Bulk item insert failed

Hello,
I have a problem since last Sunday with my ELK. All Windows machines which are monitored can't send events to the ELK server, in winlogbeat log there is something like:

2016-12-06T15:18:03+01:00 INFO Bulk item insert failed (i=34, status=503): {"type":"unavailable_shards_exception","reason":"[winlogbeat-2016.12.04][0] primary shard is not active Timeout: [1m], request: [shard bulk {[winlogbeat-2016.12.04][0]}]"}
2016-12-06T15:18:03+01:00 INFO Bulk item insert failed (i=35, status=503): {"type":"unavailable_shards_exception","reason":"[winlogbeat-2016.12.04][0] primary shard is not active Timeout: [1m], request: [shard bulk {[winlogbeat-2016.12.04][0]}]"}
2016-12-06T15:18:03+01:00 INFO Error publishing events (retrying): temporary bulk send failure
2016-12-06T15:18:03+01:00 INFO send fail
2016-12-06T15:18:03+01:00 INFO backoff retry: 1m0s

Software which I use:
elasticsearch-2.2.1
kibana-4.4.1-windows
logstash-2.2.2
winlogbeat-1.1.2-windows

I wasn't able to find solution, maybe someone will help me with my problem.

Hi @zen.xen,

the Beats log tells you that primary shards for the winlogbeat index is not available. I suggest you look at the Elasticsearch logs and the cluster health API. That should give you a clue what's going on.

Daniel

Hi,
status Cluster Health is red, it is only one machine with ELK software, maybe this will be usefull:

Active Primary Shards	1,215
Active Shards	        1,215
Initializing Shards	1
Unassigned Shards	1,236

Is it possible to manually create index that is not available?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.