Security Exception

Hi team !

It will be very helpful if the following problem is resolved by any members in community!!

Due to shards deletion on server wrt indices >> 1. fleet-servers-7, 2. .async-search

The status of cluster is RED and even we cant see any logs in Analytics>>search in kibana because of unavailability of shards in .async search

When i tried to rollover the indices since it is restricted indice , we are failed to rollover because of privilege mismatch .The error is shown below:

Even though i tried to granted privilege that is mentioned in the error ! Failing to rollover the indice!!

So kindly help me out how to resolve the mentioned problem!!!
Note: we dont have any snapshot policy and backup .

Thank you !

Welcome!

Did you try to restart Kibana? I don't know how it works behind the scene but it might try to recreate the missing indices.

What is the output of:

GET /
GET /_cat/nodes?v
GET /_cat/health?v
GET /_cat/indices?v

If some outputs are too big, please share them on gist.github.com and link them here.

Please don't post images of text as they are hard to read, may not display correctly for everyone, and are not searchable.

Instead, paste the text and format it with </> icon or pairs of triple backticks (```), and check the preview window to make sure it's properly formatted before posting it. This makes it more likely that your question will receive a useful answer.

Hi dadoonet!
Appreciate your response and guidance !!

I restarted kibana! even after that too im getting same security exception error when i try to rollover on above mentioned 2 restricted indices.

Please find the following for asked queries:
2 - node elasticsearch
Health is RED, 4 Unassigned indices
please find the unassigned indexers:

What are you trying to rollover those indices? I cannot follow how that action relates to your problem of:

Rollover isn't the solution for unavailable shards.

Hi TiimV,

(Restricted Indices).fleet-servers-7 and .async-search indices data has been deleted via server so in those indices shards are unavailable .

When i try to delete those indices the security exception error is getting because of privilege issues to the user, clearly pointed in the attached document above .

so my query is how to make "allow_restricted_indices": false to True. so that i can do changes in the restricted indices !!

Feel free to ask anymore info needed!

Thank you

Please don't post images of text as they are hard to read, may not display correctly for everyone, and are not searchable.

Instead, paste the text and format it with </> icon or pairs of triple backticks (```), and check the preview window to make sure it's properly formatted before posting it. This makes it more likely that your question will receive a useful answer.

It would be great if you could update your post to solve this.

You cannot change the permissions of the elastic user or the superuser role.

You need to create a new user and role in order to manage these indices. It is intentional that there are no out-of-the-box users that can manipulate system indices (you should never need to do this)

Thanks for your response @ TimV

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.