMqw]
[2024-10-04T17:32:26,769][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[wazuh-statistics-2024.40w/8tkjhrj8QPOql9KDYPsIQA]
[2024-10-04T17:32:26,849][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Index .opendistro_security already contains doc with id config, skipping update.
[2024-10-04T17:32:26,861][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Will update 'roles' with /usr/share/wazuh-indexer/opensearch-security/roles.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false
[2024-10-04T17:32:26,881][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Index .opendistro_security already contains doc with id roles, skipping update.
[2024-10-04T17:32:26,882][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Will update 'rolesmapping' with /usr/share/wazuh-indexer/opensearch-security/roles_mapping.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false
[2024-10-04T17:32:26,915][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Index .opendistro_security already contains doc with id rolesmapping, skipping update.
[2024-10-04T17:32:26,920][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Will update 'internalusers' with /usr/share/wazuh-indexer/opensearch-security/internal_users.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false
[2024-10-04T17:32:26,918][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-10-04T17:32:26,985][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Index .opendistro_security already contains doc with id internalusers, skipping update.
[2024-10-04T17:32:26,987][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Will update 'actiongroups' with /usr/share/wazuh-indexer/opensearch-security/action_groups.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false
[2024-10-04T17:32:26,999][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Index .opendistro_security already contains doc with id actiongroups, skipping update.
[2024-10-04T17:32:27,003][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Will update 'tenants' with /usr/share/wazuh-indexer/opensearch-security/tenants.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false
[2024-10-04T17:32:27,019][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Index .opendistro_security already contains doc with id tenants, skipping update.
[2024-10-04T17:32:27,021][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Will update 'nodesdn' with /usr/share/wazuh-indexer/opensearch-security/nodes_dn.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=true
[2024-10-04T17:32:27,029][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Index .opendistro_security already contains doc with id nodesdn, skipping update.
[2024-10-04T17:32:27,031][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Will update 'whitelist' with /usr/share/wazuh-indexer/opensearch-security/whitelist.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=true
[2024-10-04T17:32:27,041][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Index .opendistro_security already contains doc with id whitelist, skipping update.
[2024-10-04T17:32:27,045][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Will update 'allowlist' with /usr/share/wazuh-indexer/opensearch-security/allowlist.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=true
[2024-10-04T17:32:27,061][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Index .opendistro_security already contains doc with id allowlist, skipping update.
[2024-10-04T17:32:27,069][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Will update 'audit' with /usr/share/wazuh-indexer/opensearch-security/audit.yml and populate it with empty doc if file missing and populateEmptyIfFileMissing=false
[2024-10-04T17:32:27,130][INFO ][o.o.s.s.ConfigHelper     ] [wazuh.indexer] Index .opendistro_security already contains doc with id audit, skipping update.
[2024-10-04T17:32:27,188][ERROR][o.o.s.a.BackendRegistry  ] [wazuh.indexer] Not yet initialized (you may need to run securityadmin)
[2024-10-04T17:32:27,339][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-10-04T17:32:27,406][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-10-04T17:32:27,472][INFO ][stdout                   ] [wazuh.indexer] [FINE] No subscribers registered for event class org.opensearch.security.securityconf.DynamicConfigFactory$NodesDnModelImpl
[2024-10-04T17:32:27,473][INFO ][stdout                   ] [wazuh.indexer] [FINE] No subscribers registered for event class org.greenrobot.eventbus.NoSubscriberEvent
[2024-10-04T17:32:27,475][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing on REST API is enabled.
[2024-10-04T17:32:27,476][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] [AUTHENTICATED, GRANTED_PRIVILEGES] are excluded from REST API auditing.
[2024-10-04T17:32:27,476][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing on Transport API is enabled.
[2024-10-04T17:32:27,476][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] [AUTHENTICATED, GRANTED_PRIVILEGES] are excluded from Transport API auditing.
[2024-10-04T17:32:27,476][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing of request body is enabled.
[2024-10-04T17:32:27,477][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Bulk requests resolution is disabled during request auditing.
[2024-10-04T17:32:27,477][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Index resolution is enabled during request auditing.
[2024-10-04T17:32:27,478][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Sensitive headers auditing is enabled.
[2024-10-04T17:32:27,479][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing requests from kibanaserver users is disabled.
[2024-10-04T17:32:27,479][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing request headers <NONE> is disabled.
[2024-10-04T17:32:27,479][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing request url params <NONE> is disabled.
[2024-10-04T17:32:27,480][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing of external configuration is disabled.
[2024-10-04T17:32:27,487][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing of internal configuration is enabled.
[2024-10-04T17:32:27,488][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing only metadata information for read request is enabled.
[2024-10-04T17:32:27,488][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing will watch {} for read requests.
[2024-10-04T17:32:27,492][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing read operation requests from kibanaserver users is disabled.
[2024-10-04T17:32:27,493][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing only metadata information for write request is enabled.
[2024-10-04T17:32:27,493][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing diffs for write requests is disabled.
[2024-10-04T17:32:27,493][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing write operation requests from kibanaserver users is disabled.
[2024-10-04T17:32:27,493][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Auditing will watch <NONE> for write requests.
[2024-10-04T17:32:27,494][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] .opendistro_security is used as internal security index.
[2024-10-04T17:32:27,494][INFO ][o.o.s.a.i.AuditLogImpl   ] [wazuh.indexer] Internal index used for posting audit logs is null
[2024-10-04T17:32:27,494][INFO ][o.o.s.c.ConfigurationRepository] [wazuh.indexer] Hot-reloading of audit configuration is enabled
[2024-10-04T17:32:27,494][INFO ][o.o.s.c.ConfigurationRepository] [wazuh.indexer] Node 'wazuh.indexer' initialized
[2024-10-04T17:32:27,519][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[.kibana_1/qgE9hSWyTdaxMWzN0b0hng]
[2024-10-04T17:32:27,536][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[wazuh-monitoring-2024.40w/0TdrdGCaReWJKnvVwRKssg]
[2024-10-04T17:32:27,579][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-10-04T17:32:27,676][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-10-04T17:32:27,679][INFO ][o.o.c.r.a.AllocationService] [wazuh.indexer] Cluster health status changed from [RED] to [GREEN] (reason: [shards started [[.kibana_1][0]]]).
[2024-10-04T17:32:27,730][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-10-04T17:32:28,307][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[.kibana_2/kZ2E-7FXRm62WLczId9r9w]
[2024-10-04T17:32:28,344][INFO ][o.o.c.m.MetadataCreateIndexService] [wazuh.indexer] [.kibana_2] creating index, cause [api], templates [], shards [1]/[1]
[2024-10-04T17:32:28,353][INFO ][o.o.c.r.a.AllocationService] [wazuh.indexer] updating number_of_replicas to [0] for indices [.kibana_2]
[2024-10-04T17:32:28,423][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[.kibana_2/kZ2E-7FXRm62WLczId9r9w]
[2024-10-04T17:32:28,457][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-10-04T17:32:28,550][INFO ][o.o.c.r.a.AllocationService] [wazuh.indexer] Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[.kibana_2][0]]]).
[2024-10-04T17:32:28,615][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-10-04T17:32:28,771][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[.kibana_2/kZ2E-7FXRm62WLczId9r9w]
[2024-10-04T17:32:28,793][INFO ][o.o.c.m.MetadataMappingService] [wazuh.indexer] [.kibana_2/kZ2E-7FXRm62WLczId9r9w] update_mapping [_doc]
[2024-10-04T17:32:28,884][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-10-04T17:32:28,931][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[.kibana_2/kZ2E-7FXRm62WLczId9r9w]
[2024-10-04T17:32:28,956][INFO ][o.o.c.m.MetadataMappingService] [wazuh.indexer] [.kibana_2/kZ2E-7FXRm62WLczId9r9w] update_mapping [_doc]
[2024-10-04T17:32:29,024][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-10-04T17:32:29,156][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-10-04T17:32:30,101][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[UxemHrOsScO0HnAeo7OwAw/F3G8jZ4HQUKJKTvxn0p7MA]
[2024-10-04T17:32:30,129][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[D0rBAOzfRNWCQ--FgAkE0A/J4rkVbBVRHWIlYrmFdD58Q]
[2024-10-04T17:32:30,229][INFO ][o.o.c.m.MetadataUpdateSettingsService] [wazuh.indexer] updating number_of_replicas to [0] for indices [wazuh-monitoring-2024.40w]
[2024-10-04T17:32:30,250][INFO ][o.o.p.PluginsService     ] [wazuh.indexer] PluginService:onIndexModule index:[iPZyk-UzTv-ggJCHX1CUYA/UUjKD79bRciHzo-3VniE8Q]
[2024-10-04T17:32:30,272][INFO ][o.o.c.m.MetadataIndexTemplateService] [wazuh.indexer] adding template [wazuh] for index patterns [wazuh-alerts-4.x-*, wazuh-archives-4.x-*]
[2024-10-04T17:32:30,367][INFO ][o.o.a.u.d.DestinationMigrationCoordinator] [wazuh.indexer] Detected cluster change event for destination migration
[2024-10-04T17:32:35,339][INFO ][o.o.m.a.MLModelAutoReDeployer] [wazuh.indexer] Index not found, not performing auto reloading!
[2024-10-04T17:32:35,340][INFO ][o.o.m.c.MLCommonsClusterManagerEventListener] [wazuh.indexer] Starting ML sync up job...
[2024-10-04T17:32:45,347][INFO ][o.o.m.c.MLSyncUpCron     ] [wazuh.indexer] ML configuration already initialized, no action needed
[2024-10-04T17:33:25,313][INFO ][o.o.i.i.ManagedIndexCoordinator] [wazuh.indexer] Performing move cluster state metadata.
[2024-10-04T17:33:25,316][INFO ][o.o.i.i.MetadataService  ] [wazuh.indexer] ISM config index not exist, so we cancel the metadata migration job.
$ docker logs single-node-wazuh.manager-1
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 0-wazuh-init: executing... 
/var/ossec/data_tmp/permanent/var/ossec/api/configuration/
The path /var/ossec/api/configuration is already mounted
/var/ossec/data_tmp/permanent/var/ossec/etc/
The path /var/ossec/etc is already mounted
/var/ossec/data_tmp/permanent/var/ossec/logs/
The path /var/ossec/logs is already mounted
/var/ossec/data_tmp/permanent/var/ossec/queue/
The path /var/ossec/queue is already mounted
/var/ossec/data_tmp/permanent/var/ossec/agentless/
The path /var/ossec/agentless is already mounted
/var/ossec/data_tmp/permanent/var/ossec/var/multigroups/
The path /var/ossec/var/multigroups is empty, skiped
/var/ossec/data_tmp/permanent/var/ossec/integrations/
The path /var/ossec/integrations is already mounted
/var/ossec/data_tmp/permanent/var/ossec/active-response/bin/
The path /var/ossec/active-response/bin is already mounted
/var/ossec/data_tmp/permanent/var/ossec/wodles/
The path /var/ossec/wodles is already mounted
/var/ossec/data_tmp/permanent/etc/filebeat/
The path /etc/filebeat is already mounted
Updating /var/ossec/etc/internal_options.conf
Updating /var/ossec/integrations/slack
Updating /var/ossec/integrations/slack.py
Updating /var/ossec/integrations/virustotal
Updating /var/ossec/integrations/virustotal.py
Updating /var/ossec/integrations/shuffle
Updating /var/ossec/integrations/shuffle.py
Updating /var/ossec/integrations/pagerduty
Updating /var/ossec/integrations/pagerduty.py
Updating /var/ossec/integrations/maltiverse
Updating /var/ossec/integrations/maltiverse.py
Updating /var/ossec/active-response/bin/default-firewall-drop
Updating /var/ossec/active-response/bin/disable-account
Updating /var/ossec/active-response/bin/firewalld-drop
Updating /var/ossec/active-response/bin/firewall-drop
Updating /var/ossec/active-response/bin/host-deny
Updating /var/ossec/active-response/bin/ip-customblock
Updating /var/ossec/active-response/bin/ipfw
Updating /var/ossec/active-response/bin/kaspersky.py
Updating /var/ossec/active-response/bin/kaspersky
Updating /var/ossec/active-response/bin/npf
Updating /var/ossec/active-response/bin/wazuh-slack
Updating /var/ossec/active-response/bin/pf
Updating /var/ossec/active-response/bin/restart-wazuh
Updating /var/ossec/active-response/bin/restart.sh
Updating /var/ossec/active-response/bin/route-null
Updating /var/ossec/agentless/sshlogin.exp
Updating /var/ossec/agentless/ssh_pixconfig_diff
Updating /var/ossec/agentless/ssh_asa-fwsmconfig_diff
Updating /var/ossec/agentless/ssh_integrity_check_bsd
Updating /var/ossec/agentless/main.exp
Updating /var/ossec/agentless/su.exp
Updating /var/ossec/agentless/ssh_integrity_check_linux
Updating /var/ossec/agentless/register_host.sh
Updating /var/ossec/agentless/ssh_generic_diff
Updating /var/ossec/agentless/ssh_foundry_diff
Updating /var/ossec/agentless/ssh_nopass.exp
Updating /var/ossec/agentless/ssh.exp
Updating /var/ossec/wodles/utils.py
Updating /var/ossec/wodles/aws/aws-s3
Updating /var/ossec/wodles/aws/aws-s3.py
Updating /var/ossec/wodles/aws/__init__.py
Updating /var/ossec/wodles/aws/aws_tools.py
Updating /var/ossec/wodles/aws/wazuh_integration.py
Updating /var/ossec/wodles/aws/buckets_s3/__init__.py
Updating /var/ossec/wodles/aws/buckets_s3/aws_bucket.py
Updating /var/ossec/wodles/aws/buckets_s3/cloudtrail.py
Updating /var/ossec/wodles/aws/buckets_s3/config.py
Updating /var/ossec/wodles/aws/buckets_s3/guardduty.py
Updating /var/ossec/wodles/aws/buckets_s3/load_balancers.py
Updating /var/ossec/wodles/aws/buckets_s3/server_access.py
Updating /var/ossec/wodles/aws/buckets_s3/umbrella.py
Updating /var/ossec/wodles/aws/buckets_s3/vpcflow.py
Updating /var/ossec/wodles/aws/buckets_s3/waf.py
Updating /var/ossec/wodles/aws/services/__init__.py
Updating /var/ossec/wodles/aws/services/aws_service.py
Updating /var/ossec/wodles/aws/services/cloudwatchlogs.py
Updating /var/ossec/wodles/aws/services/inspector.py
Updating /var/ossec/wodles/aws/subscribers/__init__.py
Updating /var/ossec/wodles/aws/subscribers/s3_log_handler.py
Updating /var/ossec/wodles/aws/subscribers/sqs_message_processor.py
Updating /var/ossec/wodles/aws/subscribers/sqs_queue.py
Updating /var/ossec/wodles/azure/azure-logs
Updating /var/ossec/wodles/azure/azure-logs.py
Updating /var/ossec/wodles/azure/db/orm.py
Updating /var/ossec/wodles/azure/db/utils.py
Updating /var/ossec/wodles/azure/db/__init__.py
Updating /var/ossec/wodles/docker/DockerListener
Updating /var/ossec/wodles/docker/DockerListener.py
Updating /var/ossec/wodles/gcloud/gcloud
Updating /var/ossec/wodles/gcloud/gcloud.py
Updating /var/ossec/wodles/gcloud/integration.py
Updating /var/ossec/wodles/gcloud/tools.py
Updating /var/ossec/wodles/gcloud/exceptions.py
find: '/proc/373/task/373/fd/6': No such file or directory
find: '/proc/373/task/373/fdinfo/6': No such file or directory
find: '/proc/373/fd/5': No such file or directory
find: '/proc/373/fdinfo/5': No such file or directory
find: '/proc/374/task/374/fd/6': No such file or directory
find: '/proc/374/task/374/fdinfo/6': No such file or directory
find: '/proc/374/fd/5': No such file or directory
find: '/proc/374/fdinfo/5': No such file or directory
find: '/proc/375/task/375/fd/6': No such file or directory
find: '/proc/375/task/375/fdinfo/6': No such file or directory
find: '/proc/375/fd/5': No such file or directory
find: '/proc/375/fdinfo/5': No such file or directory
Identified Wazuh configuration files to mount...
'/wazuh-config-mount/etc/ossec.conf' -> '/var/ossec/etc/ossec.conf'
[cont-init.d] 0-wazuh-init: exited 0.
[cont-init.d] 1-config-filebeat: executing... 
Customize Elasticsearch ouput IP
Configuring username.
Configuring password.
Configuring SSL verification mode.
Configuring Certificate Authorities.
Configuring SSL Certificate.
Configuring SSL Key.
[cont-init.d] 1-config-filebeat: exited 0.
[cont-init.d] 2-manager: executing... 
Configuring password.
2024/10/04 17:32:04 wazuh-modulesd: WARNING: The 'vulnerability-detector' configuration is deprecated, please update your settings to use the new 'vulnerability-detection' instead (default values will be used based on your previous configurations). See https://documentation.wazuh.com
2024/10/04 17:32:04 wazuh-modulesd: WARNING: (1230): Invalid element in the configuration: 'interval'.
2024/10/04 17:32:04 wazuh-modulesd: WARNING: (1230): Invalid element in the configuration: 'min_full_scan_interval'.
2024/10/04 17:32:04 wazuh-modulesd: WARNING: (1230): Invalid element in the configuration: 'run_on_start'.
2024/10/04 17:32:04 wazuh-modulesd: WARNING: (1230): Invalid element in the configuration: 'provider'.
2024/10/04 17:32:04 wazuh-modulesd: WARNING: (1230): Invalid element in the configuration: 'provider'.
2024/10/04 17:32:04 wazuh-modulesd: WARNING: (1230): Invalid element in the configuration: 'provider'.
2024/10/04 17:32:04 wazuh-modulesd: WARNING: (1230): Invalid element in the configuration: 'provider'.
2024/10/04 17:32:04 wazuh-modulesd: WARNING: (1230): Invalid element in the configuration: 'provider'.
2024/10/04 17:32:04 wazuh-modulesd: WARNING: (1230): Invalid element in the configuration: 'provider'.
2024/10/04 17:32:04 wazuh-modulesd: WARNING: (1230): Invalid element in the configuration: 'provider'.
2024/10/04 17:32:04 wazuh-modulesd:router: INFO: Loaded router module.
2024/10/04 17:32:04 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Starting Wazuh v4.9.0...
Started wazuh-apid...
Started wazuh-csyslogd...
Started wazuh-dbd...
2024/10/04 17:32:07 wazuh-integratord: INFO: Remote integrations not configured. Clean exit.
Started wazuh-integratord...
Started wazuh-agentlessd...
Started wazuh-authd...
Started wazuh-db...
Started wazuh-execd...
Started wazuh-analysisd...
Started wazuh-syscheckd...
Started wazuh-remoted...
Started wazuh-logcollector...
Started wazuh-monitord...
2024/10/04 17:32:11 wazuh-modulesd: WARNING: The 'vulnerability-detector' configuration is deprecated, please update your settings to use the new 'vulnerability-detection' instead (default values will be used based on your previous configurations). See https://documentation.wazuh.com
2024/10/04 17:32:11 wazuh-modulesd: WARNING: (1230): Invalid element in the configuration: 'interval'.
2024/10/04 17:32:11 wazuh-modulesd: WARNING: (1230): Invalid element in the configuration: 'min_full_scan_interval'.
2024/10/04 17:32:11 wazuh-modulesd: WARNING: (1230): Invalid element in the configuration: 'run_on_start'.
2024/10/04 17:32:11 wazuh-modulesd: WARNING: (1230): Invalid element in the configuration: 'provider'.
2024/10/04 17:32:11 wazuh-modulesd: WARNING: (1230): Invalid element in the configuration: 'provider'.
2024/10/04 17:32:11 wazuh-modulesd: WARNING: (1230): Invalid element in the configuration: 'provider'.
2024/10/04 17:32:11 wazuh-modulesd: WARNING: (1230): Invalid element in the configuration: 'provider'.
2024/10/04 17:32:11 wazuh-modulesd: WARNING: (1230): Invalid element in the configuration: 'provider'.
2024/10/04 17:32:11 wazuh-modulesd: WARNING: (1230): Invalid element in the configuration: 'provider'.
2024/10/04 17:32:11 wazuh-modulesd: WARNING: (1230): Invalid element in the configuration: 'provider'.
2024/10/04 17:32:11 wazuh-modulesd:router: INFO: Loaded router module.
2024/10/04 17:32:11 wazuh-modulesd:content_manager: INFO: Loaded content_manager module.
Started wazuh-modulesd...
Completed.
[cont-init.d] 2-manager: exited 0.
[cont-init.d] done.
[services.d] starting services
starting Filebeat
[services.d] done.
2024/10/04 17:32:11 wazuh-modulesd:content_manager: INFO: Starting content_manager module.
2024/10/04 17:32:11 wazuh-modulesd:database: INFO: Module started.
2024/10/04 17:32:11 wazuh-modulesd:download: INFO: Module started.
2024/10/04 17:32:11 wazuh-modulesd:control: INFO: Starting control thread.
2024/10/04 17:32:11 sca: INFO: Starting Security Configuration Assessment scan.
2024/10/04 17:32:11 sca: INFO: Starting evaluation of policy: '/var/ossec/ruleset/sca/cis_amazon_linux_2023.yml'
2024/10/04 17:32:11 wazuh-modulesd:vulnerability-scanner: ERROR: VulnerabilityScannerFacade::start: Missing enabled field..
2024/10/04 17:32:11 wazuh-modulesd:syscollector: INFO: Module started.
2024/10/04 17:32:11 wazuh-modulesd:syscollector: INFO: Starting evaluation.
2024/10/04 17:32:11 wazuh-modulesd:syscollector: INFO: Evaluation finished.
2024-10-04T17:32:13.666Z    INFO    instance/beat.go:645    Home path: [/usr/share/filebeat] Config path: [/etc/filebeat] Data path: [/var/lib/filebeat] Logs path: [/var/log/filebeat]
2024-10-04T17:32:13.667Z    INFO    instance/beat.go:653    Beat ID: 2ed30e1f-5795-460e-b5de-0e639f165508
2024-10-04T17:32:13.668Z    INFO    [seccomp]   seccomp/seccomp.go:124  Syscall filter successfully installed
2024-10-04T17:32:13.668Z    INFO    [beat]  instance/beat.go:981    Beat info   {"system_info": {"beat": {"path": {"config": "/etc/filebeat", "data": "/var/lib/filebeat", "home": "/usr/share/filebeat", "logs": "/var/log/filebeat"}, "type": "filebeat", "uuid": "2ed30e1f-5795-460e-b5de-0e639f165508"}}}
2024-10-04T17:32:13.668Z    INFO    [beat]  instance/beat.go:990    Build info  {"system_info": {"build": {"commit": "aacf9ecd9c494aa0908f61fbca82c906b16562a8", "libbeat": "7.10.2", "time": "2021-01-12T22:10:33.000Z", "version": "7.10.2"}}}
2024-10-04T17:32:13.668Z    INFO    [beat]  instance/beat.go:993    Go runtime info {"system_info": {"go": {"os":"linux","arch":"amd64","max_procs":4,"version":"go1.14.12"}}}
2024-10-04T17:32:13.669Z    INFO    [beat]  instance/beat.go:997    Host info   {"system_info": {"host": {"architecture":"x86_64","boot_time":"2024-10-03T09:33:58Z","containerized":false,"name":"wazuh.manager","ip":["127.0.0.1/8","::1/128","172.18.0.3/16"],"kernel_version":"6.8.0-45-generic","mac":["02:42:ac:12:00:03"],"os":{"family":"redhat","platform":"amzn","name":"Amazon Linux","version":"2023","major":2023,"minor":5,"patch":20240903},"timezone":"UTC","timezone_offset_sec":0}}}
2024-10-04T17:32:13.671Z    INFO    [beat]  instance/beat.go:1026   Process info    {"system_info": {"process": {"capabilities": {"inheritable":null,"permitted":["chown","dac_override","fowner","fsetid","kill","setgid","setuid","setpcap","net_bind_service","net_raw","sys_chroot","mknod","audit_write","setfcap"],"effective":["chown","dac_override","fowner","fsetid","kill","setgid","setuid","setpcap","net_bind_service","net_raw","sys_chroot","mknod","audit_write","setfcap"],"bounding":["chown","dac_override","fowner","fsetid","kill","setgid","setuid","setpcap","net_bind_service","net_raw","sys_chroot","mknod","audit_write","setfcap"],"ambient":null}, "cwd": "/run/s6/services/filebeat", "exe": "/usr/share/filebeat/bin/filebeat", "name": "filebeat", "pid": 1054, "ppid": 1050, "seccomp": {"mode":"filter","no_new_privs":true}, "start_time": "2024-10-04T17:32:12.730Z"}}}
2024-10-04T17:32:13.671Z    INFO    instance/beat.go:299    Setup Beat: filebeat; Version: 7.10.2
2024-10-04T17:32:13.673Z    INFO    eslegclient/connection.go:99    elasticsearch url: https://wazuh.indexer:9200
2024-10-04T17:32:13.674Z    INFO    [publisher] pipeline/module.go:113  Beat name: wazuh.manager
2024-10-04T17:32:13.677Z    INFO    beater/filebeat.go:117  Enabled modules/filesets: wazuh (alerts),  ()
2024-10-04T17:32:13.679Z    INFO    instance/beat.go:455    filebeat start running.
2024-10-04T17:32:13.680Z    INFO    memlog/store.go:119 Loading data file of '/var/lib/filebeat/registry/filebeat' succeeded. Active transaction id=0
2024-10-04T17:32:13.682Z    INFO    memlog/store.go:124 Finished loading transaction log file for '/var/lib/filebeat/registry/filebeat'. Active transaction id=20
2024-10-04T17:32:13.683Z    INFO    [registrar] registrar/registrar.go:109  States Loaded from registrar: 1
2024-10-04T17:32:13.683Z    INFO    [crawler]   beater/crawler.go:71    Loading Inputs: 1
2024-10-04T17:32:13.684Z    INFO    log/input.go:157    Configured paths: [/var/ossec/logs/alerts/alerts.json]
2024-10-04T17:32:13.684Z    INFO    [crawler]   beater/crawler.go:141   Starting input (ID: 9132358592892857476)
2024-10-04T17:32:13.684Z    INFO    [crawler]   beater/crawler.go:108   Loading and starting Inputs completed. Enabled inputs: 1
2024/10/04 17:32:20 sca: INFO: Evaluation finished for policy '/var/ossec/ruleset/sca/cis_amazon_linux_2023.yml'
2024/10/04 17:32:20 sca: INFO: Security Configuration Assessment scan finished. Duration: 9 seconds.
2024-10-04T17:32:23.686Z    INFO    log/harvester.go:302    Harvester started for file: /var/ossec/logs/alerts/alerts.json
2024-10-04T17:32:24.688Z    INFO    [publisher] pipeline/retry.go:219   retryer: send unwait signal to consumer
2024-10-04T17:32:24.688Z    INFO    [publisher] pipeline/retry.go:223     done
2024-10-04T17:32:24.687Z    INFO    [publisher_pipeline_output] pipeline/output.go:143  Connecting to backoff(elasticsearch(https://wazuh.indexer:9200))
2024-10-04T17:32:26.616Z    ERROR   [publisher_pipeline_output] pipeline/output.go:154  Failed to connect to backoff(elasticsearch(https://wazuh.indexer:9200)): Get "https://wazuh.indexer:9200": dial tcp 172.18.0.2:9200: connect: connection refused
2024-10-04T17:32:26.617Z    INFO    [publisher_pipeline_output] pipeline/output.go:145  Attempting to reconnect to backoff(elasticsearch(https://wazuh.indexer:9200)) with 1 reconnect attempt(s)
2024-10-04T17:32:26.617Z    INFO    [publisher] pipeline/retry.go:219   retryer: send unwait signal to consumer
2024-10-04T17:32:26.618Z    INFO    [publisher] pipeline/retry.go:223     done
2024-10-04T17:32:29.971Z    ERROR   [publisher_pipeline_output] pipeline/output.go:154  Failed to connect to backoff(elasticsearch(https://wazuh.indexer:9200)): 503 Service Unavailable: OpenSearch Security not initialized.
2024-10-04T17:32:29.971Z    INFO    [publisher_pipeline_output] pipeline/output.go:145  Attempting to reconnect to backoff(elasticsearch(https://wazuh.indexer:9200)) with 2 reconnect attempt(s)
2024-10-04T17:32:29.972Z    INFO    [publisher] pipeline/retry.go:219   retryer: send unwait signal to consumer
2024-10-04T17:32:29.972Z    INFO    [publisher] pipeline/retry.go:223     done
2024-10-04T17:32:30.209Z    INFO    [esclientleg]   eslegclient/connection.go:314   Attempting to connect to Elasticsearch version 7.10.2
2024-10-04T17:32:30.213Z    INFO    [esclientleg]   eslegclient/connection.go:314   Attempting to connect to Elasticsearch version 7.10.2
2024-10-04T17:32:30.226Z    INFO    template/load.go:183    Existing template will be overwritten, as overwrite is enabled.
2024-10-04T17:32:30.228Z    INFO    template/load.go:117    Try loading template wazuh to Elasticsearch
2024-10-04T17:32:30.375Z    INFO    template/load.go:109    template with name 'wazuh' loaded.
2024-10-04T17:32:30.375Z    INFO    [index-management]  idxmgmt/std.go:298  Loaded index template.
2024-10-04T17:32:30.401Z    INFO    [publisher_pipeline_output] pipeline/output.go:151  Connection to backoff(elasticsearch(https://wazuh.indexer:9200)) established
2024/10/04 17:32:31 rootcheck: INFO: Ending rootcheck scan.

[vcerenu]

Multi node:

Deploy Wazuh 4.3.11

$ git checkout v4.3.11
Previous HEAD position was dcf4842 Merge pull request #1129 from wazuh/chenge_revision_number
HEAD is now at e9c1ab9 Merge pull request #835 from wazuh/modify_changelog
$ cd multi-node/
$ docker-compose -f generate-indexer-certs.yml run --rm generator
WARN[0000] multi-node/generate-indexer-certs.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion 
[+] Creating 1/1
 ✔ Network multi-node_default  Created                                                                                                                                             0.2s 
[+] Running 5/5
 ✔ generator Pulled                                                                                                                                                               14.4s 
   ✔ edaedc954fb5 Pull complete                                                                                                                                                    8.9s 
   ✔ 573f4d11a520 Pull complete                                                                                                                                                   10.7s 
   ✔ 8f200922197d Pull complete                                                                                                                                                   10.8s 
   ✔ 55a86de68c5c Pull complete                                                                                                                                                   10.9s 
The tool to create the certificates exists in the in Packages bucket
07/10/2024 13:38:00 INFO: Admin certificates created.
07/10/2024 13:38:00 INFO: Wazuh indexer certificates created.
07/10/2024 13:38:00 INFO: Wazuh server certificates created.
07/10/2024 13:38:00 INFO: Wazuh dashboard certificates created.
Moving created certificates to the destination directory
Changing certificate permissions
Setting UID indexer and dashboard
Setting UID for wazuh manager and worker
$ docker-compose up -d
WARN[0000] multi-node/docker-compose.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion 
[+] Running 53/37
 ✔ wazuh.master Pulled                                                                                                                                                           104.9s 
 ✔ wazuh.worker Pulled                                                                                                                                                           104.9s 
 ✔ wazuh.dashboard Pulled                                                                                                                                                        178.6s 
 ✔ wazuh3.indexer Pulled                                                                                                                                                          92.4s 
 ✔ nginx Pulled                                                                                                                                                                   74.7s 
 ✔ wazuh1.indexer Pulled                                                                                                                                                          92.4s 
 ✔ wazuh2.indexer Pulled                                                                                                                                                          92.4s 

[+] Running 32/32
 ✔ Volume "multi-node_worker-wazuh-queue"              Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_master-wazuh-var-multigroups"    Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_worker-wazuh-logs"               Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_wazuh-indexer-data-3"            Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_master-wazuh-integrations"       Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_master-wazuh-active-response"    Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_worker-wazuh-etc"                Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_worker-wazuh-active-response"    Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_worker-wazuh-var-multigroups"    Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_master-filebeat-etc"             Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_worker-wazuh-wodles"             Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_master-wazuh-etc"                Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_worker-wazuh-agentless"          Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_master-wazuh-logs"               Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_master-wazuh-wodles"             Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_worker-wazuh-api-configuration"  Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_master-wazuh-agentless"          Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_worker-filebeat-var"             Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_wazuh-indexer-data-1"            Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_wazuh-indexer-data-2"            Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_master-filebeat-var"             Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_worker-filebeat-etc"             Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_master-wazuh-api-configuration"  Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_master-wazuh-queue"              Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_worker-wazuh-integrations"       Created                                                                                                                     0.0s 
 ✔ Container multi-node-wazuh.worker-1                 Started                                                                                                                     4.2s 
 ✔ Container multi-node-wazuh1.indexer-1               Started                                                                                                                     5.1s 
 ✔ Container multi-node-wazuh3.indexer-1               Started                                                                                                                     4.9s 
 ✔ Container multi-node-wazuh.master-1                 Started                                                                                                                     5.0s 
 ✔ Container multi-node-wazuh2.indexer-1               Started                                                                                                                     4.1s 
 ✔ Container multi-node-wazuh.dashboard-1              Started                                                                                                                     4.4s 
 ✔ Container multi-node-nginx-1                        Started                                                                                                                     6.6s 
$ docker ps
CONTAINER ID   IMAGE                          COMMAND                  CREATED         STATUS         PORTS                                                                                                                                                 NAMES
45de19c9edc3   nginx:stable                   "/docker-entrypoint.…"   3 minutes ago   Up 3 minutes   80/tcp, 0.0.0.0:1514->1514/tcp, :::1514->1514/tcp                                                                                                     multi-node-nginx-1
a0f92232d638   wazuh/wazuh-dashboard:4.3.11   "/entrypoint.sh"         3 minutes ago   Up 3 minutes   443/tcp, 0.0.0.0:443->5601/tcp, [::]:443->5601/tcp                                                                                                    multi-node-wazuh.dashboard-1
74a18b80b302   wazuh/wazuh-indexer:4.3.11     "/entrypoint.sh open…"   3 minutes ago   Up 3 minutes   9200/tcp                                                                                                                                              multi-node-wazuh3.indexer-1
ee8778142dd1   wazuh/wazuh-manager:4.3.11     "/init"                  3 minutes ago   Up 3 minutes   1514/tcp, 0.0.0.0:1515->1515/tcp, :::1515->1515/tcp, 0.0.0.0:514->514/udp, :::514->514/udp, 1516/tcp, 0.0.0.0:55000->55000/tcp, :::55000->55000/tcp   multi-node-wazuh.master-1
e9ab3194d753   wazuh/wazuh-manager:4.3.11     "/init"                  3 minutes ago   Up 3 minutes   1514-1516/tcp, 514/udp, 55000/tcp                                                                                                                     multi-node-wazuh.worker-1
4b3f1b28609c   wazuh/wazuh-indexer:4.3.11     "/entrypoint.sh open…"   3 minutes ago   Up 3 minutes   0.0.0.0:9200->9200/tcp, :::9200->9200/tcp                                                                                                             multi-node-wazuh1.indexer-1
4fde447fecf0   wazuh/wazuh-indexer:4.3.11     "/entrypoint.sh open…"   3 minutes ago   Up 3 minutes   9200/tcp                                                                                                                                              multi-node-wazuh2.indexer-1
$ 

[vcerenu]

Turn off v4.3.11 stack, modify the repository like you have customizations and turn on v4.9.0 stack

$ docker-compose down
WARN[0000] multi-node/docker-compose.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion 
[+] Running 8/8
 ✔ Container multi-node-nginx-1            Removed                                                                                                                                 0.8s 
 ✔ Container multi-node-wazuh2.indexer-1   Removed                                                                                                                                 1.3s 
 ✔ Container multi-node-wazuh3.indexer-1   Removed                                                                                                                                 1.1s 
 ✔ Container multi-node-wazuh.dashboard-1  Removed                                                                                                                                10.8s 
 ✔ Container multi-node-wazuh.worker-1     Removed                                                                                                                                 4.7s 
 ✔ Container multi-node-wazuh.master-1     Removed                                                                                                                                 4.5s 
 ✔ Container multi-node-wazuh1.indexer-1   Removed                                                                                                                                10.6s 
 ✔ Network multi-node_default              Removed                                                                                                                                 0.2s 
$ docker-compose -f generate-indexer-certs.yml run --rm generator
WARN[0000] multi-node/generate-indexer-certs.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion 
[+] Creating 1/1
 ✔ Network multi-node_default  Created                                                                                                                                             0.2s 
The tool to create the certificates exists in the in Packages bucket
07/10/2024 14:22:24 INFO: Admin certificates created.
07/10/2024 14:22:24 INFO: Wazuh indexer certificates created.
07/10/2024 14:22:24 INFO: Wazuh server certificates created.
07/10/2024 14:22:24 INFO: Wazuh dashboard certificates created.
Moving created certificates to the destination directory
Changing certificate permissions
Setting UID indexer and dashboard
Setting UID for wazuh manager and worker
$ docker-compose up -d
WARN[0000] multi-node/docker-compose.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion 
[+] Running 47/32
 ✔ wazuh.dashboard Pulled                                                                                                                                                        286.7s 
 ✔ wazuh.worker Pulled                                                                                                                                                           227.5s 
 ✔ wazuh2.indexer Pulled                                                                                                                                                         239.5s 
 ✔ wazuh.master Pulled                                                                                                                                                           227.6s 
 ✔ wazuh1.indexer Pulled                                                                                                                                                         239.6s 
 ✔ wazuh3.indexer Pulled                                                                                                                                                         239.5s 

[+] Running 8/8
 ✔ Network multi-node_default              Created                                                                                                                                 0.4s 
 ✔ Container multi-node-wazuh.worker-1     Started                                                                                                                                 4.5s 
 ✔ Container multi-node-wazuh3.indexer-1   Started                                                                                                                                 4.6s 
 ✔ Container multi-node-wazuh.master-1     Started                                                                                                                                 4.6s 
 ✔ Container multi-node-wazuh1.indexer-1   Started                                                                                                                                 4.7s 
 ✔ Container multi-node-wazuh2.indexer-1   Started                                                                                                                                 4.6s 
 ✔ Container multi-node-wazuh.dashboard-1  Started                                                                                                                                 3.8s 
 ✔ Container multi-node-nginx-1            Started                                                                                                                              5.9s 
$ docker ps
CONTAINER ID   IMAGE                         COMMAND                  CREATED         STATUS         PORTS                                                                                                                                                 NAMES
dc7e3f354e7f   nginx:stable                  "/docker-entrypoint.…"   2 minutes ago   Up 2 minutes   80/tcp, 0.0.0.0:1514->1514/tcp, :::1514->1514/tcp                                                                                                     multi-node-nginx-1
088f65b407c0   wazuh/wazuh-dashboard:4.9.0   "/entrypoint.sh"         2 minutes ago   Up 2 minutes   443/tcp, 0.0.0.0:443->5601/tcp, [::]:443->5601/tcp                                                                                                    multi-node-wazuh.dashboard-1
ba622bfdd263   wazuh/wazuh-indexer:4.9.0     "/entrypoint.sh open…"   2 minutes ago   Up 2 minutes   9200/tcp                                                                                                                                              multi-node-wazuh2.indexer-1
7d2de31c598a   wazuh/wazuh-manager:4.9.0     "/init"                  2 minutes ago   Up 2 minutes   1514-1516/tcp, 514/udp, 55000/tcp                                                                                                                     multi-node-wazuh.worker-1
c2a84247c0ac   wazuh/wazuh-manager:4.9.0     "/init"                  2 minutes ago   Up 2 minutes   1514/tcp, 0.0.0.0:1515->1515/tcp, :::1515->1515/tcp, 0.0.0.0:514->514/udp, :::514->514/udp, 1516/tcp, 0.0.0.0:55000->55000/tcp, :::55000->55000/tcp   multi-node-wazuh.master-1
e5ba2bd030bc   wazuh/wazuh-indexer:4.9.0     "/entrypoint.sh open…"   2 minutes ago   Up 2 minutes   0.0.0.0:9200->9200/tcp, :::9200->9200/tcp                                                                                                             multi-node-wazuh1.indexer-1
520f02ec70d7   wazuh/wazuh-indexer:4.9.0     "/entrypoint.sh open…"   2 minutes ago   Up 2 minutes   9200/tcp                                                                                                                                              multi-node-wazuh3.indexer-1
$ 

[vcerenu]

Tests

v4.7.0 to 4.9.0

Single node:

Deploy Wazuh 4.7.0

$ git checkout v4.7.0
Previous HEAD position was e9c1ab9 Merge pull request #835 from wazuh/modify_changelog
HEAD is now at dcf4842 Merge pull request #1129 from wazuh/chenge_revision_number
$ cd single-node/
(failed reverse-i-search)`': ^Ccker-compose -f generate-indexer-certs.yml run --rm generator
$ docker-compose -f generate-indexer-certs.yml run --rm generator
WARN[0000] single-node/generate-indexer-certs.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion 
[+] Creating 1/1
 ✔ Network single-node_default  Created                                                                                                                                            0.2s 
The tool to create the certificates exists in the in Packages bucket
07/10/2024 14:35:22 INFO: Admin certificates created.
07/10/2024 14:35:23 INFO: Wazuh indexer certificates created.
07/10/2024 14:35:23 INFO: Wazuh server certificates created.
07/10/2024 14:35:23 INFO: Wazuh dashboard certificates created.
Moving created certificates to the destination directory
Changing certificate permissions
Setting UID indexer and dashboard
Setting UID for wazuh manager and worker
$ docker-compose up -d
WARN[0000] single-node/docker-compose.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion 
[+] Running 43/32
 ✔ wazuh.indexer Pulled                                                                                                                                                          178.9s 
 ✔ wazuh.dashboard Pulled                                                                                                                                                        248.5s 
 ✔ wazuh.manager Pulled                                                                                                                                                          146.2s 

[+] Running 17/17
 ✔ Volume "single-node_wazuh-dashboard-custom"   Created                                                                                                                           0.0s 
 ✔ Volume "single-node_filebeat_var"             Created                                                                                                                           0.0s 
 ✔ Volume "single-node_wazuh_var_multigroups"    Created                                                                                                                           0.0s 
 ✔ Volume "single-node_wazuh_integrations"       Created                                                                                                                           0.0s 
 ✔ Volume "single-node_wazuh_active_response"    Created                                                                                                                           0.0s 
 ✔ Volume "single-node_wazuh_wodles"             Created                                                                                                                           0.0s 
 ✔ Volume "single-node_wazuh-dashboard-config"   Created                                                                                                                           0.1s 
 ✔ Volume "single-node_wazuh-indexer-data"       Created                                                                                                                           0.1s 
 ✔ Volume "single-node_wazuh_queue"              Created                                                                                                                           0.1s 
 ✔ Volume "single-node_wazuh_agentless"          Created                                                                                                                           0.0s 
 ✔ Volume "single-node_wazuh_logs"               Created                                                                                                                           0.0s 
 ✔ Volume "single-node_wazuh_api_configuration"  Created                                                                                                                           0.0s 
 ✔ Volume "single-node_wazuh_etc"                Created                                                                                                                           0.0s 
 ✔ Volume "single-node_filebeat_etc"             Created                                                                                                                           0.0s 
 ✔ Container single-node-wazuh.manager-1         Started                                                                                                                           2.6s 
 ✔ Container single-node-wazuh.indexer-1         Started                                                                                                                           2.3s 
 ✔ Container single-node-wazuh.dashboard-1       Started  
$ docker ps
CONTAINER ID   IMAGE                         COMMAND                  CREATED          STATUS          PORTS                                                                                                                                                           NAMES
10610cbc7c4a   wazuh/wazuh-dashboard:4.7.0   "/entrypoint.sh"         48 seconds ago   Up 46 seconds   443/tcp, 0.0.0.0:443->5601/tcp, [::]:443->5601/tcp                                                                                                              single-node-wazuh.dashboard-1
297c84aaa123   wazuh/wazuh-manager:4.7.0     "/init"                  48 seconds ago   Up 47 seconds   0.0.0.0:1514-1515->1514-1515/tcp, :::1514-1515->1514-1515/tcp, 0.0.0.0:514->514/udp, :::514->514/udp, 0.0.0.0:55000->55000/tcp, :::55000->55000/tcp, 1516/tcp   single-node-wazuh.manager-1
3134f2608dde   wazuh/wazuh-indexer:4.7.0     "/entrypoint.sh open…"   48 seconds ago   Up 47 seconds   0.0.0.0:9200->9200/tcp, :::9200->9200/tcp                                                                                                                       single-node-wazuh.indexer-1

Turn off v4.7.0 stack, modify the repository like you have customizations and turn on v4.9.0 stack

$ docker-compose down
WARN[0000] single-node/docker-compose.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion 
[+] Running 4/4
 ✔ Container single-node-wazuh.dashboard-1  Removed                                                                                                                               10.5s 
 ✔ Container single-node-wazuh.indexer-1    Removed                                                                                                                                0.6s 
 ✔ Container single-node-wazuh.manager-1    Removed                                                                                                                                4.5s 
 ✔ Network single-node_default              Removed                                                                                                                                0.2s 
$ docker-compose up -d
WARN[0000] single-node/docker-compose.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion 
[+] Running 4/4
 ✔ Network single-node_default              Created                                                                                                                                0.2s 
 ✔ Container single-node-wazuh.manager-1    Started                                                                                                                                1.5s 
 ✔ Container single-node-wazuh.indexer-1    Started                                                                                                                                1.1s 
 ✔ Container single-node-wazuh.dashboard-1  Started                                                                                                                                2.3s 
$ docker ps
CONTAINER ID   IMAGE                         COMMAND                  CREATED          STATUS          PORTS                                                                                                                                                           NAMES
261cab396f42   wazuh/wazuh-dashboard:4.9.0   "/entrypoint.sh"         26 seconds ago   Up 24 seconds   443/tcp, 0.0.0.0:443->5601/tcp, [::]:443->5601/tcp                                                                                                              single-node-wazuh.dashboard-1
8a9f50196884   wazuh/wazuh-indexer:4.9.0     "/entrypoint.sh open…"   27 seconds ago   Up 25 seconds   0.0.0.0:9200->9200/tcp, :::9200->9200/tcp                                                                                                                       single-node-wazuh.indexer-1
3809513ec905   wazuh/wazuh-manager:4.9.0     "/init"                  27 seconds ago   Up 25 seconds   0.0.0.0:1514-1515->1514-1515/tcp, :::1514-1515->1514-1515/tcp, 0.0.0.0:514->514/udp, :::514->514/udp, 0.0.0.0:55000->55000/tcp, :::55000->55000/tcp, 1516/tcp   single-node-wazuh.manager-1

[vcerenu]

Multi node:

Deploy Wazuh 4.7.0

$ git checkout v4.7.0
Previous HEAD position was e9c1ab9 Merge pull request #835 from wazuh/modify_changelog
HEAD is now at dcf4842 Merge pull request #1129 from wazuh/chenge_revision_number
$ cd multi-node/
$ docker-compose -f generate-indexer-certs.yml run --rm generator
WARN[0000] multi-node/generate-indexer-certs.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion 
[+] Creating 1/1
 ✔ Network multi-node_default  Created                                                                                                                                             0.2s 
The tool to create the certificates exists in the in Packages bucket
07/10/2024 16:37:09 INFO: Admin certificates created.
07/10/2024 16:37:09 INFO: Wazuh indexer certificates created.
07/10/2024 16:37:10 INFO: Wazuh server certificates created.
07/10/2024 16:37:10 INFO: Wazuh dashboard certificates created.
Moving created certificates to the destination directory
Changing certificate permissions
Setting UID indexer and dashboard
Setting UID for wazuh manager and worker
$ docker-compose up -d
WARN[0000] multi-node/docker-compose.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion 
[+] Running 34/34
 ✔ Volume "multi-node_worker-wazuh-api-configuration"  Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_master-wazuh-var-multigroups"    Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_master-wazuh-wodles"             Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_worker-wazuh-etc"                Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_worker-wazuh-agentless"          Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_worker-wazuh-var-multigroups"    Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_wazuh-dashboard-custom"          Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_master-wazuh-integrations"       Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_worker-wazuh-logs"               Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_worker-wazuh-active-response"    Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_worker-wazuh-queue"              Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_master-wazuh-queue"              Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_wazuh-dashboard-config"          Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_master-wazuh-api-configuration"  Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_master-filebeat-var"             Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_wazuh-indexer-data-3"            Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_master-wazuh-etc"                Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_wazuh-indexer-data-1"            Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_master-wazuh-logs"               Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_master-wazuh-active-response"    Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_master-wazuh-agentless"          Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_wazuh-indexer-data-2"            Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_master-filebeat-etc"             Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_worker-wazuh-wodles"             Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_worker-wazuh-integrations"       Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_worker-filebeat-etc"             Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_worker-filebeat-var"             Created                                                                                                                     0.0s 
 ✔ Container multi-node-wazuh3.indexer-1               Started                                                                                                                     1.8s 
 ✔ Container multi-node-wazuh2.indexer-1               Started                                                                                                                     1.8s 
 ✔ Container multi-node-wazuh.worker-1                 Started                                                                                                                     1.9s 
 ✔ Container multi-node-wazuh1.indexer-1               Started                                                                                                                     1.7s 
 ✔ Container multi-node-wazuh.master-1                 Started                                                                                                                     2.4s 
 ✔ Container multi-node-wazuh.dashboard-1              Started                                                                                                                     3.2s 
 ✔ Container multi-node-nginx-1                        Started                                                                                                                     5.2s 
$ docker ps
CONTAINER ID   IMAGE                         COMMAND                  CREATED         STATUS         PORTS                                                                                                                                                 NAMES
7fcacd72e052   nginx:stable                  "/docker-entrypoint.…"   3 minutes ago   Up 3 minutes   80/tcp, 0.0.0.0:1514->1514/tcp, :::1514->1514/tcp                                                                                                     multi-node-nginx-1
c8bb5b34d9a5   wazuh/wazuh-dashboard:4.7.0   "/entrypoint.sh"         3 minutes ago   Up 3 minutes   443/tcp, 0.0.0.0:443->5601/tcp, [::]:443->5601/tcp                                                                                                    multi-node-wazuh.dashboard-1
a55fd041d408   wazuh/wazuh-manager:4.7.0     "/init"                  3 minutes ago   Up 3 minutes   1514/tcp, 0.0.0.0:1515->1515/tcp, :::1515->1515/tcp, 0.0.0.0:514->514/udp, :::514->514/udp, 1516/tcp, 0.0.0.0:55000->55000/tcp, :::55000->55000/tcp   multi-node-wazuh.master-1
da2b5d19a003   wazuh/wazuh-indexer:4.7.0     "/entrypoint.sh open…"   3 minutes ago   Up 3 minutes   9200/tcp                                                                                                                                              multi-node-wazuh3.indexer-1
a8ad2d11b662   wazuh/wazuh-indexer:4.7.0     "/entrypoint.sh open…"   3 minutes ago   Up 3 minutes   0.0.0.0:9200->9200/tcp, :::9200->9200/tcp                                                                                                             multi-node-wazuh1.indexer-1
12cd69f6e6f7   wazuh/wazuh-manager:4.7.0     "/init"                  3 minutes ago   Up 3 minutes   1514-1516/tcp, 514/udp, 55000/tcp                                                                                                                     multi-node-wazuh.worker-1
57da77d790b1   wazuh/wazuh-indexer:4.7.0     "/entrypoint.sh open…"   3 minutes ago   Up 3 minutes   9200/tcp                                                                                                                                              multi-node-wazuh2.indexer-1

Turn off v4.7.0 stack, modify the repository like you have customizations and turn on v4.9.0 stack

$ docker-compose down
WARN[0000] multi-node/docker-compose.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion 
[+] Running 8/8
 ✔ Container multi-node-nginx-1            Removed                                                                                                                                 1.0s 
 ✔ Container multi-node-wazuh2.indexer-1   Removed                                                                                                                                 1.3s 
 ✔ Container multi-node-wazuh3.indexer-1   Removed                                                                                                                                 1.3s 
 ✔ Container multi-node-wazuh.dashboard-1  Removed                                                                                                                                10.6s 
 ✔ Container multi-node-wazuh.worker-1     Removed                                                                                                                                 4.4s 
 ✔ Container multi-node-wazuh.master-1     Removed                                                                                                                                 4.6s 
 ✔ Container multi-node-wazuh1.indexer-1   Removed                                                                                                                                10.7s 
 ✔ Network multi-node_default              Removed                                                                                                                                 0.3s 
$ docker-compose up -d
WARN[0000] multi-node/docker-compose.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion 
[+] Running 8/8
 ✔ Network multi-node_default              Created                                                                                                                                 0.2s 
 ✔ Container multi-node-wazuh.master-1     Started                                                                                                                                 2.2s 
 ✔ Container multi-node-wazuh.worker-1     Started                                                                                                                                 2.0s 
 ✔ Container multi-node-wazuh1.indexer-1   Started                                                                                                                                 2.2s 
 ✔ Container multi-node-wazuh2.indexer-1   Started                                                                                                                                 2.1s 
 ✔ Container multi-node-wazuh3.indexer-1   Started                                                                                                                                 2.1s 
 ✔ Container multi-node-wazuh.dashboard-1  Started                                                                                                                                 3.3s 
 ✔ Container multi-node-nginx-1            Started                                                                                                                                 4.6s 
$ docker ps
CONTAINER ID   IMAGE                         COMMAND                  CREATED          STATUS          PORTS                                                                                                                                                 NAMES
87e666553cb1   nginx:stable                  "/docker-entrypoint.…"   54 seconds ago   Up 51 seconds   80/tcp, 0.0.0.0:1514->1514/tcp, :::1514->1514/tcp                                                                                                     multi-node-nginx-1
994d1d392c78   wazuh/wazuh-dashboard:4.9.0   "/entrypoint.sh"         54 seconds ago   Up 52 seconds   443/tcp, 0.0.0.0:443->5601/tcp, [::]:443->5601/tcp                                                                                                    multi-node-wazuh.dashboard-1
990d17e8d7b8   wazuh/wazuh-indexer:4.9.0     "/entrypoint.sh open…"   55 seconds ago   Up 53 seconds   0.0.0.0:9200->9200/tcp, :::9200->9200/tcp                                                                                                             multi-node-wazuh1.indexer-1
b530c5606bf5   wazuh/wazuh-manager:4.9.0     "/init"                  55 seconds ago   Up 54 seconds   1514-1516/tcp, 514/udp, 55000/tcp                                                                                                                     multi-node-wazuh.worker-1
08866ec3421a   wazuh/wazuh-indexer:4.9.0     "/entrypoint.sh open…"   55 seconds ago   Up 53 seconds   9200/tcp                                                                                                                                              multi-node-wazuh3.indexer-1
7aaf25a4eaf6   wazuh/wazuh-indexer:4.9.0     "/entrypoint.sh open…"   55 seconds ago   Up 53 seconds   9200/tcp                                                                                                                                              multi-node-wazuh2.indexer-1
6cf01f1c533e   wazuh/wazuh-manager:4.9.0     "/init"                  55 seconds ago   Up 53 seconds   1514/tcp, 0.0.0.0:1515->1515/tcp, :::1515->1515/tcp, 0.0.0.0:514->514/udp, :::514->514/udp, 1516/tcp, 0.0.0.0:55000->55000/tcp, :::55000->55000/tcp   multi-node-wazuh.master-1

[vcerenu]

Tests

v4.8.0 to 4.9.0

Single node:

Deploy Wazuh 4.8.0

$ git checkout v4.8.0
Previous HEAD position was dcf4842 Merge pull request #1129 from wazuh/chenge_revision_number
HEAD is now at 829e435 Merge pull request #1384 from wazuh/enhancement/revert-image-tag
$ cd single-node/
$ docker-compose -f generate-indexer-certs.yml run --rm generator
WARN[0000] single-node/generate-indexer-certs.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion 
[+] Creating 1/1
 ✔ Network single-node_default  Created                                                                                                                                            0.2s 
[+] Running 5/5
 ✔ generator Pulled                                                                                                                                                               15.4s 
   ✔ 17d0386c2fff Pull complete                                                                                                                                                    9.6s 
   ✔ 7ce91ec7d1d3 Pull complete                                                                                                                                                   11.7s 
   ✔ 5249716d429c Pull complete                                                                                                                                                   11.7s 
   ✔ d7003467fd14 Pull complete                                                                                                                                                   11.8s 
The tool to create the certificates exists in the in Packages bucket
07/10/2024 17:01:16 INFO: Generating the root certificate.
07/10/2024 17:01:16 INFO: Generating Admin certificates.
07/10/2024 17:01:17 INFO: Admin certificates created.
07/10/2024 17:01:17 INFO: Generating Wazuh indexer certificates.
07/10/2024 17:01:17 INFO: Wazuh indexer certificates created.
07/10/2024 17:01:17 INFO: Generating Filebeat certificates.
07/10/2024 17:01:17 INFO: Wazuh Filebeat certificates created.
07/10/2024 17:01:17 INFO: Generating Wazuh dashboard certificates.
07/10/2024 17:01:17 INFO: Wazuh dashboard certificates created.
Moving created certificates to the destination directory
Changing certificate permissions
Setting UID indexer and dashboard
Setting UID for wazuh manager and worker
$ docker-compose up -d
WARN[0000] single-node/docker-compose.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion 
[+] Running 45/30
 ✔ wazuh.manager Pulled                                                                                                                                                          198.0s 
 ✔ wazuh.indexer Pulled                                                                                                                                                          203.7s 
 ✔ wazuh.dashboard Pulled                                                                                                                                                        238.1s 

[+] Running 17/17
 ✔ Volume "single-node_wazuh-dashboard-config"   Created                                                                                                                           0.0s 
 ✔ Volume "single-node_filebeat_var"             Created                                                                                                                           0.0s 
 ✔ Volume "single-node_wazuh_queue"              Created                                                                                                                           0.0s 
 ✔ Volume "single-node_wazuh_logs"               Created                                                                                                                           0.0s 
 ✔ Volume "single-node_wazuh_api_configuration"  Created                                                                                                                           0.0s 
 ✔ Volume "single-node_wazuh_active_response"    Created                                                                                                                           0.0s 
 ✔ Volume "single-node_wazuh-dashboard-custom"   Created                                                                                                                           0.0s 
 ✔ Volume "single-node_wazuh_integrations"       Created                                                                                                                           0.0s 
 ✔ Volume "single-node_wazuh_agentless"          Created                                                                                                                           0.0s 
 ✔ Volume "single-node_filebeat_etc"             Created                                                                                                                           0.0s 
 ✔ Volume "single-node_wazuh_etc"                Created                                                                                                                           0.0s 
 ✔ Volume "single-node_wazuh_wodles"             Created                                                                                                                           0.0s 
 ✔ Volume "single-node_wazuh_var_multigroups"    Created                                                                                                                           0.0s 
 ✔ Volume "single-node_wazuh-indexer-data"       Created                                                                                                                           0.0s 
 ✔ Container single-node-wazuh.manager-1         Started                                                                                                                           2.9s 
 ✔ Container single-node-wazuh.indexer-1         Started                                                                                                                           2.8s 
 ✔ Container single-node-wazuh.dashboard-1       Started                                                                                                                           1.6s 
$ docker ps
CONTAINER ID   IMAGE                         COMMAND                  CREATED         STATUS         PORTS                                                                                                                                                           NAMES
dfbd00a2584a   wazuh/wazuh-dashboard:4.8.0   "/entrypoint.sh"         4 minutes ago   Up 4 minutes   443/tcp, 0.0.0.0:443->5601/tcp, [::]:443->5601/tcp                                                                                                              single-node-wazuh.dashboard-1
74f6c8723297   wazuh/wazuh-manager:4.8.0     "/init"                  4 minutes ago   Up 4 minutes   0.0.0.0:1514-1515->1514-1515/tcp, :::1514-1515->1514-1515/tcp, 0.0.0.0:514->514/udp, :::514->514/udp, 0.0.0.0:55000->55000/tcp, :::55000->55000/tcp, 1516/tcp   single-node-wazuh.manager-1
f76c5892bfec   wazuh/wazuh-indexer:4.8.0     "/entrypoint.sh open…"   4 minutes ago   Up 4 minutes   0.0.0.0:9200->9200/tcp, :::9200->9200/tcp                                                                                                                       single-node-wazuh.indexer-1

Turn off v4.8.0 stack, modify the repository like you have customizations and turn on v4.9.0 stack

$ docker-compose down
WARN[0000] single-node/docker-compose.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion 
[+] Running 4/4
 ✔ Container single-node-wazuh.dashboard-1  Removed                                                                                                                               10.7s 
 ✔ Container single-node-wazuh.manager-1    Removed                                                                                                                                4.0s 
 ✔ Container single-node-wazuh.indexer-1    Removed                                                                                                                                0.7s 
 ✔ Network single-node_default              Removed                                                                                                                                0.2s 
$ docker-compose up -d
WARN[0000] single-node/docker-compose.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion 
[+] Running 4/4
 ✔ Network single-node_default              Created                                                                                                                                0.2s 
 ✔ Container single-node-wazuh.indexer-1    Started                                                                                                                                1.2s 
 ✔ Container single-node-wazuh.manager-1    Started                                                                                                                                1.3s 
 ✔ Container single-node-wazuh.dashboard-1  Started                                                                                                                                2.1s 
$ docker ps
CONTAINER ID   IMAGE                         COMMAND                  CREATED         STATUS         PORTS                                                                                                                                                           NAMES
9e06bcdece04   wazuh/wazuh-dashboard:4.9.0   "/entrypoint.sh"         3 minutes ago   Up 3 minutes   443/tcp, 0.0.0.0:443->5601/tcp, [::]:443->5601/tcp                                                                                                              single-node-wazuh.dashboard-1
84daf237244e   wazuh/wazuh-manager:4.9.0     "/init"                  3 minutes ago   Up 3 minutes   0.0.0.0:1514-1515->1514-1515/tcp, :::1514-1515->1514-1515/tcp, 0.0.0.0:514->514/udp, :::514->514/udp, 0.0.0.0:55000->55000/tcp, :::55000->55000/tcp, 1516/tcp   single-node-wazuh.manager-1
15cbbfe9fe2a   wazuh/wazuh-indexer:4.9.0     "/entrypoint.sh open…"   3 minutes ago   Up 3 minutes   0.0.0.0:9200->9200/tcp, :::9200->9200/tcp                                                                                                                       single-node-wazuh.indexer-1

[vcerenu]

Multi node:

Deploy Wazuh 4.8.0

$ git checkout v4.8.0
Previous HEAD position was dcf4842 Merge pull request #1129 from wazuh/chenge_revision_number
HEAD is now at 829e435 Merge pull request #1384 from wazuh/enhancement/revert-image-tag
$ cd multi-node/
$ docker-compose -f generate-indexer-certs.yml run --rm generator
WARN[0000] multi-node/generate-indexer-certs.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion 
[+] Creating 1/1
 ✔ Network multi-node_default  Created                                                                                                                                             0.2s 
The tool to create the certificates exists in the in Packages bucket
07/10/2024 17:38:34 INFO: Generating the root certificate.
07/10/2024 17:38:34 INFO: Generating Admin certificates.
07/10/2024 17:38:34 INFO: Admin certificates created.
07/10/2024 17:38:34 INFO: Generating Wazuh indexer certificates.
07/10/2024 17:38:34 INFO: Wazuh indexer certificates created.
07/10/2024 17:38:34 INFO: Generating Filebeat certificates.
07/10/2024 17:38:34 INFO: Wazuh Filebeat certificates created.
07/10/2024 17:38:34 INFO: Generating Wazuh dashboard certificates.
07/10/2024 17:38:35 INFO: Wazuh dashboard certificates created.
Moving created certificates to the destination directory
Changing certificate permissions
Setting UID indexer and dashboard
Setting UID for wazuh manager and worker
$ docker-compose up -d
WARN[0000] multi-node/docker-compose.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion 
[+] Running 34/34
 ✔ Volume "multi-node_master-wazuh-wodles"             Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_master-filebeat-var"             Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_worker-wazuh-api-configuration"  Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_worker-filebeat-var"             Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_master-wazuh-etc"                Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_worker-wazuh-var-multigroups"    Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_master-wazuh-integrations"       Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_wazuh-indexer-data-2"            Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_master-filebeat-etc"             Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_master-wazuh-api-configuration"  Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_wazuh-indexer-data-1"            Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_master-wazuh-queue"              Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_worker-wazuh-active-response"    Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_worker-wazuh-integrations"       Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_wazuh-indexer-data-3"            Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_worker-wazuh-wodles"             Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_master-wazuh-agentless"          Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_master-wazuh-active-response"    Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_worker-filebeat-etc"             Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_master-wazuh-var-multigroups"    Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_worker-wazuh-agentless"          Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_wazuh-dashboard-custom"          Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_worker-wazuh-etc"                Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_wazuh-dashboard-config"          Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_worker-wazuh-logs"               Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_master-wazuh-logs"               Created                                                                                                                     0.0s 
 ✔ Volume "multi-node_worker-wazuh-queue"              Created                                                                                                                     0.0s 
 ✔ Container multi-node-wazuh.worker-1                 Started                                                                                                                     2.3s 
 ✔ Container multi-node-wazuh1.indexer-1               Started                                                                                                                     2.1s 
 ✔ Container multi-node-wazuh2.indexer-1               Started                                                                                                                     2.3s 
 ✔ Container multi-node-wazuh3.indexer-1               Started                                                                                                                     2.3s 
 ✔ Container multi-node-wazuh.master-1                 Started                                                                                                                     2.3s 
 ✔ Container multi-node-wazuh.dashboard-1              Started                                                                                                                     3.3s 
 ✔ Container multi-node-nginx-1                        Started                                                                                                                     4.9s 
$ docker ps
CONTAINER ID   IMAGE                         COMMAND                  CREATED              STATUS          PORTS                                                                                                                                                 NAMES
bcf3e0e0eca6   nginx:stable                  "/docker-entrypoint.…"   59 seconds ago       Up 55 seconds   80/tcp, 0.0.0.0:1514->1514/tcp, :::1514->1514/tcp                                                                                                     multi-node-nginx-1
e75a8642626b   wazuh/wazuh-dashboard:4.8.0   "/entrypoint.sh"         About a minute ago   Up 57 seconds   443/tcp, 0.0.0.0:443->5601/tcp, [::]:443->5601/tcp                                                                                                    multi-node-wazuh.dashboard-1
156545acbc29   wazuh/wazuh-indexer:4.8.0     "/entrypoint.sh open…"   About a minute ago   Up 58 seconds   9200/tcp                                                                                                                                              multi-node-wazuh3.indexer-1
08172c55ceb9   wazuh/wazuh-indexer:4.8.0     "/entrypoint.sh open…"   About a minute ago   Up 58 seconds   0.0.0.0:9200->9200/tcp, :::9200->9200/tcp                                                                                                             multi-node-wazuh1.indexer-1
ac1e04890bb0   wazuh/wazuh-manager:4.8.0     "/init"                  About a minute ago   Up 58 seconds   1514-1516/tcp, 514/udp, 55000/tcp                                                                                                                     multi-node-wazuh.worker-1
cff55d7fc0a8   wazuh/wazuh-manager:4.8.0     "/init"                  About a minute ago   Up 58 seconds   1514/tcp, 0.0.0.0:1515->1515/tcp, :::1515->1515/tcp, 0.0.0.0:514->514/udp, :::514->514/udp, 1516/tcp, 0.0.0.0:55000->55000/tcp, :::55000->55000/tcp   multi-node-wazuh.master-1
3b72ae81ece2   wazuh/wazuh-indexer:4.8.0     "/entrypoint.sh open…"   About a minute ago   Up 58 seconds   9200/tcp                                                                                                                                              multi-node-wazuh2.indexer-1

Turn off v4.8.0 stack, modify the repository like you have customizations and turn on v4.9.0 stack

$ docker-compose down
WARN[0000] multi-node/docker-compose.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion 
[+] Running 8/8
 ✔ Container multi-node-wazuh2.indexer-1   Removed                                                                                                                                 1.7s 
 ✔ Container multi-node-wazuh3.indexer-1   Removed                                                                                                                                 1.7s 
 ✔ Container multi-node-nginx-1            Removed                                                                                                                                 1.0s 
 ✔ Container multi-node-wazuh.dashboard-1  Removed                                                                                                                                10.6s 
 ✔ Container multi-node-wazuh.worker-1     Removed                                                                                                                                 4.3s 
 ✔ Container multi-node-wazuh1.indexer-1   Removed                                                                                                                                10.5s 
 ✔ Container multi-node-wazuh.master-1     Removed                                                                                                                                 4.1s 
 ✔ Network multi-node_default              Removed                                                                                                                                 0.2s 
$ docker-compose up -d
WARN[0000] multi-node/docker-compose.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion 
[+] Running 8/8
 ✔ Network multi-node_default              Created                                                                                                                                 0.2s 
 ✔ Container multi-node-wazuh2.indexer-1   Started                                                                                                                                 3.3s 
 ✔ Container multi-node-wazuh3.indexer-1   Started                                                                                                                                 3.5s 
 ✔ Container multi-node-wazuh.master-1     Started                                                                                                                                 3.4s 
 ✔ Container multi-node-wazuh.worker-1     Started                                                                                                                                 3.4s 
 ✔ Container multi-node-wazuh1.indexer-1   Started                                                                                                                                 3.4s 
 ✔ Container multi-node-wazuh.dashboard-1  Started                                                                                                                                 4.6s 
 ✔ Container multi-node-nginx-1            Started                                                                                                                                 6.3s 
$ docker ps
CONTAINER ID   IMAGE                         COMMAND                  CREATED              STATUS              PORTS                                                                                                                                                 NAMES
863e6d6e5e6c   nginx:stable                  "/docker-entrypoint.…"   About a minute ago   Up About a minute   80/tcp, 0.0.0.0:1514->1514/tcp, :::1514->1514/tcp                                                                                                     multi-node-nginx-1
61e68d1698e2   wazuh/wazuh-dashboard:4.9.0   "/entrypoint.sh"         About a minute ago   Up About a minute   443/tcp, 0.0.0.0:443->5601/tcp, [::]:443->5601/tcp                                                                                                    multi-node-wazuh.dashboard-1
8842abbe9610   wazuh/wazuh-indexer:4.9.0     "/entrypoint.sh open…"   About a minute ago   Up About a minute   9200/tcp                                                                                                                                              multi-node-wazuh3.indexer-1
56b44290d92e   wazuh/wazuh-indexer:4.9.0     "/entrypoint.sh open…"   About a minute ago   Up About a minute   9200/tcp                                                                                                                                              multi-node-wazuh2.indexer-1
d423d1a89b61   wazuh/wazuh-manager:4.9.0     "/init"                  About a minute ago   Up About a minute   1514-1516/tcp, 514/udp, 55000/tcp                                                                                                                     multi-node-wazuh.worker-1
cac11593bbe2   wazuh/wazuh-indexer:4.9.0     "/entrypoint.sh open…"   About a minute ago   Up About a minute   0.0.0.0:9200->9200/tcp, :::9200->9200/tcp                                                                                                             multi-node-wazuh1.indexer-1
ffd8c829fa5b   wazuh/wazuh-manager:4.9.0     "/init"                  About a minute ago   Up About a minute   1514/tcp, 0.0.0.0:1515->1515/tcp, :::1515->1515/tcp, 0.0.0.0:514->514/udp, :::514->514/udp, 1516/tcp, 0.0.0.0:55000->55000/tcp, :::55000->55000/tcp   multi-node-wazuh.master-1

[vcerenu]

Tests

After the last change of the documentation

Deploy v4.3.11

$ git checkout v4.3.11
Previous HEAD position was 15205ad Merge pull request #742 from wazuh/bump-4-3-10
HEAD is now at e9c1ab9 Merge pull request #835 from wazuh/modify_changelog
$ cd single-node/
$ docker-compose -f generate-indexer-certs.yml run --rm generator
WARN[0000] single-node/generate-indexer-certs.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion 
[+] Creating 1/1
 ✔ Network single-node_default  Created                                                                                                                                            0.3s 
[+] Running 5/5
 ✔ generator Pulled                                                                                                                                                               19.6s 
   ✔ edaedc954fb5 Pull complete                                                                                                                                                   12.9s 
   ✔ 573f4d11a520 Pull complete                                                                                                                                                   15.6s 
   ✔ 8f200922197d Pull complete                                                                                                                                                   15.7s 
   ✔ 55a86de68c5c Pull complete                                                                                                                                                   15.7s 
The tool to create the certificates exists in the in Packages bucket
09/10/2024 16:16:10 INFO: Admin certificates created.
09/10/2024 16:16:10 INFO: Wazuh indexer certificates created.
09/10/2024 16:16:10 INFO: Wazuh server certificates created.
09/10/2024 16:16:10 INFO: Wazuh dashboard certificates created.
Moving created certificates to the destination directory
Changing certificate permissions
Setting UID indexer and dashboard
Setting UID for wazuh manager and worker
$ docker-compose up -d
WARN[0000] single-node/docker-compose.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion 
[+] Running 42/42
 ✔ wazuh.dashboard Pulled                                                                                                                                                        172.8s 
   ✔ 7896abcd5fb0 Pull complete                                                                                                                                                   37.6s 
   ✔ 18c07c9c69d1 Pull complete                                                                                                                                                   37.7s 
   ✔ a56c8af26d52 Pull complete                                                                                                                                                   38.2s 
   ✔ 6a09ac175392 Pull complete                                                                                                                                                   39.3s 
   ✔ 03d70a4b2468 Pull complete                                                                                                                                                   39.8s 
   ✔ bb414b59b625 Pull complete                                                                                                                                                   40.8s 
   ✔ 1dd7330b6ec9 Pull complete                                                                                                                                                   41.1s 
   ✔ f27ee0d71ab7 Pull complete                                                                                                                                                   41.4s 
   ✔ c80563a2214f Pull complete                                                                                                                                                  168.5s 
 ✔ wazuh.manager Pulled                                                                                                                                                          127.9s 
   ✔ ca1778b69356 Pull complete                                                                                                                                                   20.7s 
   ✔ 3d015cafc3c6 Pull complete                                                                                                                                                   21.0s 
   ✔ 41bffb284616 Pull complete                                                                                                                                                   46.8s 
   ✔ 103d60740ce7 Pull complete                                                                                                                                                   46.9s 
   ✔ c33126c14953 Pull complete                                                                                                                                                   47.1s 
   ✔ ad5faa77b2eb Pull complete                                                                                                                                                   47.4s 
   ✔ c8afd4d58b61 Pull complete                                                                                                                                                  119.8s 
   ✔ 5028fa12c95d Pull complete                                                                                                                                                  122.1s 
   ✔ 34281fed179e Pull complete                                                                                                                                                  122.5s 
   ✔ 4a382317a599 Pull complete                                                                                                                                                  123.0s 
   ✔ ddfdb9940271 Pull complete                                                                                                                                                  123.1s 
   ✔ 0b0c69857eb7 Pull complete                                                                                                                                                  123.2s 
   ✔ 75339528911b Pull complete                                                                                                                                                  123.3s 
   ✔ a66ac95f1d52 Pull complete                                                                                                                                                  123.4s 
   ✔ 53b8835a8fd7 Pull complete                                                                                                                                                  123.4s 
   ✔ 7012ff94f6eb Pull complete                                                                                                                                                  123.5s 
   ✔ 993f763a9cdf Pull complete                                                                                                                                                  123.6s 
   ✔ cc7fd7e6fd94 Pull complete                                                                                                                                                  124.2s 
 ✔ wazuh.indexer Pulled                                                                                                                                                          121.0s 
   ✔ 1392fb2be657 Pull complete                                                                                                                                                   20.7s 
   ✔ e1f3e19fcb02 Pull complete                                                                                                                                                   21.0s 
   ✔ df5fcdab7c84 Pull complete                                                                                                                                                   21.3s 
   ✔ 0fb1d60aaa35 Pull complete                                                                                                                                                   21.6s 
   ✔ 525dea4e6659 Pull complete                                                                                                                                                   21.8s 
   ✔ 491d59cd55c8 Pull complete                                                                                                                                                   22.1s 
   ✔ eb2326905fd1 Pull complete                                                                                                                                                   22.3s 
   ✔ 91cafdc0894d Pull complete                                                                                                                                                  116.5s 
   ✔ 82e12723e36a Pull complete                                                                                                                                                  116.7s 
   ✔ 5cf18b39cfbd Pull complete                                                                                                                                                  116.9s 
   ✔ c83d9132fb7e Pull complete                                                                                                                                                  117.0s 
   ✔ 5245ef7a70e8 Pull complete                                                                                                                                                  117.1s 
[+] Running 15/15
 ✔ Volume "single-node_wazuh_active_response"    Created                                                                                                                           0.0s 
 ✔ Volume "single-node_wazuh_api_configuration"  Created                                                                                                                           0.0s 
 ✔ Volume "single-node_wazuh_var_multigroups"    Created                                                                                                                           0.0s 
 ✔ Volume "single-node_filebeat_etc"             Created                                                                                                                           0.0s 
 ✔ Volume "single-node_filebeat_var"             Created                                                                                                                           0.0s 
 ✔ Volume "single-node_wazuh-indexer-data"       Created                                                                                                                           0.0s 
 ✔ Volume "single-node_wazuh_wodles"             Created                                                                                                                           0.0s 
 ✔ Volume "single-node_wazuh_queue"              Created                                                                                                                           0.0s 
 ✔ Volume "single-node_wazuh_etc"                Created                                                                                                                           0.0s 
 ✔ Volume "single-node_wazuh_logs"               Created                                                                                                                           0.0s 
 ✔ Volume "single-node_wazuh_integrations"       Created                                                                                                                           0.0s 
 ✔ Volume "single-node_wazuh_agentless"          Created                                                                                                                           0.0s 
 ✔ Container single-node-wazuh.indexer-1         Started                                                                                                                           3.3s 
 ✔ Container single-node-wazuh.manager-1         Started                                                                                                                           3.3s 
 ✔ Container single-node-wazuh.dashboard-1       Started                                                                                                                           3.4s 
$ docker ps
CONTAINER ID   IMAGE                          COMMAND                  CREATED         STATUS         PORTS                                                                                                                                                           NAMES
90f5ff2098a3   wazuh/wazuh-dashboard:4.3.11   "/entrypoint.sh"         2 minutes ago   Up 2 minutes   443/tcp, 0.0.0.0:443->5601/tcp, [::]:443->5601/tcp                                                                                                              single-node-wazuh.dashboard-1
683b2b0f8d99   wazuh/wazuh-indexer:4.3.11     "/entrypoint.sh open…"   2 minutes ago   Up 2 minutes   0.0.0.0:9200->9200/tcp, :::9200->9200/tcp                                                                                                                       single-node-wazuh.indexer-1
e78ffd39d466   wazuh/wazuh-manager:4.3.11     "/init"                  2 minutes ago   Up 2 minutes   0.0.0.0:1514-1515->1514-1515/tcp, :::1514-1515->1514-1515/tcp, 0.0.0.0:514->514/udp, :::514->514/udp, 0.0.0.0:55000->55000/tcp, :::55000->55000/tcp, 1516/tcp   single-node-wazuh.manager-1

Turn off v4.3.11 stack, modify the repository like you have customizations and turn on v4.9.0 stack

$ docker-compose down
WARN[0000] single-node/docker-compose.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion 
[+] Running 4/4
 ✔ Container single-node-wazuh.dashboard-1  Removed                                                                                                                               10.4s 
 ✔ Container single-node-wazuh.indexer-1    Removed                                                                                                                                0.5s 
 ✔ Container single-node-wazuh.manager-1    Removed                                                                                                                                4.3s 
 ✔ Network single-node_default              Removed                                                                                                                                0.3s 
$ docker-compose -f generate-indexer-certs.yml run --rm generator
WARN[0000] single-node/generate-indexer-certs.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion 
The tool to create the certificates exists in the in Packages bucket
09/10/2024 17:20:06 INFO: Generating the root certificate.
09/10/2024 17:20:06 INFO: Generating Admin certificates.
09/10/2024 17:20:06 INFO: Admin certificates created.
09/10/2024 17:20:06 INFO: Generating Wazuh indexer certificates.
09/10/2024 17:20:06 INFO: Wazuh indexer certificates created.
09/10/2024 17:20:06 INFO: Generating Filebeat certificates.
09/10/2024 17:20:06 INFO: Wazuh Filebeat certificates created.
09/10/2024 17:20:06 INFO: Generating Wazuh dashboard certificates.
09/10/2024 17:20:06 INFO: Wazuh dashboard certificates created.
Moving created certificates to the destination directory
Changing certificate permissions
Setting UID indexer and dashboard
Setting UID for wazuh manager and worker
$ docker-compose up -d
WARN[0000] single-node/docker-compose.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion 
[+] Running 44/16
 ✔ wazuh.dashboard Pulled                                                                                                                                                        301.1s 
 ✔ wazuh.manager Pulled                                                                                                                                                          243.4s 
 ✔ wazuh.indexer Pulled                                                                                                                                                          270.6s 

[+] Running 4/4
 ✔ Network single-node_default              Created                                                                                                                                0.3s 
 ✔ Container single-node-wazuh.indexer-1    Started                                                                                                                                3.0s 
 ✔ Container single-node-wazuh.manager-1    Started                                                                                                                                3.0s 
 ✔ Container single-node-wazuh.dashboard-1  Started                                                                                                                                2.9s 
$ docker ps
CONTAINER ID   IMAGE                         COMMAND                  CREATED         STATUS         PORTS                                                                                                                                                           NAMES
63c4492f6ec4   wazuh/wazuh-dashboard:4.9.0   "/entrypoint.sh"         2 minutes ago   Up 2 minutes   443/tcp, 0.0.0.0:443->5601/tcp, [::]:443->5601/tcp                                                                                                              single-node-wazuh.dashboard-1
27040e6d5c8b   wazuh/wazuh-indexer:4.9.0     "/entrypoint.sh open…"   2 minutes ago   Up 2 minutes   0.0.0.0:9200->9200/tcp, :::9200->9200/tcp                                                                                                                       single-node-wazuh.indexer-1
22e7f429b747   wazuh/wazuh-manager:4.9.0     "/init"                  2 minutes ago   Up 2 minutes   0.0.0.0:1514-1515->1514-1515/tcp, :::1514-1515->1514-1515/tcp, 0.0.0.0:514->514/udp, :::514->514/udp, 0.0.0.0:55000->55000/tcp, :::55000->55000/tcp, 1516/tcp   single-node-wazuh.manager-1