Fixing Security Onion Kibana Index Pattern Errors

I had been struggling with Index Pattern issues after updating Security Onion. After logging into Kibana you are greeted with the following:

In order to visualize and explore data in Kibana, you'll need to create an index pattern to retrieve data from ElasticSearch.

I was also experiencing ElasticSearch stability issues; it often had a status (sudo so-status) of FAILED when trying to troubleshoot the indexing issues.

What I ended up doing is resetting Elastic, and reconfiguring the dashboards.

  1. sudo so-elastic-reset
  2. sudo so-elastic-configure-kibana-dashboards
  3. You may need to set *:logstash-* as the default index.

Note this is the nuclear option, but it does get the job done.