Accidentally deleted .security index for x-pack

So by some horrible error we deleted the .security index for x-pack. How do we get that back? We tried reinstalling in a lab deployment and it didnt seem to recover that index.

nm, it seems to have come back

For reference, in case anyone stumbles upon this thread, X-Pack automatically creates the .security index as needed, and you shouldn't need to reinstall the X-Pack plugin to resolve this sort of issue.

Assuming you don't have a snapshot that you can/want to restore from, then the safest/easiest course of action is:

  1. Restart your cluster. This step will clear the security caches and make it easier to work with, and it will make sure the template for your security index is present and up to date. This will not automatically create the .security index.
  2. From a security point of view, you now have a "new" cluster, so the reserved users elastic and kibana will have reset to their default "changeme" passwords.
  3. Follow the standard instructions for setting the passwords for the elastic and kibana users.
  4. When you set the passwords for those users, X-Pack will automatically create the .security index.
  5. Re-create any other users and roles that you need in the native realm

Obviously, if you have a snapshot that you can restore from that will be better than rebuilding your security realms from scratch.


This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

For step number 3 the instructions for 7.x are documented at elasticsearch-setup-passwords | Elasticsearch Guide [7.17] | Elastic.