I deleted indexes older than 3 months, including index "alert_status". But it turns out that no more logs are coming into this index, now I want to recover it, preferably without shutting down a cluster. According to the documentation https://kb.energylogserver.com/en/7.4.2/08-Troubleshooting/08-Troubleshooting.html?highlight=alert_status#recovery-default-base-indexes index is recoverable, but these instructions are for 6.1.5 or older (ours is 7.4.2)
In the versions 7.4, alert service should recreate it automatically by itself after some time, depending on the amount of alerts.
Let me know if that's not the case.
It still hasn't created, when I deleted this index it disappeared entirely and I had to recreate it. Maybe that's the case why data is not coming there yet?
Hmmm. Odd as the index should be created when there's a new data coming in. There's also binary you can use manually in such case: /opt/alert/bin/elastalert-create-index. Try that and let me know if it's solving this issue.
/opt/alert/bin/elastalert-create-index
the problem was solved, had to re-upload dashboards and index was created after then
