I just set up a new ELK cluster made by: 3 master/data nodes, 2 coordinating nodes and 1 kibana node, version 6.7. I have some filebeats sending data to logstash, then logstash sends data to elasticsearch.
I tried sending some logs through filebeat->logstash->elastic and I was able to index them. From Kibana, I created a index pattern for my new data and everything went fine until yesterday, where I decided to delete index and index pattern and create them anew.
Trying to delete them from Kibana resulted in a "403 Forbidden" error that I don't seem to be able to resolve.
I also tried to delete index with Postman from my laptop, always getting a 403 forbidden.
I'm running out of ideas. Here's the config of one of my nodes. Any suggestion would be appreciated.
# This file is being managed by Ansible. Do not modify! # CLUSTER cluster.name: cluster # NODE node.name: es-1 node.master: true node.data: true node.ingest: true node.attr.rack_id: rack-1 # CLUSTER cluster.routing.allocation.awareness.attributes: rack_id cluster.routing.allocation.node_concurrent_recoveries: 2 # PATH path.data: /data/elasticsearch path.logs: /var/log/elasticsearch # NETWORK network.host: 192.168.0.203 transport.tcp.port: 9300 transport.tcp.compress: true http.port: 9200 http.enabled: true http.cors.enabled: true http.cors.allow-origin: "*" http.compression: true # DISCOVERY discovery.zen.ping.unicast.hosts: ["192.168.0.203", "192.168.0.204", "192.168.0.205"] discovery.zen.minimum_master_nodes: 2 discovery.zen.ping_timeout: 10s discovery.zen.fd.ping_retries: 3 discovery.zen.fd.ping_interval: 3s discovery.zen.fd.ping_timeout: 30s # OTHER # Set this property to true to lock the memory: bootstrap.memory_lock: true action.auto_create_index: true action.destructive_requires_name: true