Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create Initial Opensearch Indices #567

Closed
wants to merge 2 commits into from
Closed

Create Initial Opensearch Indices #567

wants to merge 2 commits into from

Conversation

piercema
Copy link
Collaborator

Closes #527

Today, if you open Dashboards without any data in the indexes you get spammed with this message about a thousand times about how there's no matching index for the arkime-sessions3-* index pattern or the malcolm_beats-* pattern.

This change creates an empty index to suppress the message. These empty indices are called:

<MALCOLM_NETWORK_INDEX_PATTERN>initial
and
<MALCOLM_OTHER_INDEX_PATTERN>initial
The program drops the trailing asterisk in the index patterns.

@mmguero mmguero self-assigned this Sep 17, 2024
@mmguero mmguero added the release Related to creation/packaging of Malcolm releases label Sep 17, 2024
@mmguero mmguero added this to the v24.09.0 milestone Sep 17, 2024
@mmguero mmguero mentioned this pull request Sep 17, 2024
Closed
@mmguero mmguero closed this Sep 18, 2024
This was referenced Sep 18, 2024
Merged
Merged
mmguero added a commit to mmguero-dev/Malcolm that referenced this pull request Oct 16, 2024
@mmguero
fix idaholab#596, anomaly detection default detectors are not being c…
baf41e9 
…reated

two issues were present:

1. opensearch_status.sh -w was no longer behaving as previously, as now an empty index is being created that doesn't have any events in it (see idaholab#527 and idaholab#567). It's been adjusted so that now it waits for an index with docs.count > 0.
2. The shared_object_creation.sh script needed to create the dummy detector if the .opendistro-anomaly-detection-state doesn't exist, so this check has been put in place
@mmguero mmguero mentioned this pull request Oct 16, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@mmguero mmguero

Labels
release Related to creation/packaging of Malcolm releases
Projects
Malcolm
Status: Released
Milestone
v24.09.0
Development

Successfully merging this pull request may close these issues.

automatically create empty document on startup to avoid "no data" message spamming by Dashboards
2 participants
@piercema @mmguero