Newbie here; I am am trying vulnwhisperer (https://github.com/HASecuritySolutions/VulnWhisperer) which consolidates all vulnerability data into elastic; I have gone through the install process. Data is being downloaded and ingested into elastic through logstash. What I see odd is that when I go to Discover and select index "logstash-vulnwhisperer-"; it shows no records.
If I go to dev tools and run following:
GET logstash-vulnwhisperer-/_search
{
"query": {
"match_all": {}
}
I get lots of records. What can cause this issue with Discover? and how to fix that? any advice?
Hi @userelastic,
I go to Discover and select index "logstash-vulnwhisperer- ";
Discover works with index patterns, not indices. Have you created a correct Index Pattern for your index? How does it look like?
Best,
Oleg
Hi @azasypkin; thanks for the reply; yes Index Pattern is created; I have attached the screenshot.
Good, I'm off for today, will give it a thought tomorrow. But can you double check that the time range (date/time picker at the top panel) in Discover actually covers the data you have (e.g. choose a very long one, 5 years or something like this)?
Yes; I tried that by setting period to last 5 years. Thanks for your help and hope to hear from you tomorrow.
Hey,
- Can you please also share a screenshot of the Discover page?
- And, if possible, a tiny fraction of the data that is returned from this query:
POST logstash-vulnwhisperer-*/_search
{
"query": {
"match_all": {}
}
}
And also check whether you have any errors in the browser dev console, just in case. A
Hi @azasypkin; I end up removing everything and started from scratch; this time it worked fine and all the data is there including the dashboards too. Thanks for your help.
Ha, good to hear that you sorted it out!