You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
When changing default index pattern for wazuh-dashboard and deleting the deafult "wazuh-alerts-*" the last 24 hour alerts section in overview doesn't work correctly, when you click on one of the severities it takes you to discover tab with wrong filters
Describe the bug
When changing default index pattern for wazuh-dashboard and deleting the deafult "wazuh-alerts-*" the last 24 hour alerts section in overview doesn't work correctly, when you click on one of the severities it takes you to discover tab with wrong filters
The url for this request is:
https://ip:5601/app/data-explorer/discover#?_a=(discover:(columns:!(_source),isDirty:!f,sort:!()),metadata:(indexPattern:'custom-alerts-*',view:discover))&_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'custom-alerts-*',key:manager.name,negate:!f,params:(query:wazuhmanager),type:phrase),query:(match_phrase:(manager.name:wazuhmanager))),('$state':(store:globalState),meta:(alias:!n,disabled:!t,index:'wazuh-alerts-*',key:rule.level,negate:!f,params:(gte:0,lte:6),type:range),range:(rule.level:(gte:0,lte:6)))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))&_q=(filters:!(),query:(language:kuery,query:''))
Manager name i getting correctly queried with custom index pattern but the rule.level is still referencing to wazuh-alerts-*
In the code I found this function:
I think this function has "wazuh-alerts-*" hard coded for rule.level which is causing this problem.
I use wazuh-docker 4.8 single-node
How to reproduce:
Index pattern name: custom-alerts-*
Time field: timestamp
Custom index pattern ID: custom-alerts-*
All the edited files are bind mounted from host to docker contianer
The text was updated successfully, but these errors were encountered: