Back to Log Analytics FAQ

How to restore default base indices

In version 7.0.1, any value for the type that is different from “_doc” is not correct and will cause problems.

Check on the value of type for the index (in this example, .alertrules index is used):

curl -u username:password -XGET "http://127.0.0.1:9200/.alertrules/_search?pretty"

To restore default base indices, run the following:

Do a backup of the index in question via elasticdump command:

/usr/share/kibana/elasticdump/elasticdump --input=http://username:password@127.0.0.1:9200/.alertrules --output="/root/alertrules.json" --type=data

Remove the index:

curl -u username:password 127.0.0.1:9200/.alertrules -XDELETE

Restore the index:

/usr/share/kibana/elasticdump/elasticdump --output=http://username:password@127.0.0.1:9200/.alertrules --input="/root/alertrules.json" --type=data

Log in to kibana and click “save.”

You can also restart elastalert to make sure.

["Geneos"] ["FAQ"]

Was this topic helpful?