getting this error
Bulk Indexing of signals failed: RuleDataWriteDisabledError: Rule registry writing is disabled due to an error during Rule Data Client initialization.
After I updated ELK from 8.4 to 8.5
Try updating to version 8.5.2 and see if the issue still occurs. There were some improvements:
We are getting this too after upgrading from 8.3.3 to 8.5.2.
Thanks for the response guys
Already on 8.5.2
The issue started when I updated ELK from 8.4 to 8.5.2
We found a solution. Elastic support gets credit they figured it out for us. Here is a copy paste of their response.
"....due to custom mapping change on .alerts-security.alerts--index-template, some existing .alerts- indices don’t have standard mappings. After a new version of Kibana has started up, as soon as an alerting rule tries to write an alert to a .alert-* index it will run some bootstrapping logic. This bootstrapping logic will update a few alert component templates, and the index template for the relevant alerts. After doing this, the algorithm will iterate through each existing index that matches the index template and update the old indices with the new mappings. If this bootstrap logic fails, that error would occur."
For us, there was only one older .alerts index with a nonstandard mapping. We did not need that index and so we deleted it. Rebooted kibana. Issue resolved.
If you have any index templates applying such custom mappings you will need to address it there to avoid continuing to recreate the problem AND then also delete on any indices that already have the custom mappings.
Thanks a lot. This worked.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.