I installed the X-pack but it is not generating the reporting etc. indices even though I can generate and download reports.
My user has superuser rights.
I've got a default 5.4.1 installation, no strange settings or anything. Also tried adding action.auto_create_index: .security,.monitoring*,.watches,.triggered_watches,.watcher-history* to the elasticsearch.yml but no change.
So I can generate reports but there is no way to delete them.
I see. So if I want to delete a report I can't delete a single report but instead will have to delete at least one week?
Is there any way to make these indices visible so I can look at them and maybe search through them? I'm new to X-pack so not entire sure what is possible yet but for a watch I intend to make I will probably need to look at the watch history as well to avoid sending double alerts.
So if I want to delete a report I can't delete a single report but instead will have to delete at least one week?
Correct.
Is there any way to make these indices visible so I can look at them and maybe search through them?
To view the raw objects in your .reporting index, run GET .reporting-2017.06.11/_search and you will be able to see all of the reports that were generated from 2017.06.11 to today.
I'm new to X-pack so not entire sure what is possible yet but for a watch I intend to make I will probably need to look at the watch history as well to avoid sending double alerts.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.