Hi,
We currently have a cluster with a lot of network security (Zeek) logs. I have a script written with elasticsearch-py which periodically searches all data for known IOCs (bad IPs, bad domains, etc.)
Every once in a while, the script crashes because Elasticsearch is returning an index_closed_exception. If I check alter with the "cat indices" API, the index shows as open.
We have an ILM in place which freezes indices older than 14 days, but it never closes them.
Could this be related to the ILM? Does it temporarily close an index when rotating or something?