I had been struggling with Index Pattern issues after updating Security Onion. After logging into Kibana you are greeted with the following:
In order to visualize and explore data in Kibana, you'll need to create an index pattern to retrieve data from ElasticSearch.
I was also experiencing ElasticSearch stability issues; it often had a status (
sudo so-status) of FAILED when trying to troubleshoot the indexing issues.
What I ended up doing is resetting Elastic, and reconfiguring the dashboards.
*:logstash-*as the default index.
Note this is the nuclear option, but it does get the job done.