Warning: This is the documentation for Wazuh 3.7. Check out the docs for the latest version of Wazuh!
X-Pack troubleshooting¶
How can I use a different index pattern?¶
If you are indexing data with a different index pattern, for example my-alerts-* you need a different role with access to that new pattern:
# curl -X POST "http://localhost:9200/_xpack/security/role/my-user" -H 'Content-Type: application/json' -d' { "cluster": [], "indices": [ { "names": [ "my-alerts-*" ], "privileges": ["read"] } ] }' -u elastic:elastic_password {"role":{"created":true}}
Now assign it to your desired user(s):
# curl -X PUT "http://localhost:9200/_xpack/security/user/john" -H 'Content-Type: application/json' -d' { "password": "johnjohn", "roles":["wazuh-basic","my-user"], "full_name":"John", "email":"john@wazuh.com" }' -u elastic:elastic_password {"user":{"created":false}} // If the user did exist previously
Issues when using the index pattern selector¶
The index pattern list is calculated from the server and it’s filtered depending on the user role. It means the user can only select the index patterns it has access to.
If the user can’t access to any pattern, the app will display the following screen:
