ES 2.2: index_not_found_exception [logstash-*]

Hello,

I am using ES 2.2/Shield 2.2 and for some reason it fails to acknowledge that logstash-* indexes exist.

Theses are the indexes I currently have:

curl -u admin 'localhost:9200/_cat/indices?v'
Enter host password for user 'admin':
health status index pri rep docs.count docs.deleted store.size pri.store.size
yellow open logstash-2016.02.27 5 1 140220 0 33.4mb 33.4mb
yellow open logstash-2016.02.26 5 1 634279 0 158.3mb 158.3mb
yellow open logstash-2016.02.25 5 1 1323298 0 322.8mb 322.8mb
yellow open .kibana 1 1 3 0 12.4kb 12.4kb
yellow open logstash-2016.02.24 5 1 1383081 0 338.6mb 338.6mb
yellow open logstash-2016.02.23 5 1 382714 0 95.4mb 95.4mb

However, the following command returns index_not_found_exception:

curl -XGET localhost:9200/logstash-/_field_stats?fields=@timestamp
{"error":{"root_cause":[{"type":"index_not_found_exception","reason":"no such index","index":"[logstash-
]"}],"type":"index_not_found_exception","reason":"no such index","index":"[logstash-*]"},"status":404}

Thanks,

Alec

Weird, works fine for me.
Try wrapping the URL in quotes - curl -XGET "localhost:9200/logstash-*/_field_stats?fields=@timestamp"

The problem turned out to be similar to Kibana doesn't work with wildcards since Shield 2.1.0.

It would be nice if documentation was adjusted to include indices:data/read/field_stats privilege for the kibana4 user.

Thanks,
Alec

@alecswan

I am using shiled 2.3 when I try to test topbeat after installation I get this error.

Should I use same fix as mentioned for 2.2?

curl -XGET 'http://privateip:9200/topbeat-/_search?pretty' -u es_admin
Enter host password for user 'es_admin':
{
"error" : {
"root_cause" : [ {
"type" : "index_not_found_exception",
"reason" : "no such index",
"index" : "[topbeat-
]"
} ],
"type" : "index_not_found_exception",
"reason" : "no such index",
"index" : "[topbeat-*]"
},
"status" : 404
}

In Below /usr/share/elasticsearch/plugins/shield/config/roles.yml

All cluster rights

All operations on all indices

admin:
cluster:
- all
indices:
- names: '*'
privileges:
- all

monitoring cluster privileges

All operations on all indices

power_user:
cluster:
- monitor
indices:
- names: '*'
privileges:
- all

Read-only operations on indices

user:
indices:
- names: '*'
privileges:
- read

Defines the required permissions for transport clients

transport_client:
cluster:
- transport_client

The required permissions for the kibana 4 server

kibana4_server:
cluster:
- monitor
indices:

  • names: '.kibana'
    privileges:
    • all

The required role for logstash users

logstash:
cluster:
- manage_index_templates
indices:
- names: 'logstash-*'
privileges:
- write
- delete
- create_index

Please start your own thread.