Diagnosing dirty uninstall (ES & Kibana)

I had previously used Elasticsearch and Kibana for testing. They were both "installed" (if you want to call it that) by downloading their respective DEB packages. I unpacked them put them in a directory I saw fit and used the binaries starting in the foreground as necessary. They always stopped running whenever my SSH connection to the server running them broke over night (as they were obviously running in that terminal only).
When I found myself unable to daemonize them using "systemctl start elasticsearch" or "kibana" and read up I'd have to use the RPM package instead I downloaded that and installed it. After that I deleted the folders the DEB packages were located in and configured the new installation as I had before (simply point Kibana to elasticsearch and present at port 5601 of the server running it so I can access it with another PC).
When I now open the interface I get HTTP status code 403 on almost all actions. Oddly my index was still there and the names of my visualizations also still showed up but I could not open them (nor browse any other previously accessible data).
This did NOT surprise me.
I was expecting to delete all data and I am fine with that. What I was not expecting is this half broken in between state of accessible but not working setup and I do not know how to respond to it.

I would be totally fine with completely wiping the elasticsearch/kibana installation if you know how to reliably do that. My goal is to reach a state where I can start injecting logs from my syslog-ng instance again, browse and visualize them. I do not care about previous data.

I have seen this before. Yeah so we store the user’s history in their browser, so you’d need to clear their browser data for that domain (probably localhost:5601) for that data to disappear
You can do this in devtools by clearing the localstorage


Hi rashmi,

thanks for the reply. I am using Firefox so everything looks a little different.
I checked for cockies with the dev console in the Kibana tab and in the cookie manager (in settings) of Firefox. There are no cookies in the dev console nor can i find any ones matching the IP the instance is running on in the cookie manager.

For example, when I navigate to the 'Discover' tab i get the following error message:
I suppose the 'status code' is the HTTP status code but can't really do much with the stack trace.

Config: Request failed with status code: 403

Error: Request failed with status code: 403 


It appears i fixed it by renaming all old indices and starting with a new index and data.
I simply renamed /var/lib/elasticsearch/nodes to old_nodes.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.