We have been experiencing some on going issues since we have upgraded to 8.9.1 from 7.17.11. Primarily all our issues have been with Kibana's Security SIEM.
There are two main issues that we have been experiencing:
Certain alert information appear blank on the dashboard and when you try to open one of the alerts kibana shows an error (screenshots below)
We are receiving email alerting from Elastalert2 for certain alerts, however when you look on the main security dashboard the alert does not appear but when you search specifically for the rule we can see the detections that were raised.
Thanks so much for reaching out. Sorry to hear you're experiencing issues post upgrade.
For the first issue you raised, that is a known issue that is documented here. I've linked to the comment in that issue that explains the bug and known workarounds. I'm working to confirm if the issue was fixed in 8.9.2 which was released September 6th.
For the second issue raised, what is the filter being used on the dashboard page? Is that an alert id? Does anything show without any filters?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
