I had previously used Elasticsearch and Kibana for testing. They were both "installed" (if you want to call it that) by downloading their respective DEB packages. I unpacked them put them in a directory I saw fit and used the binaries starting in the foreground as necessary. They always stopped running whenever my SSH connection to the server running them broke over night (as they were obviously running in that terminal only).
When I found myself unable to daemonize them using "systemctl start elasticsearch" or "kibana" and read up I'd have to use the RPM package instead I downloaded that and installed it. After that I deleted the folders the DEB packages were located in and configured the new installation as I had before (simply point Kibana to elasticsearch and present at port 5601 of the server running it so I can access it with another PC).
When I now open the interface I get HTTP status code 403 on almost all actions. Oddly my index was still there and the names of my visualizations also still showed up but I could not open them (nor browse any other previously accessible data).
This did NOT surprise me.
I was expecting to delete all data and I am fine with that. What I was not expecting is this half broken in between state of accessible but not working setup and I do not know how to respond to it.
I would be totally fine with completely wiping the elasticsearch/kibana installation if you know how to reliably do that. My goal is to reach a state where I can start injecting logs from my syslog-ng instance again, browse and visualize them. I do not care about previous data.