Hello, probably after an upgrade (current ver. 7.17.6) every time we accesso to alerts/rules of Security section we got the following error:
{
"name": "Error",
"body": {
"message": "illegal_argument_exception: mapper [signal.ancestors.index] cannot be changed from type [text] to [keyword]",
"status_code": 400
},
"message": "Bad Request",
How can we fix this? We don't care about data (can be erased) we need only to fix this and restart using the alerts and rules.
You can simply delete the .siem-signals- index to resolve this, since you don’t care about the data.
Did you upgrade from any previous versions before you ran into this?
but if I force the migration the index result as write index and I got:
{"indices":[{"index":".siem-signals-default-000001","error":{"message":"The specified index is a write index and cannot be migrated.","status_code":400},"migration_id":null,"migration_index":null}]}
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.