Hey. We have a docker cluster deploy of various nodes of elasticsearch (7.17.6) and a kibana node (7.17.6). In addition we have two Wazuh nodes, master-worker. This ELK-Wazuh implementation don't let us update the cluster as far as we are now.
The problems we are encountering are mainly two. Firstly, by any configuration reason at all, our ilm policies for the metricbeat and auditbeat indices is automaticaly reset several times a week. The other is with the wazuh legacy index template, this one is automaticaly reset by no apparently reason too. If you are encountering the same problems and have found any solution or partial fix, please let us know.
Please, the solution can't be any kind of update, we are in production and wazuh at this point of development dont support 8.x.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.