Issues with Security Analytics and indexes/shards

Hi guys, we are having an issues with security analytics plugin and it having created hundreds of indexes with thousands of shards - causing us to hit our cluster shard limit. Even after removing the dectors the indexes don’t get cleaned up.

More information on the GitHub issue here: Security Analytics DNS created hundreds of indexs with thousands of shards hitting limit, deleted dectors but indexes are still present · Issue #667 · opensearch-project/security-analytics · GitHub

Our cluster has over 30TB of data in it, so rebuilding it is not really an option for us presently - can anyone help with how to clear out all the security analytics internally created indexes etc? We are running on AWS managed service so uninstalling the plugin is not possible.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.