search

Security-Onion-Solutions / security-onion

Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management
https://securityonion.net
3.06k stars 519 forks source link

securityonion-elastic: so-elastic-reset does not remove closed indices #1759

Closed weslambert closed 4 years ago

weslambert commented 4 years ago

In this line

https://github.com/Security-Onion-Solutions/securityonion-elastic/blob/master/usr/sbin/so-elastic-reset#L93

we should change the following

_cat/indices?v | egrep 'logstash|elastalert' | awk '{ print $3 }'

to

_cat/indices?h=status,index | egrep 'logstash|elastalert' | awk '{ print $2 }'

weslambert commented 4 years ago

No issues during my testing 👍

dougburks commented 4 years ago

Published: https://blog.securityonion.net/2020/04/elastic-688-now-available-for-security.html