Problem with data in Arkime

UnKnOwN9911 commented 1 year ago

Prerequisites

Hello. I tried everything but after rebooting the machine every time in Arkime, there is no data. The .pcaps are in the container but after every reboot, the machine loses Arkime data and starts to show only new .pcaps Can you help me to resolve this issues? Thank you.

[x] I read the S1EM WIKI S1EM documentation as well as the Troubleshooting page and didn't find anything relevant to my problem.
[x] I went through old GitHub issues and couldn't find anything relevant
[x] I googled the issue and didn't find anything relevant

Description

Environment

OS (where S1EM server runs): { e.g. Mac OS 10, Windows 10, Ubuntu 16.4, etc. }
S1EM version: { e.g. S1EM 1.0.2 }
Other environment details:

Reproducible Steps

Steps to create the smallest reproducible scenario:

{ e.g. Run ... }
{ e.g. Click ... }
{ e.g. Error ... }

Additional information

UnKnOwN9911 commented 1 year ago

OS - Ubuntu Server 22.04.3
S1EM - Latest Problem is when restart container of arkime I saw this in log: It appears this elastic search cluster already has Arkime installed (version 78), this will delete ALL data in elastic search! (It does not delete the pcap files on disk)

UnKnOwN9911 commented 1 year ago

Problem Arkime

StevenD33 commented 1 year ago

@V1D1AN

StevenD33 commented 1 year ago

I'll do a fresh install and see if I have the same problem

UnKnOwN9911 commented 1 year ago

I'll do a fresh install and see if I have the same problem

Thank you. I will be grateful for your support.

V1D1AN commented 1 year ago

Hello, I will try to solve your problem. I have a lot of work at the moment

UnKnOwN9911 commented 1 year ago

OK. I am not in a hurry. Just ask you for help. Thank you.

V1D1AN / S1EM