How to get rid of wrongly named index that must be lower case

Wrong index name esm_DMZ_results was put into Logstash config file /opt/logstash/first-pipeline.conf . After that elasticsearch log /data/elastic/logs/elastic_concept.log start showing "Invalid index name [esm_DMZ_results], must be lowercase" . I renamed index to lower case,
cleared all cache: curl -XPOST ''
checked on renamed index: curl -XGET ' '
verified that old index does not exist: curl -XGET ' '
checked on aliases: curl
and list all indexes I have: curl ''

Old index is not there, but the same error message in the log keeps coming.

What am I missing, how to get rid of old index name?

Could this error be the reason why I do not see anything on Kibana?

What does your Logstash config look like? Particularly the es-output.

Here is complete config. For testing I have stdout there.

Separate issue is that even when I have both, "start_position => beginning" and "ignore_older => 0" in input clause, only new entries in the file are processed, not the whole file from the beginning.

input {
file {
path => "/data/elastic/data/DMZ_events.csv"
start_position => beginning


filter {
csv {
columns => [
separator => ","
remove_field => ["DomainName"]
output {
elasticsearch {
hosts => [""]
action => "index"
index => "esm_dmz_results"
stdout { }

Is it possible you have a Logstash instance still running with the old config?

Also, moved to Logstash.

No-no, Glen. I was restarting processes. I did not understand your last suggestion ( "move to logstash" ).

Hehe. I was only remarking that I moved the thread to the "Logstash" category, because it seems more relevant to your issue.

What response do you get if you post a document to the index directly?

    "Region": "Foo"

curl -XPOST ' { "Region": "Foo" }'

curl: (52) Empty reply from server

Note that I did found already how to retrieve this index in Kibana web interface. This cancels my question “Could this error be the reason why I do not see anything on Kibana?”
I still would appreciate advise how to get rid of the errors in the log related to wrong incorrect index name “esm_DMZ_results”.

Thank you.


If you can sort out why you can't curl the request, and then report how Elasticsearch responds to the request, that will be a step in the right direction.

This query, for example :
curl -XGET ' '
or that:
curl -XPOST '' -d '{ "query": {"match_all": {} } } '
give valid results. I am newbie and not sure of the syntax, but looks like your test statement should be modified.

Thank you.


Sorry. I provided Sense format.

When converting it to a curl command, you shouldn't include the body in the quotes with the URL, you should pass it as binary data, as you did the match_all query in your comment.

I hope that helps!