We got issue with indices filling the spaces, we removed the indices and restarted the service but it doesn't seem to start properly. When checked elasticSearch log, I am getting the below exception
failed to retrieve password hash for reserved user [kibana]
org.elasticsearch.action.UnavailableShardsException: at least one primary shard for the index [.security-7] is unavailable
Failed to get datafeed stats to include in ML usage
org.elasticsearch.action.search.SearchPhaseExecutionException: all shards failed
There are loads of exception in elasticsearch log file.
This is the health status and it is RED
CAT allocation
The .security-7 is in unassigned status along with others. When I check the reason and below is the outcome
"Cannot allocate status because a previous copy of the primary shard existed but can no longer be found on the nodes in the cluster"
Kibana and Elasticsearch are all deployed on single server and there is no multiple nodes.
There are no snapshots saved as well as it is missing repo path in elasticsearch.yml file.
Is there anyway to recover this and all of the unassigned shards please. Can someone help me with the issue.
This is your issue, you should never change the files used by elastisearch directly in the disk, everything needs to be done using the API.
Changing or delete data directly in the disk will break your cluster and make it unrecoverable, since you deleted those files, unfortunately your data is lost, you cannot recover it if you do not have a snapshot.
You will need to reconfigure your cluster from scratch, as it is a new empty cluster.
For this you need to stop everything, clean the data paths and start again.
Would it cause any issue if I retry creating .security-7 as empty index using the reroute api? "allocate_empty_primary". Wanted to try that before giving up on getting it back
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.