5.1.3.2.1.5. Discover - No Information in Analytics

Symptom

When you try to visualize data in the OpenNAC Enterprise Analytics > Discover dashboard and there is no data. You can confirm the issue by checking the logstash file. Messages like the following ones can appear:

[logstash.outputs.elasticsearch] retrying failed action with response code: 403 ({"type"=>"cluster_block_exception", "reason"=>"blocked by: [FORBIDDEN/12/index read-only / allow delete (api)];"})

You can certify the issue querying Elastic:

GET /_cluster/state?pretty

With the output, check if there is an index in read-only.

Solve

It could be the disk space on the Analytics server. To solve it, you can free up some space or add more disk space, and then execute the following command:

PUT .kibana/_settings
{
"index.blocks.read_only_allow_delete": null
}

PUT opennac_ud/_settings
{
"index.blocks.read_only_allow_delete": null
}

PUT logstash-*/_settings
{
"index.blocks.read_only_allow_delete": null
}

PUT opennac-*/_settings
{
"index.blocks.read_only_allow_delete": null
}