I have ElasticSearch running on a separate server. Both servers are RHEL 8, install via RPM seemed to go without a hitch. However, the instruction in the Graylog installation:
Causes the following error in the log and then Elasticsearch crashes: action.auto_create_index: false
Caused by: java.lang.IllegalArgumentException: the [action.auto_create_index] setting value [false] is too restrictive. disable [action.auto_create_index] or set it to [.watches,.triggered$
For now I’ve disabled it, and the system is up and running. Am I good to leave it disabled?
You have installed the Elasticsearch version including x-pack/elastic licensed plugins. While the documentation refers to the OSS Version of Elasticsearch without that plugins.
The setting in this way is working on the OSS packages - when you have the x-pack included elasticsearch you need to adjust like the log suggest.
