Help understanding and remediating these logs

[Clarence Miranda]

Was checking on my wazuh server and these 3 logs keep showing up in the server:

ERROR  Could not create wazuh-monitoring-2024.11w index on elasticsearch due to index_create_block_exception: [index_create_block_exception] Reason: blocked by: [FORBIDDEN/10/cluster create-index blocked (api)];

ERROR  index_not_found_exception: [index_not_found_exception] Reason: no such index [wazuh-monitoring-2024.11w]

INFO  index_create_block_exception: [index_create_block_exception] Reason: blocked by: [FORBIDDEN/10/cluster create-index blocked (api)];

how do I remediate these errors as it wont let me see the alerts.

[Carlos Vendrell]

Hello,

As far as I can see from this error:

ERROR: Could not create wazuh-monitoring-2024.11w index on Elasticsearch
The index_create_block_exception error suggests that the Elasticsearch cluster is currently configured to block index creation. This can happen due to various reasons such as cluster settings explicitly disallowing index creation, disk watermarks being exceeded (which automatically prevents new indices from being created to protect the cluster), or other cluster-level restrictions.

For instance, if you are using Elasticsearch on AWS, and the protection is enabled,  if the metric exceeds a certain percentage, some operations can be blocked, such as write operations like index creation.

Hope it helps, 

Carlos