We are facing a specific behavior in elastic where no indexing is happening during specific timeframe daily
<From our Dev, the issue is same in all our enviornments>
This is co-relating with a Virus Scan schedule that is is set in all the nodes. But how does virus scan stop indexing as a whole is very confusing.
Any insights would be very helpful to troubleshoot. We already have plans to distribute the virusscan schedule across nodes, but it would not eliminate the case completely if a primary falls in one of the node where Virus scan is running. Moreover, is it virusscan the issue?
There's an easy way to find out: switch off the virus scanner and see if the problem persists.
Virus-scanning the Elasticsearch data directories is a very bad idea. A virus scan typically reads every single file from start to finish, which will blow out the page cache, and typically deletes files it considers to be "suspicious" which will bring your Elasticsearch node to a graceless halt. It's also pointless: there is nothing executable in those directories, and most of the data there is compressed or otherwise mutilated so you're basically guaranteed only ever to find false positives that cause you problems. Don't do this.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
