Invalid index name [_xpack], must not start with '_'

Hi All,
My

**Elasticsearch version:7.2

**Server OS version:oracle linux 7.2

**Kibana version (if relevant):7.2

Describe the issue:

I have configured the searchhguard for elasticsearch and when i am doing a restart i am getting this error

Please help to fix this issue

[ ERROR][c.f.s.f.SearchGuardFilter] [mcp-x.x.x.x] Unexpected exception [_xpack] InvalidIndexNameException[Invalid index name [xpack], must not start with '’.]
org.elasticsearch.indices.InvalidIndexNameException: Invalid index name [xpack], must not start with '’.
at org.elasticsearch.cluster.metadata.IndexNameExpressionResolver$WildcardExpressionResolver.validateAliasOrIndex(IndexNameExpressionResolver.java:750) ~[elasticsearch-7.2.0.jar:7.2.0]

Do you use Elasticsearch OSS version? If yes, do you have any external software that calls _xpack API? The _xpack API is not available in the OSS. Look, we had a similar issue before: Unexpected exception [_xpack] InvalidIndexNameException for Filebeat 6.7.1

Yes I am using Elasticsearch OSS version 7.2.0.

And i am using all oss elk packages .

my elk stack is working fine,after installing and configuring the search guard plugin for elastic search and kibana i am getting this error.

I have fixed this current issue after adding the option ilm_enabled => false in logstash configuration.

Hi @srgbnd ,

now i have got a new error as my kibana isn’t starting after the elasticsearch issue.

this is the error log from kibana

“type”:“error”,"@timestamp":“2020-07-23T19:49:17Z”,“tags”:[“connection”,“client”,“error”],“pid”:11228,“level”:“error”,“error”:{“message”:“139953914136384:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:…/deps/openssl/openssl/ssl/record/rec_layer_s3.c:1407:SSL alert number 46\n”,“name”:“Error”,“stack”:“Error: 139953914136384:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:…/deps/openssl/openssl/ssl/record/rec_layer_s3.c:1407:SSL alert number 46\n”},“message”:“139953914136384:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:…/deps/openssl/openssl/ssl/record/rec_layer_s3.c:1407:SSL alert number 46\n”}

also this error is there after manually started the kibana console

please help on this to fix the kibana issue

I have fixed this current issue after adding the option ilm_enabled => false in logstash configuration.

Exactly, as I suggested, you used an x-pack feature (ILM) while running the OSS version.

please help on this to fix the kibana issue

We need to see the following configurations in order to help you:

  1. elasticsearch.yml
  2. kibana.yml
  3. sg_config.yml

Did you see a questionnaire when you created this issue? Why did you omit the part where we ask you to provide the configuration? Do you have any suggestions to improve the questionnaire?

Next time, please create a new issue for a new problem. Don’t put unrelated problems in one issue.

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.