Good day everyone,
I was wondering if anyone encountered the error below when running the initroles.sh file. Following the instructions in this link: Integrating Elastic Stack security :: SIREN DOCS
Creating investigate_system role...
{"error":{"root_cause":[{"type":"invalid_index_name_exception","reason":"Invalid index name [_security], must not start with '_', '-', or '+'","index_uuid":"_na_","index":"_security"}],"type":"invalid_index_name_exception","reason":"Invalid index name [_security], must not start with '_', '-', or '+'","index_uuid":"_na_","index":"_security"},"status":400}
May I please ask if there are specific values that needs to be entered when asked the questions mentioned in Integrating Elastic Stack security :: SIREN DOCS when running the script.
Elasticsearch username: [elastic]:
Elasticsearch password:
Elasticsearch URL [http://localhost:9200]:
Investigate system indices prefix [.siren]:
Prefix for data indices managed through Investigate [siren]:
Index pattern matching indices readable by Investigate users [data-*]:
curl flags:
I just entered the defaults to the following questions and encountered the error.
Thank you!
Hi Edgar,
Can you please confirm the ES version you are using also we have different scripts based on subscription:
Are you using the correct script as per your subscription?
Regards
Manu Agarwal
Hi Manu!
Thank you for the prompt response. I am currently using the following:
Siren Platform 13.1.0 (running on Docker)
Docker Image: siren-platform-easy-start:13.1.0 (Community Edition)
Federate Version: 7.17.7-29.1 on ES 7.17.7
For the script, I am currently using the script for Basic subscriptions.
I am also encountering this error on the initusers.sh script.
{"error":{"root_cause":[{"type":"illegal_argument_exception","reason":"Invalid type: expecting [role] but got [user]"}],"type":"illegal_argument_exception","reason":"Invalid type: expecting [role] but got [user]"},"status":400}
Thank you!
following up! @Manu_Agarwal
Thank you so much!!
Hi Edgar,
We tested it and everything is working fine on our side.
Did you have security enabled in elasticsearch.yml file:
xpack.security.enabled setting is true on each node in your cluster.
Once it is enabled first script to run is initroles.sh to create the roles and then run the initusers.sh
https://docs.siren.io/siren-platform-user-guide/13.2/siren-investigate/t_xpack-config.html
Please check and if it is still the same issue please share your elasticsearch.yml config file.
Regards
Manu
Hi Manu,
Thank you for your response, quick question, when using the basic license (hence the files for basic license) does it not allow for data ingestion? When trying to ingest data from DB, I am encountering this error.
Here’s my config:
siren.connector.username: federate
siren.connector.password: sievepw123
siren.connector.encryption.enabled: true
siren.connector.encryption.secret_key: ""
Thank you!
It looks like the federate user doesn’t have access to create any index.
Please check the role definition of the federate_system it should have all the privileges.
Regards
Manu
Hi Manu!
Thanks for the reply. Yup this is my expectation as well that the federate_system role would have this permission. Does this mean that the script provided in Siren’s documentation by default doesn’t have this?
Thank you!
Hi Edgar,
Yes , we need to update those scripts.
Regards
Manu
Hi @Manu_Agarwal
Good day! just to quickly check, are the issues with scripts already resolved?
Thank you!
Hi Edgar,
Can you share your federate_system role definition what you have?
Regards
Manu