Elasticsearch status red after installing x-pack

Elastic Stack Elasticsearch
1

I'm using elasticsearch to index a 12 mb log file. I've indexed the log file and then installed the trial version of x-pack to give it a try.
and then my elasticsearch status turned to red. Please have a look at the screenshot

image
image.png1186×672 37.8 KB

Please let me know the reason.
my kibana.yml file:

   server.port: 5601
   server.host: "0.0.0.0"
   elasticsearch.url: "http://localhost:9200"
   elasticsearch.preserveHost: true
   elasticsearch.username: "elastic"
   elasticsearch.password: "*********"

elasticsearch.yml file

bootstrap.memory_lock: true
cluster.name: elasticsearch
http.port: 9200
node.data: true
node.ingest: true
node.master: true
node.max_local_storage_nodes: 1
node.name: EC2AMAZ-1763048
path.data: C:\ProgramData\Elastic\Elasticsearch\data
path.logs: C:\ProgramData\Elastic\Elasticsearch\logs
transport.tcp.port: 9300

jvm.options:
-XX:+UseConcMarkSweepGC
-XX:CMSInitiatingOccupancyFraction=75
-XX:+UseCMSInitiatingOccupancyOnly
-XX:+AlwaysPreTouch
-Xss1m
-Djava.awt.headless=true
-Dfile.encoding=UTF-8
-Djna.nosys=true
-XX:-OmitStackTraceInFastThrow
-Dio.netty.noUnsafe=true
-Dio.netty.noKeySetOptimization=true
-Dio.netty.recycler.maxCapacityPerThread=0
-Dlog4j.shutdownHookEnabled=false
-Dlog4j2.disable.jmx=true
-Djava.io.tmpdir=${ES_TMPDIR}
-XX:+HeapDumpOnOutOfMemoryError
-Xmx4096m
-Xms4096m

Please help to solve this

Thanks for your time as always :slight_smile:

2

wild guess here: Is it possible you ran out of diskspace or you are almost at capacity. When this happens, Elasticsearch puts some indices into read-only mode. You need to allow them to be written first. Note: This is not an x-pack feature, but an Elasticsearch one.

See the flood stage setting at our documentation https://www.elastic.co/guide/en/elasticsearch/reference/6.2/disk-allocator.html

3

Hey,

Thansk for the quick reply @spinscale.

Good guess I would say. I just increased the diskspace as it's almost full.

As you said I'm not able to write to some indices and I'm not sure how to change the mode. Anyway I'm not able to access kibana to execute it through dev tools. so I tried with curl but I'm not able to do it.

response from curl: AuthenticationException[Missing authentication token]

please do help.

Thanks for your time :slight_smile:

4

The documentation link has a full blown example how to solve this. The error message you are getting is because you enabled security and thus you have to provide a username and a password (or you just log into kibana and do it from there).

1 Like
5

Thank you much @spinscale. I've gone through the documentation and able to do it. curl didn't work and I have done it with postman.

Thanks for your time :slight_smile:

1 Like
6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.