Marvel: Error 400 Bad Request: [index_not_found_exception] no such index, with: {"index":"[.marvel-es-1-*]"}

Elastic Stack Kibana
1

Hi all,

First of all i am new to elastic search and therefore this might be a silly mistake on my side if so, I apologize before hand.

I am getting the below error when ever i try to access the marvel plugin on kibana.

Pasted image1300×412 8.89 KB

Please help me resolving it. I have the below products installed
ElasticSearch 2.3.3
Kibana 4.5.1
shield 2.3.3

The error occurs only when accessing the marvel plugin from a specific user whose role description is as below.

The required permissions for the kibana 4 server

kibana4_server:
cluster:
- cluster:monitor/nodes/info
- cluster:monitor/health
indices:
'.kibana':
- indices:admin/exists
- indices:admin/mapping/put
- indices:admin/mappings/fields/get
- indices:admin/refresh
- indices:admin/validate/query
- indices:data/read/get
- indices:data/read/mget
- indices:data/read/search
- indices:data/write/delete
- indices:data/write/index
- indices:data/write/update
'*':
- indices:admin/mappings/fields/get
- indices:admin/validate/query
- indices:data/read/search
- indices:data/read/msearch
- indices:admin/get

2

I have the below products installed

  • Elasticsaerch 2.3.3
  • Kibana 4.5.1
  • Shield 2.3.3

As you're trying to use Marvel, you also need Marvel installed. I assume based on the error that you have Marvel installed within Kibana. The easiest way to check if it's installed is to visit the Kibana Status page:

Kibana Status Page: http://host:5601/app/status

If marvel is not listed there, then it is not installed. You can follow step #5 from Installing Marvel for that.

On the other side, you need to have the Marvel Agent (and license plugin, but that's also a dependency of Shield) installed within Elasticsearch. The easiest way to check if that's installed is ES _cat plugins API.

$ curl -XGET http://host:_cat/plugins?v

If you do not see marvel-agent as installed, then you need to follow step #3 from the above link.

There's another possibility that your user cannot see the index because of a role misconfiguration. I would suggest simplifying your Kibana 4 user role using the new, simplified roles:

my_kibana_user:
  cluster:
      - monitor
  indices:
    - names: '*'
      privileges:
        - view_index_metadata
        - read
    - names: '.kibana*' 
      privileges:
        - manage
        - read
        - index

NOTE: The kibana4_server role is used by the server and it's predefined in the roles.yml!

Your user also needs to have the pre-defined marvel_user role.

At least one of those 3 issues is most likely to blame, and the marvel_user role seems like the most likely culprit. However, by using the latest Kibana role with * granting universal read access, it will give you the access needed.