Kibana Index is out of date

Elastic Stack Kibana
1

I have done a clean install of Suricata and the ELK stack version 6.2.1 on a Ubuntu 2016-04 machine. Everything went well until I pointed my browser at localhost:5601. After logging in the browser took me to the Kibana Status screen. The status was "Red". Everything was "Ready" except the line: "plugin:elasticsearch@6.2.1 Your Kibana Index is out of date, reset it or use the X-Pack upgrade assistant."

Clicking on any of the Icons on the left side of the screen takes me back to the Status screen.

I entered "localhost:9200/_cat/indices and each line was "green" except for:
"yellow open .kibana 5 1 9 0 93.3kb 93.3kb"

One suggestion was to install X-Pack 5.6 and use it to upgrade the indices but I don't understand the relationship between X-Pack and the ELK stack. To use X-Pack 5.6 would I need to install the ELK 5.6 stack also?

I understand that if the Index is reset, Kibana will rebuild it on the next startup. Is there a simple way to reset the Index?

Background: I have a Snort IPS system that I'm using now and Snort is performing admirably but Barnyard2 is beginning to fail. I need to switch systems so that's why I'm moving to Suricata and the ELK stack.

Thanks, Jim

2

I have done a clean install of Suricata and the ELK stack version 6.2.1 ... "Your Kibana Index is out of date, reset it or use the X-Pack upgrade assistant."

I'm not sure how this is possible, out of date indexes must be created with a 5.x version of the Elastic stack. Are you importing data from an older installation?

One suggestion was to install X-Pack 5.6 and use it to upgrade the indices but I don't understand the relationship between X-Pack and the ELK stack. To use X-Pack 5.6 would I need to install the ELK 5.6 stack also?

yes, but that shouldn't be necessary if you're doing a clean install.

I understand that if the Index is reset, Kibana will rebuild it on the next startup. Is there a simple way to reset the Index?

Yep, deleting it from Elasticsearch with curl should do the trick:

curl -XDELETE -u elastic -p http://localhost:9200/.kibana
3

My build was a from a hodpodge of sources across the internet. It was only recently that I discovered elastic.co. There's no telling where I got that index.

The curl command that you suggested did the trick.

Many thanks for the prompt reply.

Jim