All dashboards showing an error

[collie123]

Hi,

In Kibana all of the dashboards are showing this error

index [.async-search] blocked by: [TOO_MANY_REQUESTS/12/disk usage exceeded flood-stage watermark, index has read-only-allow-delete block];

The honeypot has only been up for 5days and I have allocated 320GB to the VM.

The attack map isnt showing anything either.

I could still access the Honeypot and it shows as running but I just cant see the dashboards.

Any help would be appreciated.

Thanks.

Ask T-Pot Assistant

• 🤖 Ask T-Pot Assistant (beta) if you have not read the documentation yet and do not intent to do so (🤖 T-Pot Assistant (beta) #1564)

Successfully raise an issue

Before you post your issue make sure it has not been answered yet and provide ⚠️ BASIC SUPPORT INFORMATION (as requested below) if you come to the conclusion it is a new issue.

• 🔍 Use the search function first
• 🧐 Check our Wiki and the discussions
• 📚 Consult the documentation of 💻 your Linux OS, 🐳 Docker, the 🦌 Elastic stack and the 🍯 T-Pot Readme.
• ⚙️ The Troubleshoot Section of the T-Pot Readme is a good starting point to collect a good set of information for the issue and / or to fix things on your own.
• ⚠️ Provide BASIC SUPPORT INFORMATION or similar detailed information with regard to your issue or we will close the issue or convert it into a discussion without further interaction from the maintainers.
  

⚠️ Basic support information (commands are expected to run as root)

We happily take the time to improve T-Pot and take care of things, but we need you to take the time to create an issue that provides us with all the information we need.

• What OS are you T-Pot running on?
  Linux Ubuntu 24.04
• What is the version of the OS lsb_release -a and uname -a?
  Linux localhost 6.8.0-45-generic Honeypot Map broken since July 11 #45-Ubuntu
• What T-Pot version are you currently using (only T-Pot 24.04.x is currently supported)?
• What architecture are you running on (i.e. hardware, cloud, VM, etc.)?
  -VM with Linode
• Review the ~/install_tpot.log, attach the log and highlight the errors.
• How long has your installation been running?
  5 days
  • If it is a fresh install consult the documentation first.
  • Most likely it is a port conflict or a remote dependency was unavailable.
  • Retry a fresh installation and only open the issue if the error keeps coming up and is not resolved using the documentation as described here.
• Did you install upgrades, packages or use the update script?
• Did you modify any scripts or configs? If yes, please attach the changes.
  No
• Please provide a screenshot of htop and docker stats.
• How much free disk space is available (df -h)?
  allocated 320GB but only 14G avail
• What is the current container status (dps)?
• On Linux: What is the status of the T-Pot service (systemctl status tpot)?
  active, running, enabled
• What ports are being occupied? Stop T-Pot systemctl stop tpot and run grc netstat -tulpen
  • Stop T-Pot systemctl stop tpot
  • Run grc netstat -tulpen
  • Run T-Pot manually with docker compose -f ~/tpotce/docker-compose.yml up and check for errors
  • Stop execution with CTRL-C and docker compose -f ~/tpotce/docker-compose.yml down -v
• If a single container shows as DOWN you can run docker logs <container-name> for the latest log entries

[t3chn0m4g3]

What steps as part of the Troubleshooting section did you take?
What were the results?
Is Elasticsearch running?
Can you access it using Elasticvue? If yes, remove large indices.
If you cannot access Elasticsearch any longer, stop T-Pot and delete the ~/tpotce/data folder which will delete all logs, indices etc. Start T-Pot again and monitor what honeypot is responsible for such a high volume of logs and remove the responsible honeypot from the ~/tpotce/docker-compose.yml or block the according port on your firewall. My best guess is ddospot, there have been some issues / discussions already.

[collie123]

Thanks very much, I have restarted and deleted the ~/tpotce/data folder.

Attack Map wasn't working before but it is now, however for Kibana I am getting a plug in error ( see image below )

I have clicked 'Clear your session' and refreshed the page but no joy.

I can seem to find anything about plug ins in the /tpotce folder or in /bin.

Any suggestions?

Thanks.

[t3chn0m4g3]

Delete the browser cache.

[github-actions]

This issue has been marked as stale because it has had no activity for 7 days. If you are still experiencing this issue, please comment or it will be closed in 7 days.