When you restore data from a different Sentinel server, the following dashboards are not displayed: Alerts, Threat Hunting, and User Activities. To display these dashboards, you must configure your Sentinel server.
To restore dashboards:
Login to the Sentinel server where you want to restore data as a root user.
Configure the /opt/novell/sentinel/3rdparty/elasticsearch/config/elasticsearch.yml file.
Set the network.host to <IP address of the Sentinel server>.
Restart the Sentinel Server.
Delete the security.events.normalized_* index index pattern from Sentinel:
Login to Sentinel.
Open an affected dashboard.
Click Management > Index Patterns.
Delete security.events.normalized_*.
Click Remove index pattern.
Run the following command to delete the security.events.normalized_* index index from Elasticsearch:
curl -X DELETE {ES_IP}:9200/security.events.normalized_*
Re-create the index pattern:
Go to cd opt/novell/sentinel/bin.
Run the following command to apply mapping template on events index on the Elasticsearch:
./elasticsearch_index_template.sh {ES_IP} 9200 security.events.normalized_* <Number of Shards> <Number of Replicas>
Run the following command to re-create the index pattern:
./create_kibana_index_pattern.sh {ES_IP:9200} security.events.normalized_*