Elasticsearch index not visible

Hi All,

I setup ELK stack 5.6.3. The issue is that Elastic nodes in my cluster are creating indexes with defined name, but when we query /_cat/indices, created indexes are not showing and Kibana dashboard as well. Can you please help me here.

Elasticsearch Log:
[2018-01-08T09:45:11,694][INFO ][t.b.r.a.ACL ] ALLOWED by { name: '::LOGSTASH::', policy: ALLOW} req={ ID:492301056-870312458#562108, TYP:BulkRequest, CGR:N/A, USR:logstash, BRS:true, ACT:indices:data/write/bulk, OA:10.10.71.24, IDX:NginxAccess-2018.01.08, MET:POST, PTH:/_bulk, CNT:<OMITTED, LENGTH=3155>, HDR:Accept-Encoding,Authorization,Connection,Content-Length,Content-Type,Host,User-Agent, HIS:[::LOGSTASH::->[indices->true, auth_key->true, actions->true]] }

Status Report:
[root@prd-elk1 ~]# curl -XGET -uelastic prd-elk1:9200/_cat/indices?v
Enter host password for user 'elastic':
health status index uuid pri rep docs.count docs.deleted store.size pri.store.size
green open .kibana UGs00zcQQUW0jteLI4J4IA 1 1 3 0 33.3kb 16.6kb
[root@prd-elk1 ~]#

Do you have more than one node in your cluster? If so, what does this show you?

What about is you create an index through the API? Somethign like

curl -XPUT -u elastic 'prd-elk1:9200/test?pretty' -H 'Content-Type: application/json' -d'
{
    "settings" : {
        "index" : {
            "number_of_shards" : 3, 
            "number_of_replicas" : 2 
        }
    }
}
'

It looks like you have XPack security installed with LDAP authentication, is that right? Can you try to query _cat/indices with your LOGSTASH user and not the elastic one. What do you see?

Hi,
The output is

[root@prd-elk1 ~]# curl -XGET -uelastic prd-elk1:9200/_cat/nodes?v
ip heap.percent ram.percent cpu load_1m load_5m load_15m node.role master name
10.10.71.25 8 84 0 0.02 0.02 0.05 mdi - prd-elk2
10.10.71.24 4 84 0 0.00 0.02 0.05 mdi - prd-elk1
10.10.71.26 8 84 0 0.00 0.01 0.05 mdi * prd-elk3
10.77.71.23 12 62 0 0.08 0.03 0.05 - - prd-kib1

[root@prd-elk1 ~]# curl -XGET -uelastic 'prd-elk1:9200/NginxAccess-2018.01.08/_settings'
Enter host password for user 'elastic':
{"error":{"root_cause":[{"type":"index_not_found_exception","reason":"no such index","index_uuid":"na","resource.type":"index_or_alias","resource.id":"NginxAccess-2018.01.08","index":"NginxAccess-2018.01.08"}],"type":"index_not_found_exception","reason":"no such index","index_uuid":"na","resource.type":"index_or_alias","resource.id":"NginxAccess-2018.01.08","index":"NginxAccess-2018.01.08"},"status":404}

Can you try with the index name in lower-case?

1 Like

Index names should be all lowercase, so I'm not sure that Logstash creates any index at all

1 Like

Perfect, after changing the index to lower case, we see listed indexes and Kibana dashboard as well :smile:

Thanks all for your wonderful quick [root@prd-elk1 ~]# curl -XGET -uelastic prd-elk1:9200/_cat/indices?v
Enter host password for user 'elastic':
health status index uuid pri rep docs.count docs.deleted store.size pri.store.size
green open .kibana UGs00zcQQUW0jteLI4J4IA 1 1 3 0 33.3kb 16.6kb
green open nginxaccess-2018.01.08 -D_LRWaURH-ie_9RMAaCVQ 5 1 2998 0 3.7mb 1.7mb.

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.