24. 11. 2025 Attilio Broglio Log-SIEM, NetEye

How to Fix Transformation Problems After Upgrading to Elasticsearch 9.0

With the upgrade to NetEye 4.44, we’ve added a lot of new features (https://www.neteye-blog.com/2025/10/neteye-4-44-release-notes/) and, from my point of view, one of the most relevant is the introduction of Elastic Stack 9.

This Elasticsearch major release (https://www.elastic.co/guide/en/elastic-stack/9.0/elastic-stack-release-notes.html) includes some new functionalities such as: ESQL Lookup Joins , LogsDB Index Mode Optimizations, etc.

During various migrations we faced some issues linked to transformations linked to integrations. Indeed, after the systems began running on Elasticsearch 9, some errors like the following arose within NetEye:

These problems looked like they were linked to missing permissions for a specific user, but after some investigation we found out that the user in question was directly managed by Elastic. So, updating/fixing these permissions should be managed by the ELK stack.

So, following the broken Transformation, i.e. logs-elasticsearch.index_pivot-default, we found that the Health status was not OK, and then also that the installed integration was in “Warning”.

The integration had a Warning message like the one in this picture, and under Transform you can find a “Reauthorize all” button that managed all required permissions for the internal user.

Clicking on it will fix the broken transformation, and data will be correctly transformed by Elasticsearch. The status will be Healthy again and also the NetEye Check will be in an “OK” Status again:

So, if you’re upgrading your NetEye to the latest version with ELK Stack 9, remember to have a look at your Transformation, and if you see problems like these, follow this short tutorial in order to fix them.

These Solutions are Engineered by Humans

Did you find this article interesting? Does it match your skill set? Our customers often present us with problems that need customized solutions. In fact, we’re currently hiring for roles just like this and others here at Würth Phoenix.

Attilio Broglio

Attilio Broglio

Author

Attilio Broglio

Latest posts by Attilio Broglio

28. 10. 2025 ITOA, NetEye, Unified Monitoring
Grafana – Node Graph and Icinga
10. 10. 2025 Icinga Web 2, NetEye, Unified Monitoring
Massive Clean-up of the Icinga custom_var (Services)
28. 08. 2025 NetEye, Unified Monitoring
Massive Update of the Icinga custom_var (Host & Services)
19. 12. 2024 Unified Monitoring
How to Monitor MSSQL in a Synchronized, High-availability Setup
20. 03. 2024 Unified Monitoring
How to Monitor the TOP N RAM-Using Processes
See All

Related Content

Tags: , ,

13. 10. 2025 Log-SIEM, Unified Monitoring

Elastic Defend: Experiences

Around this time last year, I wrote a blog post about improving cybersecurity with Elastic Defend. Now, one year later, we've gained a lot of practical experience with it, which I'd like to share. Elastic Defend is an EDR (Endpoint Read More
30. 09. 2025 NetEye, Unified Monitoring

Business Process Automation on NetEye

In NetEye, 'business processes' is a module used to model and monitor the business process hierarchy to obtain a high-level view of the status of critical applications. In short, they allow monitoring controls of individual components to be aggregated into Read More
30. 09. 2025 APM, Development, NetEye, Unified Monitoring

Segregating APM Data in Elastic: A Practical Guide to a Not-So-Obvious Challenge

If you've worked with Elastic APM, you're probably familiar with the APM Server: a component that collects telemetry data from APM Agents deployed across your infrastructure. But what happens when you need to segregate that data by tenant, especially in Read More
30. 06. 2025 NetEye, Unified Monitoring

Cron Job Monitoring with Tornado (Part 2)

In the first part we created hosts and services to monitor a sequence of script using Tornado. The Tornado Rule Now let's continue with the creation of a Tornado rule: open the NetEye web interface and select Tornado dashboard, then Read More
20. 06. 2025 NetEye, Unified Monitoring

NEP Telegram Notification

Some time ago, my colleague Giuseppe Di Garbo published this article on the NetEye Blog, where he explained how to integrate NetEye notifications with Telegram. It was a great starting point, and in fact many of us used it to Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

Search by technology

Contact

Contact us
Serviceportal

Archive