Hi,
I was restoring few indices and then observed some shard errors saying shard should be either started or in POST Recovery state when trying to load some dashboards/visualizations while few indices are being restored.
question:
say I am restoring an index that created 2 days back.
I have the time filter applied to last 15 min for my visualization using the index pattern (above index does satisfy this index pattern).
I saw shard errors of that index created before 2 days. (in our case, this is not an active ingestion index, it has been rolled over and just a read only index).
question:
My time filter definitely does not include this index that we being restored, but still got the shard issues.
Is this expected, if so, can anyone help me understand how ES Query works for an index pattern specified within a time range.
As the index pattern is usually something like name-*, you can hit every index with that name even if it's creation is already a while back. Then when the index is queried, there are some optimizations to dismiss it as fast as possible so that it is not needed to query. However it still needs to take a look at that index/shard data to do that. This is why you are likely getting that error message.
So,
when ever the query is on a index pattern say name-, it would actually go through all the indices satisfying the index pattern name- say name-1 and name-2, doesnt' matter the time filter.
Also,
can you please help with little more detail on how it checks if that index needs to be queried or not. (name-1)
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.