Getting error occured in Alerts dashboard and publicBaseUrl popup

[axenstarr]

Hello,

When I go into the alerts dashboard I am getting the "an error occured. View more". When I view more I get the following results:

Status: Could not locate field: kibana.alert.workflow_status
Severity: Could not locate field: kibana.alert.severity
User: Could not locate field: user.name
Host: Could not locate field: host.name

I am also getting a popup to configure server.publicBaseUrl and I am not sure how to go about that.

The learn more does not really explain where to go to fix that.
server.publicBaseUrl
The publicly available URL that end-users access Kibana at. Must include the protocol, hostname, port (if different than the defaults for http and https, 80 and 443 respectively), and the server.basePath (if configured). This setting cannot end in a slash (/).

I was wondering if someone could explain how to fix this? I just finished the install in the last couple weeks so still really green to LME andnot a linux expert...yet.

Thank you!

Scott

[axenstarr]

I'm wondering if the alerts error is permissions but I have no idea where to look.

[aarz-snl]

Have you installed an agent on an endpoint for testing yet with sysmon?

If you do not have any data it will say that those fields are not located -- because they dont exist in the indices.

See docs here:

https://github.com/cisagov/LME/tree/main/docs/markdown

If you have successfully installed the first install playbook, and post install playbook -- your next step will be to install agents on an endpoint. You wont be collecting any logs until agents are installed.