Unknown reason of All Elastic indices deletion repeatedly

My elasticsearch instance is deployed in an EC2 instance and due to some reason, all my indices got deleted on 20th of July. After recovering the data on 30th, they got deleted again on 31st and then on 1st of August again. The logs I get in the instance only shows this:

[2023-07-31T13:41:27,254][INFO ][o.e.c.m.MetadataDeleteIndexService] [node-1] [mw-index-dgm/jkBMPK-oSKAEvQ] deleting index
[2023-07-31T13:41:27,465][INFO ][o.e.c.m.MetadataDeleteIndexService] [node-1] [mw-index-feathb/VOfbkiiLc79j3pw] deleting index
[2023-07-31T13:41:27,671][INFO ][o.e.c.m.MetadataDeleteIndexService] [node-1] [mw-index-ftfarms/RLRxZoFmHBAJahQk-7g] deleting index
[2023-07-31T13:41:27,915][INFO ][o.e.c.m.MetadataDeleteIndexService] [node-1] [mw-index-hhunter/uhWGY7EYVQxgow] deleting index
[2023-07-31T13:41:28,128][INFO ][o.e.c.m.MetadataDeleteIndexService] [node-1] [mw-index-pal/ei3pGyzJTHZ7JCUM9FbA] deleting index
[2023-07-31T13:41:28,322][INFO ][o.e.c.m.MetadataDeleteIndexService] [node-1] [mw-index-primaf/9Z7wXXCNmN_G7KtPEA] deleting index
[2023-07-31T13:41:28,522][INFO ][o.e.c.m.MetadataDeleteIndexService] [node-1] [mw-index-rvemery/GyQQARSOdG_bnLgistg] deleting index
[2023-07-31T13:41:28,764][INFO ][o.e.c.m.MetadataDeleteIndexService] [node-1] [mw-index-tasker/QPbcgsf2ZPN2_zIUrqg] deleting index
[2023-07-31T13:41:28,974][INFO ][o.e.c.m.MetadataDeleteIndexService] [node-1] [mw-index-test/oSt0FpsMev--OJXHkSLw] deleting index
[2023-07-31T13:41:29,166][INFO ][o.e.c.m.MetadataDeleteIndexService] [node-1] [mw-index-wyefruit/H8CIRCyowdyvXupbTQ] deleting index
[2023-07-31T13:41:29,363][INFO ][o.e.c.m.MetadataDeleteIndexService] [node-1] [prod-index-pal/pNpaX8rftHgmAasw] deleting index
[2023-07-31T13:41:29,559][INFO ][o.e.c.m.MetadataDeleteIndexService] [node-1] [prod-index-wyefruit/UxqnrA_XQdql-akruADvTQ] deleting index
[2023-07-31T13:41:29,757][INFO ][o.e.c.m.MetadataDeleteIndexService] [node-1] [read_me/skSU0SH_QRyoGhOzTFj76A] deleting inde

Any help will be appreciated.

Have a look at this thread, which likely is related.

Thanks for pointing me to the right thread. Any thoughts on how to avoid such scenarios and improve the security of Elasticsearch instance?

I would recommend you enable security, which you likely have not got enabled at the moment.

Which version of Elasticsearch are you using?

I have been a newbie to this so don't even know whether security is enabled or not. Any guide that I can follow to enable the security? I am willing to get the x-pack thing as well, if needed.

Version number is 7.17.3

In 7.17 basic security is available with the free basic license. I think the official docs is a great starting point.

If you are just starting out I would recommend insrtead starting with the latest 8.x release as security setup is greatly improved there.

Do you think upgrading to the newest version is more important or enabling the security of existing version will be sufficient?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.