wazuh
Docker Module Error on Wazuh Dashboard
| Wazuh version | Component | Install type | Install method | Platform |
|---|---|---|---|---|
| 4.11.0-1 | Wazuh dashboard | Indexer/Manager/dashboard/Agent | Quick Start | Oracle Linux 8 |
Hello Team,
An error was encountered when viewing events for the docker module on the Wazuh dashboard. I have attached a screenshot below to show more details of the error, and there are also other users with the same issue.
Kindly help to investigate this.
@shegzon please, provide the steps carried out to reproduce the error so we can determine the origin of the error.
@fdalmaup, I tried to configure docker monitoring by following the below link as a guide. After performing the setup, I wanted to view the docker-related events by navigating to the docker module on the dashboard, but upon getting to that section, I encountered the error:
- https://documentation.wazuh.com/current/user-manual/capabilities/container-security/monitoring-docker.html
This seems to be directly related to a fix added in Wazuh 4.11.1, which adds the data.docker.from field definition as a known field.
- https://github.com/wazuh/wazuh-dashboard-plugins/pull/7318
As a workaround, you should be able to manually update the wazuh-alerts-* index-pattern.
- Go to Dashboard management --> Index patterns
- Select the
wazuh-alerts-*index pattern - You can check if you can find the
data.docker.fromfield, for instance - Either way, please press the Refresh field list button located in the top-right corner
Once the index pattern is updated, check if the Docker Event table works as expected.
I will close this issue as done. Feel free to open it again if the problem persists.