We are using Elasticsearch from last few years. However recently we found that few of our indexes were getting deleted automatically, so we searched and found that we should reinstall it in different system.
However after reinstalling in different system, again same thing is happening. Also we are not able to find when that index is getting deleted.
Please let us know the reasons for the same. Also if we can find anything in log, how can we look at that.
Elasticsearch does not automatically delete indices. Do you have security installed in your cluster? Is it open to the internet? Which version of Elasticsearch are you using?
Sometimes when external parties access a cluster and delete data they will create a new index with a message. Do you see any new indices that you do not recognise?
Thanks for response. Please find below details.
Do you have security installed in your cluster? - I don't think we have it installed.
Is it open to the internet? - yes, it is open.
Which version of Elasticsearch are you using? - 2.4.0
Sometimes when external parties access a cluster and delete data they will create a new index with a message. Do you see any new indices that you do not recognise? - No, not such any junk or different index, as data is available for that folder again, it creates new index with that data, but my old data is not there in that index. For ex, I have nodes folder in which have 0 named folder in which indices folder and in that I have different folder index for different account. One of the account's index folder is deleted automatically and recreated new one with new data but old data is not there as that folder got deleted.
You are running a very old, almost anchient, version that has been EOL for years. I recommend upgrading to the latest version, where basic security is available with the free basic license.
If you are unable to upgrade, I would recommend putting the cluster behind a proxy with authentication so you add at least some limited protection.
If you have a cluster without security available to the internet losing data this way is basically expected as there are actors/bots targeting unsecured Elasticsearch clusters like yours.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.