Elasticsearch indices
Once you've installed the Wazuh Kibana plugin, some new indices will be generated in Elasticsearch. Let's see a more in deep view of them. The user shouldn't take care of or modify them unless the Wazuh team suggests it.
The .kibana index
This index is mainly used by Kibana itself. It's useful to tell Kibana how are the index patterns we are using along with other technical details. This index should be similar for any user, and it's a bit long to show its content here. Also, its content is useless for the user knowledge.
The wazuh-alerts- indices
They are auto-generated, and they store the Wazuh alerts. Filebeat will send data to Elasticsearch and will create an index per day.
If you want to change the name of these indices with a custom one, you can follow this guide.
The wazuh-monitoring- indices
They are auto-generated and they store the Wazuh agents statuses periodically. The Wazuh Kibana plugin is which will send data to Elasticsearch and will create an index per day. This feature can be disabled. You can also adjust the insertion frequency. These indices are mainly used by the Agents status visualization from the Overview dashboard in the Wazuh Kibana plugin.
The wazuh-statistics- indices
This index is used to view Wazuh usage statistics. It is filled with information collected by making requests to the Wazuh manager API. Information on the status of Wazuh and its components is displayed using these indices.