search

rocknsm / rock

Automated deployment scripts for the RockNSM network hunting distribution.
http://rocknsm.io
Apache License 2.0
446 stars 96 forks source link

centos yum upgrade for elastic to 7.11 breaks kibana #556

Closed commandline-be closed 3 years ago

commandline-be commented 3 years ago

Dear,

For the rocknsm installed from the rocknsm 2.5 iso upgrading to lastest elasticsearch breaks kibana

Many errors are shown for [esaggs] > Unexpected token < in JSON at position 0

It is impossible to diagnose what went wrong or is going wrong

Possible root causes remain unclear: one assumed is a permission issue or a deprecated feature

FINALLY found something tangible

When ‘Inspect’ ‘View:Requests’ ‘Response’ all Error fields are found to be generated because of

{ “message”: “Unexpected token < in JSON at position 0”, “code”: “STREAM” }

commandline-be commented 3 years ago

solved by downgrade to Kibana 7.10 then deleting index .kibana_3 and .kibana_2 as suggested in the log, then stop/start kibana could not get around request to delete .kibana_1, after deleting this dashboards were gone

Performed install procedure as document in the rock-dashboards readme and restored the dashboards succesfully.