Kibana - Index Pattern Fatal Error
Max S.
I have been having issues with Kibana v6.3.2, which keeps landing on this error message (see attached screenshot) when I attempt to remove the Index Pattern. I will greatly appreciate any help on how to get this resolved.
blocked by: [FORBIDDEN/12/index read-only / allow delete (api)];: [cluster_block_exception] blocked by: [FORBIDDEN/12/index read-only / allow delete (api)];
Thanks in advance.
-Max
Wes
Hi Max,
You may want to see the following:
https://groups.google.com/d/msg/security-onion/7PbN3cwm2Bs/rtsmsgz3AQAJ
Thanks,
Wes
Max S.
Thanks Wes!
While this issue still persist, I wanted to ask... is it possible to completely uninstall Elastic and all it packages and do a fresh installation without having to reinstall Security Onion itself?
Wes Lambert
curl -XPUT -H "Content-Type: application/json" http://localhost:9200/_all/_settings -d '{"index.blocks.read_only_allow_delete": null}'
--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
To post to this group, send email to securit...@googlegroups.com.
Visit this group at https://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.
Max S.
I tried the suggested curl command and got this: {"acknowledged":true}. I also ran the "so-elastic-configure" and the status of elastic came back "Ok."
Status: Elastic stack
* so-elasticsearch [ OK ]
* so-logstash [ OK ]
* so-kibana [ OK ]
* so-curator [ OK ]
* so-elastalert [ OK ]
So, I cleared my browser cache, launch Kibana afresh, set *:logstash-* as my index pattern and attached is the output when I clicked on the "Dashboard" tab.
Please advise.
