Eric Leblond

It is really unlikely. Do you have information about the failling SID ?

When opening the rules page, you should have an AJAX query which is made to `/rules/es?query=timeline&from_date=MORE_PARAMS`. Could you try to get the url and display it and its result here...

Second question, if you switch to 1h time range, do you see something ?

ok on time interval. Regarding the url, I wanted the url sending json to build the timeline. Url you gave me is one for a ruleset.

@maninivan it seems you are using a custom scirius installation. What is the index containing alerts in Elasticsearch ?

It looks like https://code.djangoproject.com/ticket/16426. So it is a sqlite limitation hit by Django code. I'm gonna look if there is some workaround to that.

@Eagleman7 I've just pushed a workaround attempt at https://github.com/StamusNetworks/scirius/tree/sqlite-delete I still don't know why you are hitting that. Just tested it using Amsterdam and it works fine.

Git version, I did test on 1.1.3. Not on this one. I'm gonna do it later tonight.

OK, I did just do on succesful source deletion with branch of scirius I asked you to test.

Can yoy try to set the remote elasticsearch address in the interface (in Stamus Icon-> settings).