Index 404 error in logstash

mkain · July 5, 2017, 3:53am

I have started getting following error in logstash. I had installed x-pack on on 3 ELK components and it was working fine for a while. but after few hours I started getting following error.

I have even tried to remove x-pack from all 3 ELK components and restarted ELK but I still see this error. can someone please guide me to resolve it ?

[2017-07-05T09:20:10,609][WARN ][logstash.outputs.elasticsearch] Could not index event to Elasticsearch. {:status=>404, :action=>["index", {:_id=>nil, :_index=>"logstash-2017.07.05", :_type=>"syslog", :_routing=>nil}, 2017-07-05T03:50:10.577Z 10.91.142.103 <179>Jul 5 09:20:10 10.91.126.1 TMNX: 45006214 Base PORT-MINOR-etherAlarmSet-2017 [Port 5/2/4]: Alarm Remote Fault Set], :response=>{"index"=>{"_index"=>"logstash-2017.07.05", "_type"=>"syslog", "_id"=>nil, "status"=>404, "error"=>{"type"=>"index_not_found_exception", "reason"=>"no such index and [action.auto_create_index] ([.security,.monitoring*,.watches,.triggered_watches,.watcher-history*,.ml*]) doesn't match", "index_uuid"=>"na", "index"=>"logstash-2017.07.05"}}}}
[2017-07-05T09:20:10,610][WARN ][logstash.outputs.elasticsearch] Could not index event to Elasticsearch. {:status=>404, :action=>["index", {:_id=>nil, :_index=>"logstash-2017.07.05", :_type=>"syslog", :_routing=>nil}, 2017-07-05T03:50:10.579Z 10.91.142.103 <179>Jul 5 09:20:10 10.91.126.1 TMNX: 45006215 Base PORT-MINOR-etherAlarmClear-2018 [Port 5/2/4]: Alarm Local Fault Cleared], :response=>{"index"=>{"_index"=>"logstash-2017.07.05", "_type"=>"syslog", "_id"=>nil, "status"=>404, "error"=>{"type"=>"index_not_found_exception", "reason"=>"no such index and [action.auto_create_index] ([.security,.monitoring*,.watches,.triggered_watches,.watcher-history*,.ml*]) doesn't match", "index_uuid"=>"na", "index"=>"logstash-2017.07.05"}}}}

TimV · July 5, 2017, 5:15am

The most likely cause is that your action.auto_create_index setting is too restrictive.

Does your elasticsearch.yml contain a value for that setting?

See: https://www.elastic.co/guide/en/elasticsearch/reference/current/docs-index_.html#index-creation

The X-Pack install instructions advise to set that value If you have disabled automatic index creation. Generally speaking, you're better off leaving at the default value which enables all indices to be automatically created.

mkain · July 5, 2017, 5:41am

Hi Tim,

yes, I had added "action.auto_create_index:
.security,.monitoring*,.watches,.triggered_watches,.watcher-history*,.ml*"
after installing x-pack plugin. So is this creating the problem ?

Regards,
-Manish

TimV · July 5, 2017, 6:37am

Yes. Try removing that setting entirely.

system · August 2, 2017, 6:37am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Unable to create index after x-pack Logstash	6	1241	March 28, 2017
Unable to create an Index and send logs to Elasticsearch from Logstash getting 404 error Logstash	1	90	June 1, 2024
Logstash Index error : [logstash-*] IndexNotFoundException[no such index] Logstash	28	13090	July 6, 2017
Could Not Index Event to Elasticsearch Error? Elasticsearch	15	1118	October 11, 2022
ELK x-pack No matching indices found: [index_not_found_exception] no such index Elasticsearch	4	6263	June 19, 2017

Index 404 error in logstash

Related topics