I am using Elasticsearch 1.7.1
After I create my indexes, I do not want to delete existing indexes. (Either manually or by some unintentional execution from my es.)
Is it possible to set any configurations in elasticsearch and restart the service to achieve the above?
I have tried these steps but it is not helping me out.
As for preventing index deletion via a wildcard /* or /_all, one thing i can do is to add the following settings to your config file:
action.destructive_requires_name: true
I have solve this by http CORS elasticsearch.
Related
I am having trouble finding any information about this in documentation. In the config/application.yml file under storage.elasticsearch7 I see various configuration options. Is there a way to ensure that the indexes that get created are created using a given index template or ILM policy? I am running the helm chart for the ELK stack and ES version 8.0.0-SNAPSHOT.
My goal is to just delete indexes from SW after 2 weeks so that my cluster doesn't run out of shards.
I created a lifecycle that performs the delete action after a set time, and then I added this configuration to the skywalking application.yml under storage.elasticsearch7:
advanced: ${SW_STORAGE_ES_ADVANCED:"{\"index.lifecycle.name\":\"sw-policy\"}"}
SW creates index templates, and now I see that this is part of the template, and indeed the indexes have this sw-policy attached.
I am trying to deleate all the logs that are were stored 14 days ago or before in elasticsearch. I have installed curator , and created the config file and the action file, in this way:
curator.yml configuration file
My elasticsearch is running in localhost:8080 ,and kibana in localhost:80
delete_indices action file
With both configurations file, I execute the currator with the config files and i obtain this:
command execution
You can see in the following image, my index name in kibana:
filebeat index in kibana
I've already tried many things, however I didn't manage to make it work, it allways says there is no index with this name. Do someone know where could be the issue?
Edit 1:
With your help, I managed to get the exact index name, however I still have the same problem:
modified delete_indices.yml file
That's what i get when i enter GET _cat/indices:
my indices
The problem was that curator will not act on any index associated with an ILM policy without setting allow_ilm_indices to to true.
The solution was:
More information: https://www.elastic.co/guide/en/elasticsearch/client/curator/5.8/option_allow_ilm.html
I have created some index in Elasticsearch with mapper attachment plugin. However, when I try to create index in Kibana, I could not find back any data created in Elasticsearch for making dashboard in Kibana
Is there any way to resolve this issue?
Try running http://:9200/_cat/indices?v
The above will return all indexes you have. Once you verified that your mapper attachment index is there, go to Kibana at Settings tab and select the checkbox that say your index do not contain time series data. Now write your index name and I hope you find it. Also, make sure your Kibana is configured to point to the Elasticsearch server your index resides. This is configured in the config/kibana.yaml.
Hope I have managed to help!
I have a parent/child relationship setup in elastic search. When I try to update the parent it sometimes works and sometimes not. I believe I've narrowed it down to getting a missing document error because I can't figure out how to specify routing using logstash. (Parent/Child relationships must route to the same shard). I thought elasticsearch would do this automatically given that I have setup the routing path in the mappings but it only seems to work when I specify the routing paramater in the REST API URL. But, logstash doesn't seem to have a way to add that when updating. I'm using the logstash elastic-search output plugin with http protocol.
To add to my confusion it seems elasticsearch 1.5 is deprecating the "path" property in mappings.
Is there any way to ensure proper routing with parent/child updates using logstash?
How to authenticate/secure index creation/deletion operations in ElasticSearch 1.0.0 cluster? also would like to know how to disable delete index operation on ElasticSearch HQ plugin? I tried following settings in elasticsearch.yml file, but still allows user to perform the operations.
action.disable_delete_all_indices: true
action.auto_create_index: false
Apprrecaite any inputs.
Write a custom ConnectionPool class and use that instead of the default connection pools that ship with the client and make auth parameters as mandatory.
Now you can authenticate user every time.
You can use Pimple, It is a simple PHP Dependency Injection Container
example:
$elasticsearch_params['connectionParams']['auth'] =
array($collection['username'],$collection['password'],'Basic')