Not getting anything on Audit tab

[rossengeorgiev]

[malbarral]

Hello @rossengeorgiev

How did you get this error? Did you update the App?

If you did, you have to remove the bundles rm -rf /usr/share/kibana/optimize/bundles and then restart Kibana.

Best regards,
Manuel

[rossengeorgiev]

I'm on 5.4.0, and that tab hasn't ever worked I think. I went from Overview to Audit, and got the above.

I think this related to changes introduced in ES 5.x. I know your app has hack to insert a sample document with all fields to work around the issue. Perhaps, it is missing the auditd related fields?

The Audit dashboard show the same error.

[malbarral]

Hi @rossengeorgiev,

Sorry for late response. As you say, we insert a sample alert when installing the Wazuh App.
If you did not insert the sample alert, insert it running this command in one of your ES node:

curl https://raw.githubusercontent.com/wazuh/wazuh-kibana-app/master/server/startup/integration_files/alert_sample.json | curl -XPUT "http://localhost:9200/wazuh-alerts-"`date +%Y.%m.%d`"/wazuh/sample" -H 'Content-Type: application/json' -d @-

When the alert is inserted, in the Kibana interface, go to Management > Index patterns > wazuh-alerts-*. Then, click on the Refresh icon.

Please, let us know if it works.
Best regards,
Manuel Albarral

[rossengeorgiev]

Thanks @malbarral, that resolved the issue. Page works now, and so does the Audit dashboard.