Strage elasticsearch indexes
182 views
Skip to first unread message
Jorge Martins
Apr 9, 2020, 12:58:27 PM4/9/20
to Wazuh mailing list
Hi,
In the past fews monts i've been getting some problemas with wazuh/elasticsearch
The status would turn Red and I always have to restart elastic search to turn to yellow
Today I noticed something strange, on Kibana on the Index management option I saw this indexes.
Is this normal?
Thanks
Franco Giovanolli
Apr 10, 2020, 8:07:02 AM4/10/20
to Wazuh mailing list
Hi Jorge, these indexes don't seem related to Wazuh.
Is there any Wazuh related information in these data indexes?
Regards,
Franco.
Jorge Martins
Apr 12, 2020, 9:10:41 PM4/12/20
to Wazuh mailing list
Hi,
I'm not very knowledgeable on elasticsearch, but I don't think it as any information of wazuh.
Is there any information you like to see?
This is an example of one of the indexes. Im using Index management in Kibana:
{ "settings": { "index": { "creation_date": "1582802984189", "number_of_shards": "5", "number_of_replicas": "1", "uuid": "0NK5PJ7YQgC3dXyjerxiwA", "version": { "created": "6080199" }, "provided_name": "index.jsp" } }, "defaults": { "index": { "max_inner_result_window": "100", "unassigned": { "node_left": { "delayed_timeout": "1m" } }, "max_terms_count": "65536", "lifecycle": { "name": "", "rollover_alias": "", "indexing_complete": "false" }, "routing_partition_size": "1", "max_docvalue_fields_search": "100", "merge": { "scheduler": { "max_thread_count": "2", "auto_throttle": "true", "max_merge_count": "7" }, "policy": { "reclaim_deletes_weight": "2.0", "floor_segment": "2mb", "max_merge_at_once_explicit": "30", "max_merge_at_once": "10", "max_merged_segment": "5gb", "expunge_deletes_allowed": "10.0", "segments_per_tier": "10.0", "deletes_pct_allowed": "33.0" } }, "max_refresh_listeners": "1000", "max_regex_length": "1000", "load_fixed_bitset_filters_eagerly": "true", "number_of_routing_shards": "5", "write": { "wait_for_active_shards": "1" }, "mapping": { "coerce": "false", "nested_fields": { "limit": "50" }, "depth": { "limit": "20" }, "ignore_malformed": "false", "total_fields": { "limit": "1000" } }, "source_only": "false", "soft_deletes": { "enabled": "false", "retention": { "operations": "0" }, "retention_lease": { "period": "12h" } }, "max_script_fields": "32", "query": { "default_field": [ "*" ], "parse": { "allow_unmapped_fields": "true" } }, "format": "0", "frozen": "false", "sort": { "missing": [], "mode": [], "field": [], "order": [] }, "priority": "1", "codec": "default", "max_rescore_window": "10000", "max_adjacency_matrix_filters": "100", "gc_deletes": "60s", "optimize_auto_generated_id": "true", "max_ngram_diff": "1", "translog": { "generation_threshold_size": "64mb", "flush_threshold_size": "512mb", "sync_interval": "5s", "retention": { "size": "512mb", "age": "12h" }, "durability": "REQUEST" }, "auto_expand_replicas": "false", "mapper": { "dynamic": "true" }, "requests": { "cache": { "enable": "true" } }, "data_path": "", "highlight": { "max_analyzed_offset": "-1" }, "routing": { "rebalance": { "enable": "all" }, "allocation": { "enable": "all", "total_shards_per_node": "-1" } }, "search": { "slowlog": { "level": "TRACE", "threshold": { "fetch": { "warn": "-1", "trace": "-1", "debug": "-1", "info": "-1" }, "query": { "warn": "-1", "trace": "-1", "debug": "-1", "info": "-1" } } }, "throttled": "false" }, "fielddata": { "cache": "node" }, "default_pipeline": "_none", "max_slices_per_scroll": "1024", "shard": { "check_on_startup": "false" }, "xpack": { "watcher": { "template": { "version": "" } }, "version": "", "ccr": { "following_index": "false" } }, "percolator": { "map_unmapped_fields_as_text": "false", "map_unmapped_fields_as_string": "false" }, "allocation": { "max_retries": "5" }, "refresh_interval": "1s", "indexing": { "slowlog": { "reformat": "true", "threshold": { "index": { "warn": "-1", "trace": "-1", "debug": "-1", "info": "-1" } }, "source": "1000", "level": "TRACE" } }, "compound_format": "0.1", "blocks": { "metadata": "false", "read": "false", "read_only_allow_delete": "false", "read_only": "false", "write": "false" }, "max_result_window": "10000", "store": { "stats_refresh_interval": "10s", "type": "", "fs": { "fs_lock": "native" }, "preload": [] }, "queries": { "cache": { "enabled": "true" } }, "ttl": { "disable_purge": "false" }, "warmer": { "enabled": "true" }, "max_shingle_diff": "3", "query_string": { "lenient": "false" } } }}I don't know how this happened, I don't have any other software on this server besides elastic and wazuh.
Is it safe to delete the index?
Thanks
Franco Giovanolli
Apr 16, 2020, 12:09:58 AM4/16/20
to Jorge Martins, Wazuh mailing list
Hello Jorge, indeed those indices have no relation to Wazuh.
Regards!
Regards!
--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/c165cf2f-5466-4b9d-86c4-8b1d85ca77f7%40googlegroups.com.
 | Franco Giovanolli Cloud Team  The Open Source Security Platform |
Reply all
Reply to author
Forward
0 new messages