Hello everyone,
Need help with Elasticsearch cluster metadata recovery.
We originally had a 3-node cluster, but after a restart/patching activity the cluster failed master election. We later rebuilt the cluster and all 3 nodes now successfully form a cluster with a new cluster UUID. Current logs are indexing and visible.
Issue: Historical Filebeat indices (years of data) are not visible in Elasticsearch/Kibana, although the shard data and index metadata (_state) still exist on disk. No dangling indices are detected.
Filebeat/application log indices are missing. The old indices appear to belong to the previous cluster UUID.
Has anyone successfully recovered indices whose shard data exists on disk but whose cluster metadata is no longer associated with the current cluster state? Any guidance would be greatly appreciated.