When I opened up Kibana and noticed "No results found" I started looking into why there was no data for me to work with.
I noticed that my Elasticsearch status is red, but why?
brayn@logging:~$ curl -XGET http://localhost:9200/_cluster/health?pretty
{
"cluster_name" : "elasticsearch",
"status" : "red",
"timed_out" : false,
"number_of_nodes" : 1,
"number_of_data_nodes" : 1,
"active_primary_shards" : 1,
"active_shards" : 1,
"relocating_shards" : 0,
"initializing_shards" : 4,
"unassigned_shards" : 377,
"delayed_unassigned_shards" : 0,
"number_of_pending_tasks" : 0,
"number_of_in_flight_fetch" : 0,
"task_max_waiting_in_queue_millis" : 0,
"active_shards_percent_as_number" : 0.2617801047120419
}
After enabling shard reallocation it managed to reduce the amount of unassigned and initializing shards to:
initializing_shards" : 0,
unassigned_shards" : 201,
I also deleted some very old data to possibly clear up some space, but it still gives me a red status. Am I missing something?