I was trying to install TheHive and ran into some issues with configuration.
When trying to log in for the first time, I was getting “Elasticsearch cluster is not available” as a little red popup on the login screen.
When checking the log /opt/thehive/logs/application.log I found the following line:
2019-01-28 21:22:34,494 [WARN] from org.elasticsearch.client.transport.TransportClientNodesService in main - node {#transport#-1}{1eyCBCV1Rs-oVwFIHuQ7cw}{127.0.0.1}{127.0.0.1:9300} not part of the cluster Cluster [Cluster], ignoring...
This means the cluster name doesn’t match between TheHive and elasticsearch - mainly it is probably not set in elasticsearch - because that’s the default on install. The following two lines need to have matching outputs:
sudo grep "cluster" /etc/thehive/application.confsudo grep "cluster.name" /etc/elasticsearch/elasticsearch.yml
For example, in /etc/thehive/application.conf:
cluster = hive
And in /etc/elasticsearch/elasticsearch.yml:
cluster.name: hive
You’ll need to restart elasticsearch then thehive once the configuration changes have been made.