Elasticsearch plugin is red after update

Hey guys,

Im new to unix and the elk-stack, so the fix might be an easy one for the "pros":
I just updated to 6.0.1 and when I try to reach kibana, I get forwarded to the status site, saying that status is Red.

In the Status Breakdown there are two more errors:
ui settings: Elasticsearch plugin is red
plugin:elasticsearch@6.0.1: blocked by: [FORBIDDEN/12/index read-only / allow delete (api)];: [cluster_block_exception] blocked by: [FORBIDDEN/12/index read-only / allow delete (api)];

When I access elasticsearch via localhost:9200 I get the same response I got before the update.
Also when I check if the elasticsearch service is running in a terminal it all looks normal.

Help would be greatly appreciated.

@c4alexc4 would you mind executing the following curl command and attaching the output here?

curl http://localhost:9200/.kibana/_settings?pretty

Sure! Here we go:

  ".kibana" : {
    "settings" : {
      "index" : {
        "number_of_shards" : "1",
        "blocks" : {
          "read_only_allow_delete" : "true"
        "provided_name" : ".kibana",
        "creation_date" : "1512482695786",
        "number_of_replicas" : "1",
        "uuid" : "zalimuHMQPehFOXBuVaPxQ",
        "version" : {
          "created" : "6000099",
          "upgraded" : "6000199"

Edit: There are no files in my plugins directory for kibana. Is an elasticsearch plugin supposed to appear there?

Hey @c4alexc4 can you check your Elasticsearch logs to see if there is a warning about the disk exceeding the 95% high water mark? The index.blocks.read_only_allow_delete: true alludes to Elasticsearch setting this because the disk usage is too high: https://www.elastic.co/guide/en/elasticsearch/reference/6.x/disk-allocator.html

If you've resolved the high disk usage, and you still see the read_only_allow_delete: true, you can run the following to remove that setting from the .kibana index:

curl -XPUT -H "Content-Type: application/json" http://[YOUR_ELASTICSEARCH_ENDPOINT]:9200/.kibana/_settings -d '{"index.blocks.read_only_allow_delete": null}'

I found the warnings about the high water mark and the command apparently fixed the problem.
At least I can access kibana regularly now.

Thank you!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.