Issue with restoring .kibana_1 and .security-6 indices

After a frustrating day trying to get my head around restoring snapshots from another cluster in ECE/S3 Repo, I've managed to kill my new deployment. I closed the .security-6 index in an attempt to do a full restore and now I'm not sure how to reopen it. This is 6.6.0 installed via ECE.

Eric

Here is the error I see in kibana.. I've tried reopening it, but it complains of an auth issue.

[index_closed_exception] closed, with { index_uuid="S-9SupwrTuyeK7Fzy4NXtQ" & index=".security-6" & suppressed={ 0={ type="index_closed_exception" & reason="closed" & index_uuid="S-9SupwrTuyeK7Fzy4NXtQ" & index=".security-6" } & 1={ type="index_closed_exception" & reason="closed" & index_uuid="S-9SupwrTuyeK7Fzy4NXtQ" & index=".security-6" } & 2={ type="index_closed_exception" & reason="closed" & index_uuid="S-9SupwrTuyeK7Fzy4NXtQ" & index=".security-6" } } }

Well I blasted that deployment and created a new deployment.. Currently trying to figure out how to restore .kibana_1 and .security-6. Any help is appreciated.

Ok... so I can't seem to find a complete restore option. However, I've managed to restore the .kibana_1 and .security-6 indices to different indexes and reindex back into the .kibana_1 and .security-6 indexes respectively. The caveat here is that you must set "include_aliases" to false or it will hose your existing instances. I've provided an example of the security index below:

POST /_snapshot/s3repo/scheduled-1551871948-instance-0000000003/restore
{
"indices": ".security*",
"ignore_unavailable": true,
"include_global_state": false,
"rename_pattern": "(.+)",
"rename_replacement": "restored
$1",
"include_aliases":false
}

POST reindex
{
"source": {
"index": "restored
.security-6"
},
"dest": {
"index": ".security-6"
}
}

that being said, ES should really have a full restore option available or at least documented for ECE and/or other contexts. Love the product, you're docs are trash. Specifically, the fact that there are different things that apply for ECE vs the traditional model. I've pushed my Fortune 500 company to get Platinum licensing, I hope this wasn't a mistake.

i.e. you cant change the port or subdomain in ECE. it's not documented anywhere. just one of many examples i can provide.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.