Open rauldpm opened 3 weeks ago
We need to discuss if we want to include this in RC 2 or not, as operational the issue can miss the release version, although it is desired to complete it before starting a release testing
I propose to set 4.10.0 Alpha 2 as version target instead
Two agents (Red Hat 8 and Windows 11) will be deployed, along with one manager, to validate those steps and check if the retention policy works properly.
I follow the steps in:
and
To create a new retention policy, there are two different ways:
Following Using the Visual editor
Firstly, I followed the steps from the video regarding the previously commented issue. And all worked correctly, without any problems.
Secondly, I followed the steps in the documentation, and I noticed that there is a lack of images in the documentation from step number 3, maybe we should add more images to improve the understanding of the user.
Following Using the JSON editor Firstly I tried to follow the video from the issue, but I didn't have the JSON, so I had to use the JSON from the documentation, a good point is that if you want to create one policy with the visual editor and another one with the JSON editor and you use in both options the same index patterns, It appears a warning message telling you to change the priority from one of them:
Secondly, the Documentation it's very well achieved using the JSON editor.
The last step is to validate those retention policies: I followed the following comment to validate those retentions:
So I applied the policy into wazuh-alerts-4.x-2024.10.04
, following the issue
Firstly I checked the wazuh-alerts-4.x-2024.10.04
before I applied the policy.
After a couple of minutes. It can be seen that the size has decreased:
So I can validate that the retention policy works normally.
But some points need to be clarified:
wazuh-alerts
, we should validate that retention policy, not for wazuh-archives
.wazuh-alerts
, the applying has to be using that policy not for wazuh-archives
LGTM!
The default documentation proposes 90d, we should add a test with a shorter time to be able to check that the changes are really applied and the alerts change storage.
I suggest that we should follow the next template for the following tests:
Release testing
objective and Urgent
priority. Communicate these to the team and QA via the c-release Slack channel.For the conclusions and the issue testing and updates, use the following legend:
Status legend
review_assignee
field in the project. The reviewer must then review the test steps and results. Ensure that all iteration cycles are completed by Sep 24, 2024 date (issue must be in Pending final review
status) and notify the QA team via Slack using the c-release channel.Component | Installation | Type | OS |
---|---|---|---|
Indexer | Quickstart | - | Red Hat Enterprise Linux 8 |
Server | Same as indexer, all-in-one | - | - |
Dashboard | Same as indexer, all-in-one | - | - |
Agent | Installing Wazuh agents | - | Red Hat Enterprise Linux 8 x86_64, Windows 11 x86_64 |
https://documentation-dev.wazuh.com/v4.9.1-rc1/user-manual/wazuh-indexer/index-life-management.html https://opensearch.org/docs/latest/im-plugin/ism/index/
There are no known issues.
Summarize the errors detected (Known Issues included). Illustrate using the table below. REMOVE CURRENT EXAMPLES:
Status | Test | Failure type | Notes |
---|---|---|---|
:black_circle: | Creating a retention policy using visual editor | ||
:black_circle: | Creating a retention policy using json editor | ||
:black_circle: | Applying the retention policy to alerts index | ||
:black_circle: | Verify that the retention policy worked | ||
:black_circle: | Wazuh agent installation | ||
:black_circle: | Roll Over |
We value your feedback. Please provide insights on your testing experience.
The criteria for completing this task is based on the validation of the conclusions and the test results by all reviewers.
All the checkboxes below must be marked in order to close this issue.
Description
Reviewing the https://github.com/wazuh/wazuh/issues/25828 issue, I noticed that the steps to be done are executed correctly most of the time, but we are not validating those changes, we should modify the E2E test to validate the changes and check that the retention policy works as expected
This issue also expects to deploy a Wazuh agent on Red Hat 8 and Windows 11, so it would make sense to test the policy retention with data provided by those agents, if not, the agent deployment should be removed