All indices reside in "unassigned shards"

Hi,

I'm a newbie to ELK and did an out-of-the-box setup with ELK 7.2.0 some weeks ago.
After getting familiar with grok patterns I succeeded to ship my different log sources into ES.
While the amount of data grows and I now investigate in backup/snapshots etc., I yesterday (docker) setup "lmenezes/cerebro" utility.

The overview screen shocked me:

Most of my indices have state "unassigned shards".

What must I do to get my installation clear?

Best regards
Franco

Your cluster health seems to be yellow indicating that every primary shard is assigned, so the only unassigned shards are replicas. You only have one node, so this is to be expected: all the primaries are assigned on your one node, and Elasticsearch will not assign two copies of the same shard to a single node, so all the replicas are necessarily unassigned.

You can either add a second node to your cluster or else set the number of replicas to 0 on all your current indices to remove the unassigned (and unassignable) replicas:

PUT /_all/_settings
{
    "index": {
        "number_of_replicas": 0
    }
}

Tnx for your explanation, David.

I fired the PUT

curl -XPUT -H "Content-Type: application/json" localhost:9200/_all/_settings -d '{ "index": { "number_of_replicas": 0 } }'

and got that result:

{"error":{"root_cause":[{"type":"cluster_block_exception","reason":"index [.tasks] blocked by: [FORBIDDEN/12/index read-only / allow delete (api)];"}],"type":"cluster_block_exception","reason":"index [.tasks] blocked by: [FORBIDDEN/12/index read-only / allow delete (api)];"},"status":403}

Ok, found it:
There was a remnant in [.tasks] when my local storage runs out space.
After

curl -XPUT -H "Content-Type: application/json" localhost:9200/.tasks/_settings -d '{"index.blocks.read_only_allow_delete": null}'

I succeeded with setting number_of_replicas to zero.

Tnx you very much, David.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.