Downloadable docker-compose.yml file using the wrong version of elasticsearch docker image

[tvfischer]

I was deploying a new install using docker a few days ago and discovered that the reference/linked docker-compose.yml file is configured to use elasticsearch:6.8.0 docker image. The install fails because the current latest docker images for thehive and cortex do not support this version. The docker-compose code on the page itself is correct.

It fails to create the indexes because it is using a deprecated function.

The docker-compose.yml file is referenced on the install guide page: install-guide

The wrong docker-compose.yml file is here: docker-compose.yml

[yohancourbe]

Just wasted couple of hours because of this. The latest tag of cortex is pointing to Cortex 2 which doesn't work with Elasticsearch 6. Docs or tags should be updated accordingly. Maybe it's a mistake on Dockerhub as TheHive latest points to version 3.0.0+ (and thus works well with Elasticsearch 6) but not Cortex.

If it helps future searches, if you get to a point where Cortex logs complains about Elasticsearch Cluster Name not being hive (that you can fix by setting cluster.name env in ES)

TransportClientNodesService - node {#transport#-1} [...] not part of the cluster Cluster [hive], ignoring...

and then later

org.elasticsearch.index.IndexNotFoundException: no such index

You probably run Cortex 2 with Elasticsearch 6.