Session Title

One-line summary of the session purpose and outcome.

Overview

Field Value

Field	Value
Date	YYYY-MM-DD
Duration	X hours
Systems	k3s, vault-01, wazuh
Type	Troubleshooting / Configuration / Deployment / Investigation
Outcome	Success / Partial / Ongoing
Raw Log	`attachments/sessions/YYYY-MM-DD-name.log`

Date

YYYY-MM-DD

Duration

X hours

Systems

k3s, vault-01, wazuh

Type

Troubleshooting / Configuration / Deployment / Investigation

Outcome

Success / Partial / Ongoing

Raw Log

attachments/sessions/YYYY-MM-DD-name.log

Objective

What we were trying to accomplish.

Environment

# Key environment details discovered during session
kubectl version --short
vault status

Session Log

Phase 1: Discovery

# Command 1
$ tlog kubectl get pods -n wazuh
NAME                        READY   STATUS    RESTARTS   AGE
wazuh-manager-master-0      1/1     Running   0          2d

Analysis

The pods are running but archives not indexing.

Phase 2: Investigation

# Command 2
$ tlog netapi wazuh indices --raw | jq '.[] | select(.index | contains("archives"))'

Analysis

No archives indices exist - confirms the problem.

Phase 3: Resolution

# Fix command
$ tlog kubectl exec -n wazuh wazuh-manager-master-0 -- /var/ossec/bin/ossec-control restart

Root Cause

Technical explanation of what was wrong and why.

Resolution

Steps taken to fix the issue.

Verification

# Verify fix worked
$ tlog netapi wazuh count

Key Learnings

Learning 1 - Explanation
Learning 2 - Explanation
Learning 3 - Explanation

Follow-up Tasks

Task 1
Task 2
Task 3

Add related documentation links when converting this template.