-
Notifications
You must be signed in to change notification settings - Fork 225
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
No matching indices found: No indices match pattern “dmarc_aggregate*” #268
Comments
Same here, |
The Grafana resource names are dmarc-ag and dmarc-fo. |
Hello I've the same problem. Edit: Solution found; you have to had a regex package. |
I have regex installed and still run into this problem. |
Just did a fresh install using the solution from variamus but still having same issue. |
Kibana will show this error until data is added in elasticsearch by parsedmarc |
sorry for the noob question(s). so if I set this up but have not fed the site any reports, I should get this message? while i figure out how to have the reports automatically retrieved, is there a way to place the GZ (or xml) files in a location on the server to be be parsed? thanks in advance. |
Hi |
hi I wonder if there is a solution~ |
I might be wrong, but my theory is that, at least in Grafana, this is a result of parsedmarc only creating elasticsearch indexes when it tries to save report data. If there is no report to save, no index gets created, and this confuses Kibana and Grafana who expect the index to be there regardless. (create_indexes only gets called by save_aggregate_report_to_elasticsearch or save_forensic_report_to_elasticsearch, which in turn only get called by the main loop if the respective save options are enabled and actual reports are present) If correct, one potential fix would be to rewrite parsedmarc to create ES indexes in advance (e.g. for today and maybe tomorrow, if run daily), regardless of whether there's data to be put into them or not. (Depending on how often people run parsedmarc, this could require a "past" and "future" range parameter so that you could force it to create the next 15 days for example.) Alternatively, have parsedmarc set up an index template that will cause ES to create the indexes. As a workaround, you can manually create the indexes yourself (make sure you match the mappings and settings of the ones created by parsedmarc). Here's me creating today's aggregate reports index:
For ES/Kibana itself: Keep in mind that parsedmarc only ingests the report data into ES AFTER it has parsed all of the messages. (If you start out with a large chunk of messages, it will spend a lot of time parsing messages before populating the indexes.) |
Getting the error in Kibana when trying to load the info - No matching indices found: No indices match pattern “dmarc_aggregate*”
Tried the install on two fresh build Ubuntu server 20.04 with same results. Parsedmarc seems to be pulling and parsing emails fine from my mailbox.
The text was updated successfully, but these errors were encountered: