Disk Watermark Issue

[jpancrazio]

Version

2.4.111

Installation Method

Security Onion ISO image

Description

configuration

Installation Type

Standalone

Location

on-prem with Internet access

Hardware Specs

Meets minimum requirements

CPU

6

RAM

25

Storage for /

174G

Storage for /nsm

350G

Network Traffic Collection

span port

Network Traffic Speeds

1Gbps to 10Gbps

Status

No, one or more services are failed (please provide detail below)

Salt Status

Yes, there are salt failures (please provide detail below)

Logs

Yes, there are additional clues in /opt/so/log/ (please provide detail below)

Detail

please excuse this post - I have tried to search for this and didn't find relevant information

It seems I have somehow messed up the flood stage water mark elasticsearch > config > cluster > routing > allocation > disk > watermark > flood stage -- I have tried to setting back to 90% , I had somehow set it to 90 without the percent mark , And is failing to bring up elastic I think because of this . I get an error when attempting to change this to anything it gives the error at the top and says look in the hunt, but also not working. Which file would this setting be in for me to manually change from the CLI . thanks in advance

Guidelines

• I have read the discussion guidelines at Read before posting! #1720 and assert that I have followed the guidelines.

[cm-ops]

What do you see when you run sudo salt-call pillar.get elasticsearch:config:cluster? Do you see the 90 without the percentage?

You should be able to go into SOC at elasticsearch > config > cluster > routing > allocation > disk > watermark > flood_stage and hit the blue circle with the back arrow to return to a default setting.

[jpancrazio]

Thank you , I am not sure why I didnt notice this before , As I had mentioned i tried to enter a new value but it failed , using that worked.,