Due to a bug in OpenSearch, an index can be created incorrectly causing this warning.
.opensearch-sap-pre-packaged-rules-config
Resolution / Suggested Action
SSH to your LogServer appliance and run the following command:
es-tools -c list-shards
Verify the aforementioned index shows up in the list as UNASSIGNED like below:
.opensearch-sap-pre-packaged-rules-config 0 r UNASSIGNED
Remove the replicas by running the following command:
curl -s -XPUT "127.0.0.1:9300/.opensearch-sap-pre-packaged-rules-config/_settings" -H 'Content-Type: application/json' -d '{ "index" : { "number_of_replicas" : 0} }'
This error should not be causing any actual impact. Eventually this problem should go away once OpenSearch merges a fix for it. For more information, see https://github.com/opensearch-project/security-analytics/issues/1352