When I try to create a new detector, I get the following error.
[security_analytics_exception] Failed to get write index for queryIndex alias:.opensearch-sap-windows-detectors-queries
Okay. The problem arose because the index created by Security Analytics did not contain aliases. Adding the alias manually did not help. The problem was solved by deleting the problem index.
Hery @Kruzerson
I just had this happen, what index are you reffering to?
When I deleted “opensearch-sap-windows-detectors-queries” and created the detector again, the system created this index again and everything worked. But after a while, the load on the cluster was so heavy that it crashed the Opensearch service 
I had that happen, thanks again Ill give this a try.After restoring the cluster, I removed the detector, but now the cluster sends a lot of the same type of errors. It seems as if the plugin continues to work and tries to record data. Maybe you know how to stop it?
Alerting error: RemoteTransportException[[os-master-02][<local_ip>:9300][indices:admin/rollover]]; nested: IllegalArgumentException[rollover target [.opensearch-sap-windows-detectors-queries] does not exist];
Hey @Kruzerson
This may help
Thanks @Gsmitt , I’ll try it and write back.
Have a nice day!
Did you by any chance get WARN log: “Deletion of old queryIndex [.opensearch-sap-windows-detectors-queries] index is not acknowledged!” ?
Also what version are you using and from what version did you upgrade(if you upgraded)?
Hi @pdz.
No, I have not encountered the error you mentioned. When the security analyzer was launched, the OpenSearch version was 2.7
Hi,
Facing same issue in opensearch 2.7
[security_analytics_exception] Failed to get write index for queryIndex alias:.opensearch-sap-windows-detectors-queries
Any idea?
As I said earlier.
Blockquote
The problem arose because the index created by Security Analytics did not contain aliases. Adding the alias manually did not help. The problem was solved by deleting the problem index
Hi,
I’m trying to configure the detector for AWS cloudtrail logs.
It’s throwing the following error: [security_analytics_exception] Failed to get write index for queryIndex alias:.opensearch-sap-cloudtrail-detectors-queries
When I try to add a detector there are some entries that are created in ‘templates’ and ‘component templates’. As far as I can see there is no index created. I’ve tried deleting the templates, but I still can’t deploy the detector. Can you verify that you indeed had an offending index listed in ‘Index management’>‘indices’?
Hello. Have you looked at the Opensearch logs for this time? Perhaps you will see the reason why the required index is not created.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.