Its a doubt,
I am trying to co-relate one issue and a situation.
My ES cluster (6.4 , 3 Master 2 Data) and kibana and logstash is working well . X-pack is enabled in ES and kibana ( elastic:changeme connected) . And enabled Security audit logs in all machines.
Indexed lots of sample log in Data node.
After 5 days ES data node's /var/log/elasticsearch directory ( Partition) disk usage is breached 90% .
When I am checked on next day elasticsearch is rejecting password form kibana and logstash filter .
used this command also :
curl --user elastic:changeme -XGET 'ip:9200/_cat/indices?v'
Password error showing . But I am sure about the password . It is "changeme"
Is it because of disk usage issue ?
I think security index is crashed. because of disc-usage is very high .
Please take a look at your logs (elasticsearch.log in /var/log/elasticsearch ) from the node that you attempt to authenticate against. The issue would probably manifest in there as ERROR messages. If unsure, share some of these logs here so that we can offer some constructive feedback.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.