Elasticsearch status red after installing x-pack

I'm using elasticsearch to index a 12 mb log file. I've indexed the log file and then installed the trial version of x-pack to give it a try.
and then my elasticsearch status turned to red. Please have a look at the screenshot

Please let me know the reason.
my kibana.yml file:

   server.port: 5601
   server.host: ""
   elasticsearch.url: "http://localhost:9200"
   elasticsearch.preserveHost: true
   elasticsearch.username: "elastic"
   elasticsearch.password: "*********"

elasticsearch.yml file

bootstrap.memory_lock: true
cluster.name: elasticsearch
http.port: 9200
node.data: true
node.ingest: true
node.master: true
node.max_local_storage_nodes: 1
node.name: EC2AMAZ-1763048
path.data: C:\ProgramData\Elastic\Elasticsearch\data
path.logs: C:\ProgramData\Elastic\Elasticsearch\logs
transport.tcp.port: 9300


Please help to solve this

Thanks for your time as always :slight_smile:

wild guess here: Is it possible you ran out of diskspace or you are almost at capacity. When this happens, Elasticsearch puts some indices into read-only mode. You need to allow them to be written first. Note: This is not an x-pack feature, but an Elasticsearch one.

See the flood stage setting at our documentation https://www.elastic.co/guide/en/elasticsearch/reference/6.2/disk-allocator.html


Thansk for the quick reply @spinscale.

Good guess I would say. I just increased the diskspace as it's almost full.

As you said I'm not able to write to some indices and I'm not sure how to change the mode. Anyway I'm not able to access kibana to execute it through dev tools. so I tried with curl but I'm not able to do it.

response from curl: AuthenticationException[Missing authentication token]

please do help.

Thanks for your time :slight_smile:

The documentation link has a full blown example how to solve this. The error message you are getting is because you enabled security and thus you have to provide a username and a password (or you just log into kibana and do it from there).

1 Like

Thank you much @spinscale. I've gone through the documentation and able to do it. curl didn't work and I have done it with postman.

Thanks for your time :slight_smile:

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.