Hi,
I am having an issue with the above index. I think this is related to issue 140 where i deleted all the problematic indices. the error message is below... Wil l need to recreate the name index? If so can you point me in the right direction?

illegal_argument_exception: rollover target [.siem-signals-default] does not point to a write index (400)

{
"name": "Error",
"body": {
"message": "illegal_argument_exception: rollover target [.siem-signals-default] does not point to a write index",
"status_code": 400
},
"message": "Bad Request",
"stack": "Error: Bad Request\n at fetch_Fetch.fetchResponse (https://Server_IP/46953/bundles/core/core.entry.js:8:57198)\n at async https://Server_IP/46953/bundles/core/core.entry.js:8:55366\n at async https://Server_IP/46953/bundles/core/core.entry.js:8:55323"

Thanks

Ed

Hi Ed,

Yes, this is likley created by the issue 140.

Do you have any indexes named ".siem-signals-default-00000x" ? if you do it should be possible to assign the latest as the write index, if not a new one can be created and assigned as the write index.

Kind Regards,
Duncan

Hi Duncan,

Thanks for this, do you have any guidance on how to do this? I have had a nosey around but not 100% confident on how to do this.

Thanks in advance

Ed

HI Duncan,

I have now managed to fix this issue, many thanks for all help (once again!). For those who want to know how to do this in future you need to use the dev tools, identify the latest index and enter the index name you want change (or create), the alias name the index is assigned to and the value

Put .siem-signals-default-YOUR INDEX NUMBER
{
"aliases" : {
".siem-signals-default" : {
"is_write_index" : true
}
}
}