so i am really kinda frustrated at this moment , if you give me an instruction to follow, and i do exactly as requested. it does not give me what i expect according to you instructions . e.g, i did this query ( data.win:*) but is says EXPAND YOU TIME RANGE . but you said earlier (By default, Wazuh looks at the last 24 hours. We will want to adjust this time frame later in the lab, but leave the date and time as is for now) at this point i can’t pull any query and even when i do the next query (data.win.system.severityValue:ERROR), its still dont work, it tells me same thing EXPAND YOUR TIME RANGE, I then now decide to play with the time range thing, yet same error. please what is going on here? please everyone ,is anybody else feeling my pain because this is holding me back and spoiling the fun for me to look forward to get on my system to study because i’m not moving forward. @CYBRARYANKIT635 @Cybrary20231
I will run though this lab today and make sure it’s working as expected.
So when I run the lab, I first connect Windows to Wazuh per the instructions. Then when I check data.win:* I see…
Now, it can take a minute or so (sometimes) for Wazuh to see some Windows alerts. I have seen cases where there were no alerts immediately but then they start to flow in shortly. From what I can see the lab is functioning.
I just hit refresh and even more logs have come in:
One minor nit I have with the lab is that it should start you on the Wazuh server and not the Windows server. You need the IP of the Wazuh server first. It’s not a showstopper, but I imagine this may cause some confusion.
Here is what I see when I expand the time range:
Now one thing I am doing that is not called out in the lab is to click the REFRESH button. I think this may be part of your issue (and I’m blaming the lab steps here not you).
I am going to add some clarification to the lab steps.
Here is what I see for the data.win.system.severityValue:ERROR
As a little time passes more and more logs come in.
i have done exactly and follow steps , yet its not working for me, have refreshed many times and yet noting came up, i even changed times ranges yet nothing but when i change time range to 1 year it will show but its not showing me current logs so i can use to answer my task…
so when i do the 1 year, it gives me this
now i going to try the other query and see what its gives me
