Error when pinning an agent to vulnerabilities when using an index pattern other than default wazuh-alerts #6826
Comments
TriageWhen you go from the Dashboard/Inventory tab to the Events tab, when Dashboard/Inventory is unmounted, different methods are executed to change from the vulnerabilities index pattern (used in Dashboard/Inventory) to the wazuh-alerts index pattern. However, when these methods are executed, the prevStoragePattern parameter that defines the target index pattern is arriving with null, defaulting to the constant WAZUH_ALERTS_PATTERN, whose value is wazuh-alerts-* (See image below).
This causes it to not take into account the name of the configured index pattern, in this case wazuh-alerts, generating the error in the filter.
This way, instead of taking the value of the constant it now takes the value of the currentPattern as it should be, solving the problem:
|
jbiset
changed the title
Description
When an index pattern is used for wazuh-alerts that is not wazuh-alerts-*, in the vulnerabilities module when pinning an agent its filter appears with an error
Steps to reproduce
1- It is necessary to remove both the index and the index pattern from wazuh-alerts-*.
2- To emulate the problem, the indexes generated with sample data will be used, so sample data must be added.
3- The default index pattern name in AppSettings must be changed. In this case I changed to wazuh-alerts-4.x-sample-security to take advantage of the sample data.
4- An index pattern named wazuh-alerts-4.x-sample-security must be created to match the wazuh-alerts-4.x-sample-security index of sample data.
5- Go to the vulnerabilities module, pin an agent in Dashboard/Inventory and then go to the Events tab. When you do this, the pinned agent filter will show an error.
Expected Result
Actual Result
Screenshots
The pinned agent error
The text was updated successfully, but these errors were encountered: