I'm not sure if this is the appropriate place to ask this question, but any assistance would be greatly appreciated. Our stack has is running fine (aside from a storage issue every so often). The issue I'm running into is that the files index is clearing out file (or docs I guess) after they are added. Using moloch, which pulls it's list of files from the files index, only a few files are listed.
However, when I sync the files that are actually on disk (of which there are many), the files do show up in the index. However, after about one minute, the index starts to remove documents, and continues to do so until only the few that were there before the sync remain. I can sync the files over and over again, but they are always removed after about a minute.
I don't think this is a moloch issue, as I watch the traffic from the moloch endpoint to the elastic instance, and while there was traffic for adding the files, there was no traffic involving the removal of the files.