Elasticsearch index not visible

rrs · January 8, 2018, 3:07pm

Hi All,

I setup ELK stack 5.6.3. The issue is that Elastic nodes in my cluster are creating indexes with defined name, but when we query /_cat/indices, created indexes are not showing and Kibana dashboard as well. Can you please help me here.

Elasticsearch Log:
[2018-01-08T09:45:11,694][INFO ][t.b.r.a.ACL ] ALLOWED by { name: '::LOGSTASH::', policy: ALLOW} req={ ID:492301056-870312458#562108, TYP:BulkRequest, CGR:N/A, USR:logstash, BRS:true, ACT:indices:data/write/bulk, OA:10.10.71.24, IDX:NginxAccess-2018.01.08, MET:POST, PTH:/_bulk, CNT:<OMITTED, LENGTH=3155>, HDR:Accept-Encoding,Authorization,Connection,Content-Length,Content-Type,Host,User-Agent, HIS:[::LOGSTASH::->[indices->true, auth_key->true, actions->true]] }

Status Report:
[root@prd-elk1 ~]# curl -XGET -uelastic prd-elk1:9200/_cat/indices?v
Enter host password for user 'elastic':
health status index uuid pri rep docs.count docs.deleted store.size pri.store.size
green open .kibana UGs00zcQQUW0jteLI4J4IA 1 1 3 0 33.3kb 16.6kb
[root@prd-elk1 ~]#

A_B · January 8, 2018, 4:10pm

Do you have more than one node in your cluster? If so, what does this show you?

What about is you create an index through the API? Somethign like

curl -XPUT -u elastic 'prd-elk1:9200/test?pretty' -H 'Content-Type: application/json' -d'
{
    "settings" : {
        "index" : {
            "number_of_shards" : 3, 
            "number_of_replicas" : 2 
        }
    }
}
'

val · January 8, 2018, 4:13pm

It looks like you have XPack security installed with LDAP authentication, is that right? Can you try to query _cat/indices with your LOGSTASH user and not the elastic one. What do you see?

rrs · January 8, 2018, 4:23pm

Hi,
The output is

[root@prd-elk1 ~]# curl -XGET -uelastic prd-elk1:9200/_cat/nodes?v
ip heap.percent ram.percent cpu load_1m load_5m load_15m node.role master name
10.10.71.25 8 84 0 0.02 0.02 0.05 mdi - prd-elk2
10.10.71.24 4 84 0 0.00 0.02 0.05 mdi - prd-elk1
10.10.71.26 8 84 0 0.00 0.01 0.05 mdi * prd-elk3
10.77.71.23 12 62 0 0.08 0.03 0.05 - - prd-kib1

[root@prd-elk1 ~]# curl -XGET -uelastic 'prd-elk1:9200/NginxAccess-2018.01.08/_settings'
Enter host password for user 'elastic':
{"error":{"root_cause":[{"type":"index_not_found_exception","reason":"no such index","index_uuid":"na","resource.type":"index_or_alias","resource.id":"NginxAccess-2018.01.08","index":"NginxAccess-2018.01.08"}],"type":"index_not_found_exception","reason":"no such index","index_uuid":"na","resource.type":"index_or_alias","resource.id":"NginxAccess-2018.01.08","index":"NginxAccess-2018.01.08"},"status":404}

Christian_Dahlqvist · January 8, 2018, 4:31pm

Can you try with the index name in lower-case?

val · January 8, 2018, 4:32pm

Index names should be all lowercase, so I'm not sure that Logstash creates any index at all

rrs · January 8, 2018, 4:52pm

Perfect, after changing the index to lower case, we see listed indexes and Kibana dashboard as well

Thanks all for your wonderful quick [root@prd-elk1 ~]# curl -XGET -uelastic prd-elk1:9200/_cat/indices?v
Enter host password for user 'elastic':
health status index uuid pri rep docs.count docs.deleted store.size pri.store.size
green open .kibana UGs00zcQQUW0jteLI4J4IA 1 1 3 0 33.3kb 16.6kb
green open nginxaccess-2018.01.08 -D_LRWaURH-ie_9RMAaCVQ 5 1 2998 0 3.7mb 1.7mb.

system · February 5, 2018, 4:52pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.