Hi All ,
Its a doubt, I am trying to co-relate one issue and a situation.
My ES cluster (6.4 , 3 Master 2 Data) and kibana and logstash is working well . X-pack is enabled in ES and kibana ( elastic:changeme connected) . And enabled Security audit logs in all machines.
Indexed lots of sample log in Data node.
After 5 days ES data node's /var/log/elasticsearch directory ( Partition) disk usage is breached 90% .
When I am checked on next day elasticsearch is rejecting password form kibana and logstash filter .
used this command also :
curl --user elastic:changeme -XGET 'ip:9200/_cat/indices?v'
Password error showing . But I am sure about the password . It is "changeme"
Is it because of disk usage issue ?
I think security index is crashed. because of disc-usage is very high .