I have ElasticSearch running on a separate server. Both servers are RHEL 8, install via RPM seemed to go without a hitch. However, the instruction in the Graylog installation:
Causes the following error in the log and then Elasticsearch crashes: action.auto_create_index: false
Caused by: java.lang.IllegalArgumentException: the [action.auto_create_index] setting value [false] is too restrictive. disable [action.auto_create_index] or set it to [.watches,.triggered$
For now I’ve disabled it, and the system is up and running. Am I good to leave it disabled?