"No default index pattern. You must select or create one to continue" in Kibana/ElasticSearch

[vmorgo]

Output of go version:

go version go1.6.2 linux/amd64

Output of docker version:

Client:
 Version:      1.12.6
 API version:  1.24
 Go version:   go1.6.2
 Git commit:   78d1802
 Built:        Tue Jan 31 23:35:14 2017
 OS/Arch:      linux/amd64

Server:
 Version:      1.12.6
 API version:  1.24
 Go version:   go1.6.2
 Git commit:   78d1802
 Built:        Tue Jan 31 23:35:14 2017
 OS/Arch:      linux/amd64

**Output of `docker info`:**

Containers: 5 Running: 2 Paused: 0 Stopped: 3 Images: 24 Server Version: 1.12.6 Storage Driver: aufs Root Dir: /var/lib/docker/aufs Backing Filesystem: extfs Dirs: 148 Dirperm1 Supported: true Logging Driver: json-file Cgroup Driver: cgroupfs Plugins: Volume: local Network: bridge overlay host null Swarm: inactive Runtimes: runc Default Runtime: runc Security Options: apparmor seccomp Kernel Version: 4.10.0-32-generic Operating System: Ubuntu 16.04.3 LTS OSType: linux Architecture: x86_64 CPUs: 4 Total Memory: 3.857 GiB Name: domcr-kvm-malicea ID: HXLF:MTSR:I62J:DESG:STT2:UCDQ:5VJQ:AGPC:ERWI:AA6K:OE5P:3QVI Docker Root Dir: /var/lib/docker Debug Mode (client): false Debug Mode (server): false Registry: https://index.docker.io/v1/ WARNING: No swap limit support Insecure Registries: 127.0.0.0/8

**Additional environment details (AWS, VirtualBox, physical, Docker For Mac, Docker Toolbox, docker-machine, etc.):**

Running in Ubuntu 16.04.03 Mate virtual machine under KVM on a CentOS 7.3 server.  
Using precompiled malice binary "malice" version 3.11.

**Steps to reproduce the issue:**
1.Start malice.  Update all plugins.  Be sure to have the latest ElasticSearch (5.5) and Kibana from Blacktop.
2. All functionality seems to work, and Kibana runs, but keep getting error:
"No default index pattern. You must select or create one to continue."
3. Input the word "malice", ".malice" or "malice*" or "malice-*" into the field. 

**Describe the results you received:**
Invariably "Unable to fetch mapping.  Do you have indices matching the pattern?" and reprompted to fill in dialog, but no response is acceptable.

**Describe the results you expected:**
For the word "malice" to be accepted OR to be provided some means of generating the missing search index.  There doesn't seem to be any.  I apologize in advance if a means of generating the needed elasticsearch index is provided and I missed it.

**Additional information you deem important (e.g. issue happens only occasionally):**
Issue happens constantly.  Oddly, somehow, I got it to work on a VM I have at home, but I have no idea how I did it!  

[blacktop]

what does it say when you do this:

curl http://[elasticsearch_url]:9200/_cat/indices

normally this will be the IP of the host running docker localhost in my case.

It should show you all the indexes in elasticsearch currently.

Also I would be curious what the logs in elasticsearch were saying:

docker logs malice-elastic

[vmorgo]

curl http://[elasticsearch_url]:9200/_cat/indices elicits:

yellow open .kibana N3uED8T6TGmUBlMwUcZi5A 1 1 1 0 3.2kb 3.2kb
yellow open index    Ty-16aPwRLSA56-wNwgpxQ    5 1 1 1 4kb   4kb

docker logs malice-elastic:

morgo@domcr-kvm-malicea:~$ docker logs malice-elastic
[2017-08-23T20:35:16,455][INFO ][o.e.n.Node               ] [] initializing ...
[2017-08-23T20:35:16,611][INFO ][o.e.e.NodeEnvironment    ] [E9uY5ZK] using [1] data paths, mounts [[/usr/share/elasticsearch/data (/dev/vda1)]], net usable_space [58.6gb], net total_space [74.6gb], spins? [possibly], types [ext4]
[2017-08-23T20:35:16,611][INFO ][o.e.e.NodeEnvironment    ] [E9uY5ZK] heap size [1.9gb], compressed ordinary object pointers [true]
[2017-08-23T20:35:16,613][INFO ][o.e.n.Node               ] node name [E9uY5ZK] derived from node ID [E9uY5ZKXSp-rgdilBtpWRw]; set [node.name] to override
[2017-08-23T20:35:16,613][INFO ][o.e.n.Node               ] version[5.5.2], pid[1], build[b2f0c09/2017-08-14T12:33:14.154Z], OS[Linux/4.10.0-32-generic/amd64], JVM[Oracle Corporation/OpenJDK 64-Bit Server VM/1.8.0_131/25.131-b11]
[2017-08-23T20:35:16,613][INFO ][o.e.n.Node               ] JVM arguments [-Xms2g, -Xmx2g, -XX:+UseConcMarkSweepGC, -XX:CMSInitiatingOccupancyFraction=75, -XX:+UseCMSInitiatingOccupancyOnly, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -Djdk.io.permissionsUseCanonicalPath=true, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Dlog4j.skipJansi=true, -XX:+HeapDumpOnOutOfMemoryError, -Des.cgroups.hierarchy.override=/, -Des.path.home=/usr/share/elasticsearch]
[2017-08-23T20:35:17,784][INFO ][o.e.p.PluginsService     ] [E9uY5ZK] loaded module [aggs-matrix-stats]
[2017-08-23T20:35:17,784][INFO ][o.e.p.PluginsService     ] [E9uY5ZK] loaded module [ingest-common]
[2017-08-23T20:35:17,784][INFO ][o.e.p.PluginsService     ] [E9uY5ZK] loaded module [lang-expression]
[2017-08-23T20:35:17,784][INFO ][o.e.p.PluginsService     ] [E9uY5ZK] loaded module [lang-groovy]
[2017-08-23T20:35:17,784][INFO ][o.e.p.PluginsService     ] [E9uY5ZK] loaded module [lang-mustache]
[2017-08-23T20:35:17,784][INFO ][o.e.p.PluginsService     ] [E9uY5ZK] loaded module [lang-painless]
[2017-08-23T20:35:17,784][INFO ][o.e.p.PluginsService     ] [E9uY5ZK] loaded module [parent-join]
[2017-08-23T20:35:17,784][INFO ][o.e.p.PluginsService     ] [E9uY5ZK] loaded module [percolator]
[2017-08-23T20:35:17,785][INFO ][o.e.p.PluginsService     ] [E9uY5ZK] loaded module [reindex]
[2017-08-23T20:35:17,785][INFO ][o.e.p.PluginsService     ] [E9uY5ZK] loaded module [transport-netty3]
[2017-08-23T20:35:17,785][INFO ][o.e.p.PluginsService     ] [E9uY5ZK] loaded module [transport-netty4]
[2017-08-23T20:35:17,785][INFO ][o.e.p.PluginsService     ] [E9uY5ZK] no plugins loaded
[2017-08-23T20:35:19,402][INFO ][o.e.d.DiscoveryModule    ] [E9uY5ZK] using discovery type [zen]
[2017-08-23T20:35:20,034][INFO ][o.e.n.Node               ] initialized
[2017-08-23T20:35:20,034][INFO ][o.e.n.Node               ] [E9uY5ZK] starting ...
[2017-08-23T20:35:20,230][INFO ][o.e.t.TransportService   ] [E9uY5ZK] publish_address {172.17.0.2:9300}, bound_addresses {[::]:9300}
[2017-08-23T20:35:20,244][INFO ][o.e.b.BootstrapChecks    ] [E9uY5ZK] bound or publishing to a non-loopback or non-link-local address, enforcing bootstrap checks
ERROR: [1] bootstrap checks failed
[1]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
[2017-08-23T20:35:20,278][INFO ][o.e.n.Node               ] [E9uY5ZK] stopping ...
[2017-08-23T20:35:20,466][INFO ][o.e.n.Node               ] [E9uY5ZK] stopped
[2017-08-23T20:35:20,466][INFO ][o.e.n.Node               ] [E9uY5ZK] closing ...
[2017-08-23T20:35:20,494][INFO ][o.e.n.Node               ] [E9uY5ZK] closed
[2017-08-24T15:02:32,158][INFO ][o.e.n.Node               ] [] initializing ...
[2017-08-24T15:02:32,632][INFO ][o.e.e.NodeEnvironment    ] [E9uY5ZK] using [1] data paths, mounts [[/usr/share/elasticsearch/data (/dev/vda1)]], net usable_space [58.3gb], net total_space [74.6gb], spins? [possibly], types [ext4]
[2017-08-24T15:02:32,632][INFO ][o.e.e.NodeEnvironment    ] [E9uY5ZK] heap size [1.9gb], compressed ordinary object pointers [true]
[2017-08-24T15:02:32,634][INFO ][o.e.n.Node               ] node name [E9uY5ZK] derived from node ID [E9uY5ZKXSp-rgdilBtpWRw]; set [node.name] to override
[2017-08-24T15:02:32,635][INFO ][o.e.n.Node               ] version[5.5.2], pid[1], build[b2f0c09/2017-08-14T12:33:14.154Z], OS[Linux/4.10.0-32-generic/amd64], JVM[Oracle Corporation/OpenJDK 64-Bit Server VM/1.8.0_131/25.131-b11]
[2017-08-24T15:02:32,635][INFO ][o.e.n.Node               ] JVM arguments [-Xms2g, -Xmx2g, -XX:+UseConcMarkSweepGC, -XX:CMSInitiatingOccupancyFraction=75, -XX:+UseCMSInitiatingOccupancyOnly, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -Djdk.io.permissionsUseCanonicalPath=true, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Dlog4j.skipJansi=true, -XX:+HeapDumpOnOutOfMemoryError, -Des.cgroups.hierarchy.override=/, -Des.path.home=/usr/share/elasticsearch]
[2017-08-24T15:02:36,846][INFO ][o.e.p.PluginsService     ] [E9uY5ZK] loaded module [aggs-matrix-stats]
[2017-08-24T15:02:36,846][INFO ][o.e.p.PluginsService     ] [E9uY5ZK] loaded module [ingest-common]
[2017-08-24T15:02:36,846][INFO ][o.e.p.PluginsService     ] [E9uY5ZK] loaded module [lang-expression]
[2017-08-24T15:02:36,846][INFO ][o.e.p.PluginsService     ] [E9uY5ZK] loaded module [lang-groovy]
[2017-08-24T15:02:36,847][INFO ][o.e.p.PluginsService     ] [E9uY5ZK] loaded module [lang-mustache]
[2017-08-24T15:02:36,847][INFO ][o.e.p.PluginsService     ] [E9uY5ZK] loaded module [lang-painless]
[2017-08-24T15:02:36,847][INFO ][o.e.p.PluginsService     ] [E9uY5ZK] loaded module [parent-join]
[2017-08-24T15:02:36,847][INFO ][o.e.p.PluginsService     ] [E9uY5ZK] loaded module [percolator]
[2017-08-24T15:02:36,847][INFO ][o.e.p.PluginsService     ] [E9uY5ZK] loaded module [reindex]
[2017-08-24T15:02:36,847][INFO ][o.e.p.PluginsService     ] [E9uY5ZK] loaded module [transport-netty3]
[2017-08-24T15:02:36,848][INFO ][o.e.p.PluginsService     ] [E9uY5ZK] loaded module [transport-netty4]
[2017-08-24T15:02:36,849][INFO ][o.e.p.PluginsService     ] [E9uY5ZK] no plugins loaded
[2017-08-24T15:02:43,069][INFO ][o.e.d.DiscoveryModule    ] [E9uY5ZK] using discovery type [zen]
[2017-08-24T15:02:43,913][INFO ][o.e.n.Node               ] initialized
[2017-08-24T15:02:43,914][INFO ][o.e.n.Node               ] [E9uY5ZK] starting ...
[2017-08-24T15:02:44,631][INFO ][o.e.t.TransportService   ] [E9uY5ZK] publish_address {172.17.0.2:9300}, bound_addresses {[::]:9300}
[2017-08-24T15:02:44,647][INFO ][o.e.b.BootstrapChecks    ] [E9uY5ZK] bound or publishing to a non-loopback or non-link-local address, enforcing bootstrap checks
[2017-08-24T15:02:47,760][INFO ][o.e.c.s.ClusterService   ] [E9uY5ZK] new_master {E9uY5ZK}{E9uY5ZKXSp-rgdilBtpWRw}{UdNbZePsR1-n0JbA5xxVsg}{172.17.0.2}{172.17.0.2:9300}, reason: zen-disco-elected-as-master ([0] nodes joined)
[2017-08-24T15:02:47,879][INFO ][o.e.h.n.Netty4HttpServerTransport] [E9uY5ZK] publish_address {172.17.0.2:9200}, bound_addresses {[::]:9200}
[2017-08-24T15:02:47,879][INFO ][o.e.n.Node               ] [E9uY5ZK] started
[2017-08-24T15:02:47,946][INFO ][o.e.g.GatewayService     ] [E9uY5ZK] recovered [0] indices into cluster_state
[2017-08-24T15:02:55,758][INFO ][o.e.c.m.MetaDataCreateIndexService] [E9uY5ZK] [.kibana] creating index, cause [api], templates [], shards [1]/[1], mappings [_default_, index-pattern, server, visualization, search, timelion-sheet, config, dashboard, url]
[2017-08-24T17:06:56,067][WARN ][o.e.d.i.q.QueryParseContext] query malformed, empty clause found at [1:143]
[2017-08-24T18:07:10,003][INFO ][o.e.c.m.MetaDataMappingService] [E9uY5ZK] [.kibana/N3uED8T6TGmUBlMwUcZi5A] update_mapping [config]
[2017-08-24T18:08:51,223][WARN ][o.e.d.i.q.QueryParseContext] query malformed, empty clause found at [1:143]
[2017-08-24T18:19:10,480][INFO ][o.e.n.Node               ] [E9uY5ZK] stopping ...
[2017-08-24T18:19:10,551][INFO ][o.e.n.Node               ] [E9uY5ZK] stopped
[2017-08-24T18:19:10,551][INFO ][o.e.n.Node               ] [E9uY5ZK] closing ...
[2017-08-24T18:19:10,579][INFO ][o.e.n.Node               ] [E9uY5ZK] closed
[2017-08-24T18:28:36,989][INFO ][o.e.n.Node               ] [] initializing ...
[2017-08-24T18:28:37,169][INFO ][o.e.e.NodeEnvironment    ] [E9uY5ZK] using [1] data paths, mounts [[/usr/share/elasticsearch/data (/dev/vda1)]], net usable_space [57.8gb], net total_space [74.6gb], spins? [possibly], types [ext4]
[2017-08-24T18:28:37,170][INFO ][o.e.e.NodeEnvironment    ] [E9uY5ZK] heap size [1.9gb], compressed ordinary object pointers [true]
[2017-08-24T18:28:37,180][INFO ][o.e.n.Node               ] node name [E9uY5ZK] derived from node ID [E9uY5ZKXSp-rgdilBtpWRw]; set [node.name] to override
[2017-08-24T18:28:37,181][INFO ][o.e.n.Node               ] version[5.5.2], pid[1], build[b2f0c09/2017-08-14T12:33:14.154Z], OS[Linux/4.10.0-32-generic/amd64], JVM[Oracle Corporation/OpenJDK 64-Bit Server VM/1.8.0_131/25.131-b11]
[2017-08-24T18:28:37,181][INFO ][o.e.n.Node               ] JVM arguments [-Xms2g, -Xmx2g, -XX:+UseConcMarkSweepGC, -XX:CMSInitiatingOccupancyFraction=75, -XX:+UseCMSInitiatingOccupancyOnly, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -Djdk.io.permissionsUseCanonicalPath=true, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Dlog4j.skipJansi=true, -XX:+HeapDumpOnOutOfMemoryError, -Des.cgroups.hierarchy.override=/, -Des.path.home=/usr/share/elasticsearch]
[2017-08-24T18:28:38,763][INFO ][o.e.p.PluginsService     ] [E9uY5ZK] loaded module [aggs-matrix-stats]
[2017-08-24T18:28:38,763][INFO ][o.e.p.PluginsService     ] [E9uY5ZK] loaded module [ingest-common]
[2017-08-24T18:28:38,763][INFO ][o.e.p.PluginsService     ] [E9uY5ZK] loaded module [lang-expression]
[2017-08-24T18:28:38,764][INFO ][o.e.p.PluginsService     ] [E9uY5ZK] loaded module [lang-groovy]
[2017-08-24T18:28:38,764][INFO ][o.e.p.PluginsService     ] [E9uY5ZK] loaded module [lang-mustache]
[2017-08-24T18:28:38,764][INFO ][o.e.p.PluginsService     ] [E9uY5ZK] loaded module [lang-painless]
[2017-08-24T18:28:38,764][INFO ][o.e.p.PluginsService     ] [E9uY5ZK] loaded module [parent-join]
[2017-08-24T18:28:38,764][INFO ][o.e.p.PluginsService     ] [E9uY5ZK] loaded module [percolator]
[2017-08-24T18:28:38,764][INFO ][o.e.p.PluginsService     ] [E9uY5ZK] loaded module [reindex]
[2017-08-24T18:28:38,764][INFO ][o.e.p.PluginsService     ] [E9uY5ZK] loaded module [transport-netty3]
[2017-08-24T18:28:38,764][INFO ][o.e.p.PluginsService     ] [E9uY5ZK] loaded module [transport-netty4]
[2017-08-24T18:28:38,765][INFO ][o.e.p.PluginsService     ] [E9uY5ZK] no plugins loaded
[2017-08-24T18:28:41,054][INFO ][o.e.d.DiscoveryModule    ] [E9uY5ZK] using discovery type [zen]
[2017-08-24T18:28:41,783][INFO ][o.e.n.Node               ] initialized
[2017-08-24T18:28:41,783][INFO ][o.e.n.Node               ] [E9uY5ZK] starting ...
[2017-08-24T18:28:42,160][INFO ][o.e.t.TransportService   ] [E9uY5ZK] publish_address {172.17.0.2:9300}, bound_addresses {[::]:9300}
[2017-08-24T18:28:42,184][INFO ][o.e.b.BootstrapChecks    ] [E9uY5ZK] bound or publishing to a non-loopback or non-link-local address, enforcing bootstrap checks
[2017-08-24T18:28:45,379][INFO ][o.e.c.s.ClusterService   ] [E9uY5ZK] new_master {E9uY5ZK}{E9uY5ZKXSp-rgdilBtpWRw}{J2d-LR1dQ72rZrHslV6YBA}{172.17.0.2}{172.17.0.2:9300}, reason: zen-disco-elected-as-master ([0] nodes joined)
[2017-08-24T18:28:45,449][INFO ][o.e.h.n.Netty4HttpServerTransport] [E9uY5ZK] publish_address {172.17.0.2:9200}, bound_addresses {[::]:9200}
[2017-08-24T18:28:45,449][INFO ][o.e.n.Node               ] [E9uY5ZK] started
[2017-08-24T18:28:45,960][INFO ][o.e.g.GatewayService     ] [E9uY5ZK] recovered [1] indices into cluster_state
[2017-08-24T18:28:46,414][INFO ][o.e.c.r.a.AllocationService] [E9uY5ZK] Cluster health status changed from [RED] to [YELLOW] (reason: [shards started [[.kibana][0]] ...]).
[2017-08-24T18:30:02,752][WARN ][o.e.d.i.q.QueryParseContext] query malformed, empty clause found at [1:143]
[2017-08-24T18:30:08,815][WARN ][o.e.d.i.q.QueryParseContext] query malformed, empty clause found at [1:143]
[2017-08-24T18:30:12,761][WARN ][o.e.d.i.q.QueryParseContext] query malformed, empty clause found at [1:143]
[2017-08-24T18:32:27,291][INFO ][o.e.c.m.MetaDataCreateIndexService] [E9uY5ZK] [index] creating index, cause [auto(bulk api)], templates [], shards [5]/[1], mappings []
[2017-08-24T18:32:28,993][INFO ][o.e.c.m.MetaDataMappingService] [E9uY5ZK] [index/Ty-16aPwRLSA56-wNwgpxQ] create_mapping [type]
[2017-08-29T13:33:43,686][INFO ][o.e.n.Node               ] [E9uY5ZK] stopping ...
[2017-08-29T13:33:43,770][INFO ][o.e.n.Node               ] [E9uY5ZK] stopped
[2017-08-29T13:33:43,770][INFO ][o.e.n.Node               ] [E9uY5ZK] closing ...
[2017-08-29T13:33:43,793][INFO ][o.e.n.Node               ] [E9uY5ZK] closed
[2017-08-30T14:15:35,414][INFO ][o.e.n.Node               ] [] initializing ...
[2017-08-30T14:15:36,333][INFO ][o.e.e.NodeEnvironment    ] [E9uY5ZK] using [1] data paths, mounts [[/usr/share/elasticsearch/data (/dev/vda1)]], net usable_space [57.4gb], net total_space [74.6gb], spins? [possibly], types [ext4]
[2017-08-30T14:15:36,334][INFO ][o.e.e.NodeEnvironment    ] [E9uY5ZK] heap size [1.9gb], compressed ordinary object pointers [true]
[2017-08-30T14:15:36,356][INFO ][o.e.n.Node               ] node name [E9uY5ZK] derived from node ID [E9uY5ZKXSp-rgdilBtpWRw]; set [node.name] to override
[2017-08-30T14:15:36,357][INFO ][o.e.n.Node               ] version[5.5.2], pid[1], build[b2f0c09/2017-08-14T12:33:14.154Z], OS[Linux/4.10.0-33-generic/amd64], JVM[Oracle Corporation/OpenJDK 64-Bit Server VM/1.8.0_131/25.131-b11]
[2017-08-30T14:15:36,357][INFO ][o.e.n.Node               ] JVM arguments [-Xms2g, -Xmx2g, -XX:+UseConcMarkSweepGC, -XX:CMSInitiatingOccupancyFraction=75, -XX:+UseCMSInitiatingOccupancyOnly, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -Djdk.io.permissionsUseCanonicalPath=true, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Dlog4j.skipJansi=true, -XX:+HeapDumpOnOutOfMemoryError, -Des.cgroups.hierarchy.override=/, -Des.path.home=/usr/share/elasticsearch]
[2017-08-30T14:15:41,693][INFO ][o.e.p.PluginsService     ] [E9uY5ZK] loaded module [aggs-matrix-stats]
[2017-08-30T14:15:41,694][INFO ][o.e.p.PluginsService     ] [E9uY5ZK] loaded module [ingest-common]
[2017-08-30T14:15:41,694][INFO ][o.e.p.PluginsService     ] [E9uY5ZK] loaded module [lang-expression]
[2017-08-30T14:15:41,694][INFO ][o.e.p.PluginsService     ] [E9uY5ZK] loaded module [lang-groovy]
[2017-08-30T14:15:41,694][INFO ][o.e.p.PluginsService     ] [E9uY5ZK] loaded module [lang-mustache]
[2017-08-30T14:15:41,694][INFO ][o.e.p.PluginsService     ] [E9uY5ZK] loaded module [lang-painless]
[2017-08-30T14:15:41,695][INFO ][o.e.p.PluginsService     ] [E9uY5ZK] loaded module [parent-join]
[2017-08-30T14:15:41,695][INFO ][o.e.p.PluginsService     ] [E9uY5ZK] loaded module [percolator]
[2017-08-30T14:15:41,695][INFO ][o.e.p.PluginsService     ] [E9uY5ZK] loaded module [reindex]
[2017-08-30T14:15:41,695][INFO ][o.e.p.PluginsService     ] [E9uY5ZK] loaded module [transport-netty3]
[2017-08-30T14:15:41,695][INFO ][o.e.p.PluginsService     ] [E9uY5ZK] loaded module [transport-netty4]
[2017-08-30T14:15:41,696][INFO ][o.e.p.PluginsService     ] [E9uY5ZK] no plugins loaded
[2017-08-30T14:15:50,711][INFO ][o.e.d.DiscoveryModule    ] [E9uY5ZK] using discovery type [zen]
[2017-08-30T14:15:51,824][INFO ][o.e.n.Node               ] initialized
[2017-08-30T14:15:51,825][INFO ][o.e.n.Node               ] [E9uY5ZK] starting ...
[2017-08-30T14:15:52,483][INFO ][o.e.t.TransportService   ] [E9uY5ZK] publish_address {172.17.0.2:9300}, bound_addresses {[::]:9300}
[2017-08-30T14:15:52,513][INFO ][o.e.b.BootstrapChecks    ] [E9uY5ZK] bound or publishing to a non-loopback or non-link-local address, enforcing bootstrap checks
[2017-08-30T14:15:55,640][INFO ][o.e.c.s.ClusterService   ] [E9uY5ZK] new_master {E9uY5ZK}{E9uY5ZKXSp-rgdilBtpWRw}{jgFxZCPyRI2IH9KSsnsASg}{172.17.0.2}{172.17.0.2:9300}, reason: zen-disco-elected-as-master ([0] nodes joined)
[2017-08-30T14:15:55,670][INFO ][o.e.h.n.Netty4HttpServerTransport] [E9uY5ZK] publish_address {172.17.0.2:9200}, bound_addresses {[::]:9200}
[2017-08-30T14:15:55,670][INFO ][o.e.n.Node               ] [E9uY5ZK] started
[2017-08-30T14:15:56,385][INFO ][o.e.g.GatewayService     ] [E9uY5ZK] recovered [2] indices into cluster_state
[2017-08-30T14:15:58,255][INFO ][o.e.c.r.a.AllocationService] [E9uY5ZK] Cluster health status changed from [RED] to [YELLOW] (reason: [shards started [[.kibana][0]] ...]).

[vmorgo]

Thank you for trying to help me out with this...

[vmorgo]

Also: Firewall rules are set to block all ports except: 22 (tcp/udp) -- For SSH admin the server (kvm virtual machine running Ubuntu 16.04.3) 137,138(udp)--So people can drop samples in the Windows (Samba) file share to be scanned. 139,445(tcp) --So people can drop samples in the Windows file share to be scanned 80(tcp/udp) --For control of the web interface, kibana

[vmorgo]

Adding ".kibana" and "index" does seem to have worked, and now I have a "Create index" button, but I don't see any fields in either .kibana or index that would be much use during a virus scan. I'll try putting some files in the share and see if that causes a new index (such as ".malice") to be generated. Please stay tuned...

[blacktop]

Were you able to get malice to index into elasticsearch?

Everything else looked good. The logs from malice-elastic looked like elasticsearch started correctly.

[blacktop]

closing due to inactivity.

[klvs]

I'm having this same issue. Followed the install for OSX. Running locally and when I hit http://localhost:9200/_cat/indices I get:

yellow open .kibana P_9CP0PbRyq1ZojShg-e6w 1 1 2 0 11.3kb 11.3kb

Likewise, the kibana interface gives me this:

Typing "malice" as mentioned above and in the docs doesn't yeild anything. I'm no expert with ES, but should there be somesort of malice index returned by 9200/_cat/indices?

[J0hnnyb0y86]

up i have the same problem