"reason": "Invalid index name [_watcher], must not start with '_'",

djvidov · December 9, 2016, 1:34pm

Hi,

I have created an development environment to test Watcher with stack:

Elasticsearch 2.4.2
Kibana 4.6.3
Sense 2.0.0-beta7
licence 2.4.2
Watcher 2.4.2
For watcher I follow this steps: https://www.elastic.co/guide/en/watcher/current/installing-watcher.html#offline-installation.

On plugin list watcher appear:
D:\ELK_20161208\elasticsearch\bin>plugin list
Installed plugins in D:\ELK_20161208\elasticsearch\plugins:

head
license
watcher

When I try to create an alert:

PUT _watcher/match/test_alert
{
....
}

I get this error:

{
   "error": {
      "root_cause": [
         {
            "type": "invalid_index_name_exception",
            "reason": "Invalid index name [_watcher], must not start with '_'",
            "index": "_watcher"
         }
      ],
      "type": "invalid_index_name_exception",
      "reason": "Invalid index name [_watcher], must not start with '_'",
      "index": "_watcher"
   },
   "status": 400
}

Do you have any idea why index _watcher is not created?

Regards,
Ovidiu

spinscale · December 9, 2016, 3:23pm

Hey,

try PUT _watcher/watch/test_alert. Use watch instead of match

--Alex

djvidov · December 9, 2016, 3:27pm

Thank you @spinscale for the answer,

I have tried watch instead of match but i get the same error.

Ovidiu

spinscale · December 9, 2016, 3:55pm

Hey,

you cannot have watcher 2.4.2 and Elasticsearch 2.4.1 - then Elasticsearch would not start. What is your real version in order to reproduce.

Can you show that watcher has been started in all of your nodes in your cluster? Paste the output of GET _cat/plugins

--Alex

djvidov · December 12, 2016, 7:30am

Hey,

I have check again the version: elasticsearch has version 2.4.2 and the output for: GET _cat/plugins is:
Orka license 2.4.2 j
Orka watcher 2.4.2 j

Thank you,
Ovidiu

spinscale · December 12, 2016, 2:31pm

Can you also show the settings of your elasticsearch.yaml config and provide the full watch? I also assume doing the same call via curl fails as well?

djvidov · December 12, 2016, 2:39pm

I use the default settings for elk, nothing more.

# ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
#       Before you set out to tweak and tune the configuration, make sure you
#       understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please see the documentation for further information on configuration options:
# <http://www.elastic.co/guide/en/elasticsearch/reference/current/setup-configuration.html>
#
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
# cluster.name: my-application
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
# node.name: node-1
#
# Add custom attributes to the node:
#
# node.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
# path.data: /path/to/data
#
# Path to log files:
#
# path.logs: /path/to/logs
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
# bootstrap.memory_lock: true
#
# Make sure that the `ES_HEAP_SIZE` environment variable is set to about half the memory
# available on the system and that the owner of the process is allowed to use this limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# Set the bind address to a specific IP (IPv4 or IPv6):
#
# network.host: 192.168.0.1
#
# Set a custom port for HTTP:
#
# http.port: 9200
#
# For more information, see the documentation at:
# <http://www.elastic.co/guide/en/elasticsearch/reference/current/modules-network.html>
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when new node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
# discovery.zen.ping.unicast.hosts: ["host1", "host2"]
#
# Prevent the "split brain" by configuring the majority of nodes (total number of nodes / 2 + 1):
#
# discovery.zen.minimum_master_nodes: 3
#
# For more information, see the documentation at:
# <http://www.elastic.co/guide/en/elasticsearch/reference/current/modules-discovery.html>
#
# ---------------------------------- Gateway -----------------------------------
#
# Block initial recovery after a full cluster restart until N nodes are started:
#
# gateway.recover_after_nodes: 3
#
# For more information, see the documentation at:
# <http://www.elastic.co/guide/en/elasticsearch/reference/current/modules-gateway.html>
#
# ---------------------------------- Various -----------------------------------
#
# Disable starting multiple nodes on a single system:
#
# node.max_local_storage_nodes: 1
#
# Require explicit names when deleting indices:
#
# action.destructive_requires_name: true

I use it form sense, any other query works well in Sense, with curl I did't tried, I'm not familiar with it. but I can try if this can help me to fix this.
Thank you.

system · January 9, 2017, 2:40pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.