From c7516ae1f852bf6370eaa1d23a9ab6c7eace7b9a Mon Sep 17 00:00:00 2001
From: t3chn0m4g3 <t3chn0m4g3@gmail.com>
Date: Wed, 9 Mar 2016 22:10:44 +0100
Subject: [PATCH] keep elkbase.tgz
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

In some rare occasions the .kibana index might be corrupted
(IOException) resulting in missing translogs and thus preventing
.kibana index from getting indexed (happens during a power failure). A
quick fix is to delete the contents in
“/data/elk/data/elasticsearch/nodes/0/indices/.kibana/*“, extract
elkbase.tgz to a temp folder (tar xvfz elkbase.tgz /tmp/) and copy “cp
-R /tmp/data/elk/data/elasticsearch/nodes/0/indices/.kibana/*
/data/elk/data/elasticsearch/nodes/0/indices/.kibana/“.
Make sure to stop service checks (“/etc/crontab”) and stop elk (service
elk stop) before doing this.
---
 installer/install.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/installer/install.sh b/installer/install.sh
index feb9df8b..f54e3551 100755
--- a/installer/install.sh
+++ b/installer/install.sh
@@ -306,8 +306,8 @@ chown tsec:tsec /root/tpot/home/*
 chmod 644 /root/tpot/data/upstart/*
 
 # Let's copy some files
-tar xvfz /root/tpot/data/elkbase.tgz -C / 
-rm /root/tpot/data/elkbase.tgz
+tar xvfz /root/tpot/data/elkbase.tgz -C /
+cp /root/tpot/data/elkbase.tgz /data/
 cp -R /root/tpot/bin/* /usr/bin/
 cp -R /root/tpot/data/* /data/
 cp -R /root/tpot/etc/issue /etc/