About elastic search .monitoring indexes 6.2.0


(Ortal Pinhas) #1

hi, good evening,
I wanted to know if the following scenario is a valid scenario from elastic search side.
lets say i installed elastic search secure cluster by using xpack-> .monitoring indexes created.
now on same env, i am installing elastic search non secure->.monitoring indexes are still there.
is this scenario is a valid scenario, if yes -> what is the solution for those indexes?

thanks a lot for any response.

(Mark Walkom) #2

It's not 100% clear what you are asking here.

Are you saying that if you install Elasticsearch with Security and the let Monitoring create indices, then reinstall it without Security you can still see the old data?

(Ortal Pinhas) #3

yes. exactly.

(Mark Walkom) #4

What OS are you on?

(Ortal Pinhas) #5


(Mark Walkom) #6

The Security functionality will prevent access to data, yes.

But when you uninstall most things on linux (eg debian/rhel based ones) they will leave the application data there, you need to use a purge to totally get rid of it.

So when you reinstall Elasticsearch without Security, the data will still be there but without the access control.

(Ortal Pinhas) #7

thank you.
can you please let me know:

  1. if moving from secure to non secure on same linux env is a valid scenario?
  2. what is the reason to keep the data when moving from secure to non secure?
  3. what will be the impact of deleting this data?

(Ortal Pinhas) #8

can you please advise?

(Christian Dahlqvist) #9

I am not sure I am following. The monitoring indices are related to just monitoring, not security. There are lots of users using monitoring without security, so I do not understand why they should be removed if you disable security.

If you are not using Monitoring, you can probably delete the .monitoring* indices without any impact.

(Ortal Pinhas) #10

if i understand correctly, in your documentation you mentioned that .monitoring indices created by xpack. is it correct? which data the .monitoring indices is holding and which users have access to this data?

(Christian Dahlqvist) #11

Those indices are indeed created by X-Pack, and are used by monitoring, which is available with the free basic license. If you are not disabling security but instead replacing the default distribution with the OSS one, that distribution is not aware of any special indices and therefore does not delete anything.

(Ortal Pinhas) #12

thanks a lot. got you. can you please let me know which data the .monitoring is holding?

(Christian Dahlqvist) #13

As the name suggests they are holding monitoring data collected for the components in the stack. The exact contents will depend on which components you have had monitoring enabled for.

(system) #14

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.