hi, good evening,
I wanted to know if the following scenario is a valid scenario from elastic search side.
lets say i installed elastic search secure cluster by using xpack-> .monitoring indexes created.
now on same env, i am installing elastic search non secure->.monitoring indexes are still there.
is this scenario is a valid scenario, if yes -> what is the solution for those indexes?
thanks a lot for any response.
It's not 100% clear what you are asking here.
Are you saying that if you install Elasticsearch with Security and the let Monitoring create indices, then reinstall it without Security you can still see the old data?
yes. exactly.
What OS are you on?
Linux
The Security functionality will prevent access to data, yes.
But when you uninstall most things on linux (eg debian/rhel based ones) they will leave the application data there, you need to use a purge to totally get rid of it.
So when you reinstall Elasticsearch without Security, the data will still be there but without the access control.
thank you.
can you please let me know:
can you please advise?
I am not sure I am following. The monitoring indices are related to just monitoring, not security. There are lots of users using monitoring without security, so I do not understand why they should be removed if you disable security.
If you are not using Monitoring, you can probably delete the .monitoring* indices without any impact.
if i understand correctly, in your documentation you mentioned that .monitoring indices created by xpack. is it correct? which data the .monitoring indices is holding and which users have access to this data?
Those indices are indeed created by X-Pack, and are used by monitoring, which is available with the free basic license. If you are not disabling security but instead replacing the default distribution with the OSS one, that distribution is not aware of any special indices and therefore does not delete anything.
thanks a lot. got you. can you please let me know which data the .monitoring is holding?
As the name suggests they are holding monitoring data collected for the components in the stack. The exact contents will depend on which components you have had monitoring enabled for.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.