No Default Index Pattern after update

159 views
Skip to first unread message

bobby.digit...@gmail.com

unread,
Sep 1, 2018, 3:55:44 AM9/1/18
to security-onion
Hi all,

After having run "sudo soup" i'm rendered with no default index pattern in Kibana and can't select *:logstash-* as my default.

Output from Kibana while selecting the *:logstash-* as my default:

Config: Request failed with status code: 403

Error: Request failed with status code: 403
at https://soappliancefqdn/bundles/commons.bundle.js:1:559049
at tryCatch (https://soappliancefqdn/bundles/vendors.bundle.js:58:364500)
at Generator._invoke (https://soappliancefqdn/bundles/vendors.bundle.js:58:366575)
at Generator.prototype.(anonymous function) [as next] (https://soappliancefqdn/bundles/vendors.bundle.js:58:364784)
at step (https://soappliancefqdn/bundles/commons.bundle.js:1:558079)
at https://soappliancefqdn/bundles/commons.bundle.js:1:558206


A few troubleshooting steps:

hulk@soappliancefqdn:~$ sudo du -hsx /nsm/* | sort -rh | head -10
33G /nsm/elasticsearch
1.2G /nsm/sensor_data
43M /nsm/bro
1.3M /nsm/server_data
28K /nsm/logstash
4.0K /nsm/import
hulk@soappliancefqdn:~$ grep LOG_SIZE_LIMIT /etc/nsm/securityonion.conf
LOG_SIZE_LIMIT=26
hulk@soappliancefqdn:~$ curl localhost:9200/.kibana/_settings
{".kibana":{"settings":{"index":{"number_of_shards":"1","auto_expand_replicas":"0-1","blocks":{"read_only_allow_delete":"true"},"provided_name":".kibana","creation_date":"1529228692445","number_of_replicas":"0","uuid":"sxFGGp8xRFuv8iT88CTB8A","version":{"created":"6020499","upgraded":"6030299"}}}}}
hulk@soappliancefqdn:~$

thanks for any help
bobby

Wes Lambert

unread,
Sep 1, 2018, 6:33:23 AM9/1/18
to securit...@googlegroups.com
Hi Bobby,

You may want to see the following to see if it helps:


Thanks,
Wes

--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
To post to this group, send email to securit...@googlegroups.com.
Visit this group at https://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.


--

bobby.digit...@gmail.com

unread,
Sep 1, 2018, 3:44:49 PM9/1/18
to security-onion
Dear Wes,

Thanks for your update, i've seen this post before posting mine and i've tried this to no help. But maybe i'm doing something wrong, the web console always throw's some errors on both the commands..

Is there a way to reset my elasticsearch data's? i mean start clean ?

Let me know,
Bobby

bobby.digit...@gmail.com

unread,
Sep 4, 2018, 2:38:16 AM9/4/18
to security-onion
Just fixed my issue with this curl command on the seconion host SSH console:

curl -XPUT -H "Content-Type: application/json" http://localhost:9200/_all/_settings -d '{"index.blocks.read_only_allow_delete": null}'

and got this

{"acknowledged":true}

And Kibana now works

Reply all
Reply to author
Forward
0 new messages