[prev in list] [next in list] [prev in thread] [next in thread] 

List:       security-onion
Subject:    Re: [security-onion] ELK indices stuck in read-only, won't accept new events from redis
From:       Dana Nonsense <teraflops () gmail ! com>
Date:       2018-09-27 20:42:20
Message-ID: d408e670-b00d-42e6-813d-5195131bd677 () googlegroups ! com
[Download RAW message or body]


That's on one of the storage nodes. The other doesn't return any indices.

-Dana

On Thursday, September 27, 2018 at 4:41:22 PM UTC-4, Dana Nonsense wrote:
> Yes, I'm seeing:
> curl -s localhost:9200/_cat/indices | grep close
> close logstash-bro-2018.09.16    bygEjt75TEqrkGzSjKrEow
> close logstash-bro-2018.09.17    xmUkvvNkRjy_QCwU86xb2w
> close logstash-ids-2018.09.16    AST-qOEdQ_GuaWAPlQ0npQ
> close logstash-bro-2018.09.15    jva5GR0cQwC-CFpaDuUcuQ
> close logstash-ids-2018.09.15    UoscFk5YTqaJZgAPzcQcdg
> close logstash-syslog-2018.09.16 1tJfpPFZThi3AxaR_4vuCw
> close logstash-syslog-2018.09.17 GkFd04DWSJ28ABlo6xS6jg
> close logstash-bro-2018.09.13    m-UyU58rRYKCgCkI_tBAAg
> close logstash-ids-2018.09.17    IbXXvf-dQ1SzqiO1dASawQ
> 
> ***********
> Those are my oldest indices
> 
> -Dana
> 
> 
> 
> On Thursday, September 27, 2018 at 1:21:26 PM UTC-4, Wes wrote:
> > No problem, Dana.    
> > 
> > 
> > In an effort to prevent this from happening in the future, may I ask the output \
> > of the following (from the storage node(s))? 
> > 
> > curl -s localhost:9200/_cat/indices | grep close
> > 
> > 
> > 
> > Does that come back with anything?
> > 
> > 
> > Thanks,
> > Wes
> > 
> > 

-- 
Follow Security Onion on Twitter!
https://twitter.com/securityonion
--- 
You received this message because you are subscribed to the Google Groups \
"security-onion" group. To unsubscribe from this group and stop receiving emails from \
it, send an email to security-onion+unsubscribe@googlegroups.com. To post to this \
group, send email to security-onion@googlegroups.com. Visit this group at \
https://groups.google.com/group/security-onion. For more options, visit \
https://groups.google.com/d/optout.



[prev in list] [next in list] [prev in thread] [next in thread]