Replies: 4 comments 22 replies
-
|
Pending for Elasticsearch is typically a low watermark issue on a node in your cluster. Check the disk usage for |
Beta Was this translation helpful? Give feedback.
-
|
Can you tell me how to check the correctness of the work? |
Beta Was this translation helpful? Give feedback.
-
|
I don't know if you still have this issue, but I had it too and I did this to fix it:
Others with more experience than me may correct me but I think it was caused by the NSM storage crossing the 85% threshold and the prune operation(s) refusing to run to bring it back below the 85% mark. |
Beta Was this translation helpful? Give feedback.
-
|
@cm-ops im reinstall and im have windows logs in Dashboard but im dont have Windows alerts in Alerts, Hunt and Detections. |
Beta Was this translation helpful? Give feedback.
-
|
In ElastAlert Hunt this problems |
Beta Was this translation helpful? Give feedback.
-
|
https://docs.securityonion.net/en/2.4/elasticsearch.html#status-pending <-- Pending status for Elasticsearch If you run this does it show the index? |
Beta Was this translation helpful? Give feedback.
-
|
its from manager |
Beta Was this translation helpful? Give feedback.
-
|
and if write "sudo so-elasticsearch-query _cat/shards | grep UN" all good, no on shard |
Beta Was this translation helpful? Give feedback.
-
|
when entering tail -f /opt/so/log/soc/sensoroni-server.log | grep -i elastalert I have a lot of errors |
Beta Was this translation helpful? Give feedback.
-
|
hello je souhaite integrer the hive+cortex à securityonion pour la réponse
à l'incident peut tu m'aider ?
Le lun. 23 juin 2025 à 12:19, Chris Morgret ***@***.***> a
écrit :
… There is no ingest node, so the data cannot be parsed before indexing.
You need to add a search node to your grid or reinstall the manager as a
managersearch. Please take a look at
https://docs.securityonion.net/en/2.4/architecture.html for
descriptions/functions/roles of the different nodes in Security Onion.
—
Reply to this email directly, view it on GitHub
<#14727 (reply in thread)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/BGYYX5ZS4QEX5NMEL7IH7PD3E7WDRAVCNFSM6AAAAAB65L4ZVWVHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTGNJVGA2TQNI>
.
You are receiving this because you commented.Message ID:
<Security-Onion-Solutions/securityonion/repo-discussions/14727/comments/13550585
@github.com>
|
Beta Was this translation helpful? Give feedback.
-
|
@NeymarRokia please start a new post for your question. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Hello everyone
After executing the sudo soup command, the nodes stopped seeing each other.
I restored the car from a SnapShot.
The nodes saw each other.
However, the Elastic Search Pending on the master error occurred.
I am attaching screenshots of errors, please help me solve them.
Version SO: 2.4.120
My installation: Heavy Node, Search Node, Manager, Sensor
Beta Was this translation helpful? Give feedback.
All reactions