Add the following line to kibana.yml and restart the kibana-service The size must be set in bytes for example (1GB):
Continue readingTag: elasticsearch
ELK-Stack (Elasticsearch Kibana Logstash) – Index not writable (read-only)
Error: [INFO ][logstash.outputs.elasticsearch] retrying failed action with response code: 403 ({“type”=>”cluster_block_exception”, “reason”=>”blocked by: [FORBIDDEN/12/index read-only / allow delete (api)];”}) Log-Message Resolution 1. Cleanup your disk or expand it 2. Set Indices to “read_only_allow_delete”: “false” You can do this over Kibana –> Dev Tools Or via curl
Continue readingElasticsearch / ELK: winlogbeat configuration for Direct Access
Which logs to collect? To troubleshoot Direct Access and collect the important logs, you could use the following winlogbeat-Configuration
Continue reading