Reset the configuration of Elastic
A Abs
is it possible to reset everything on Elastic to the state of after setup the SO . i don't mind to lose the data.i just want to Elastic start working (as it is failed to create index pattern) without re-installing the SO as everything like Snort/Sguil/Bro/Squert are working fine.
Thanks
Wes Lambert
--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
To post to this group, send email to securit...@googlegroups.com.
Visit this group at https://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.
A Abs
Hello Wes,
thanks for replay.i run the "so-elastic-reset" and nothing happened.it show me the indexes with Green health and status as Open.i look at the script and it look like is use the Curl XDELETE /logstash-* to delete all the indexes. i run that commend from bash (curl -XDELETE ...) and it return an error that the wildcard not allowed.i run the DELETE /logstash-* from kibana "Dev Tools" and get the same error.
i try to delete the indexes one-by-one and but it look like the Elastic not returning to it's default state.maybe it need to re-install full SO from scratch.
Thanks,
Wes Lambert
A Abs
Hello Wes,
That erased all of the indices but not resetting Elastic config to its default state after installation of SO.even deleting the Docker images of Kibana and Elastic didn't help.I go for a clean install of SO eventually.
Thanks for your help.