Problem with LME .siem-signals-default #147
Comments
|
Hi Ed, Yes, this is likley created by the issue 140. Do you have any indexes named ".siem-signals-default-00000x" ? if you do it should be possible to assign the latest as the write index, if not a new one can be created and assigned as the write index. Kind Regards, |
|
Hi Duncan, Thanks for this, do you have any guidance on how to do this? I have had a nosey around but not 100% confident on how to do this. Thanks in advance Ed |
|
HI Duncan, I have now managed to fix this issue, many thanks for all help (once again!). For those who want to know how to do this in future you need to use the dev tools, identify the latest index and enter the index name you want change (or create), the alias name the index is assigned to and the value Put .siem-signals-default-YOUR INDEX NUMBER |
Hi,
I am having an issue with the above index. I think this is related to issue 140 where i deleted all the problematic indices. the error message is below... Wil l need to recreate the name index? If so can you point me in the right direction?
illegal_argument_exception: rollover target [.siem-signals-default] does not point to a write index (400)
{
"name": "Error",
"body": {
"message": "illegal_argument_exception: rollover target [.siem-signals-default] does not point to a write index",
"status_code": 400
},
"message": "Bad Request",
"stack": "Error: Bad Request\n at fetch_Fetch.fetchResponse (https://Server_IP/46953/bundles/core/core.entry.js:8:57198)\n at async https://Server_IP/46953/bundles/core/core.entry.js:8:55366\n at async https://Server_IP/46953/bundles/core/core.entry.js:8:55323"
Thanks
Ed
The text was updated successfully, but these errors were encountered: