Newbie here; I am am trying vulnwhisperer (https://github.com/HASecuritySolutions/VulnWhisperer) which consolidates all vulnerability data into elastic; I have gone through the install process. Data is being downloaded and ingested into elastic through logstash. What I see odd is that when I go to Discover and select index "logstash-vulnwhisperer-"; it shows no records.
If I go to dev tools and run following:
GET logstash-vulnwhisperer-/_search
{
"query": {
"match_all": {}
}
I get lots of records. What can cause this issue with Discover? and how to fix that? any advice?
Hi @userelastic,
I go to Discover and select index "logstash-vulnwhisperer- ";
Discover works with index patterns, not indices. Have you created a correct Index Pattern for your index? How does it look like?
Best,
Oleg
1 Like
Good, I'm off for today, will give it a thought tomorrow. But can you double check that the time range (date/time picker at the top panel) in Discover actually covers the data you have (e.g. choose a very long one, 5 years or something like this)?
Yes; I tried that by setting period to last 5 years. Thanks for your help and hope to hear from you tomorrow.
Hey,
- Can you please also share a screenshot of the Discover page?
- And, if possible, a tiny fraction of the data that is returned from this query:
POST logstash-vulnwhisperer-*/_search
{
"query": {
"match_all": {}
}
}
And also check whether you have any errors in the browser dev console, just in case. A
Hi @azasypkin; I end up removing everything and started from scratch; this time it worked fine and all the data is there including the dashboards too. Thanks for your help.
Ha, good to hear that you sorted it out!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.