In version 7.0.1, any value for the type that is different from "_doc" is not correct and will cause problems.
Check on the value of type for the index (in this example, .alertrules index is used):
curl -u username:password -XGET "http://127.0.0.1:9200/.alertrules/_search?pretty"
To restore default base indices, run the following:
Do a backup of the index in question via elasticdump command:
/usr/share/kibana/elasticdump/elasticdump --input=http://username:password@127.0.0.1:9200/.alertrules --output="/root/alertrules.json" --type=data
Remove the index:
curl -u username:password 127.0.0.1:9200/.alertrules -XDELETE
Restore the index:
/usr/share/kibana/elasticdump/elasticdump --output=http://username:password@127.0.0.1:9200/.alertrules --input="/root/alertrules.json" --type=data
Log in to kibana and click "save."
You can also restart elastalert to make sure.
Comments
0 comments
Please sign in to leave a comment.