How to resolve elasticsearch status red

asan · March 15, 2021, 12:55pm

hi
I've got problem with elasticasearch which get in red status as you can see in bellow :

curl -XGET localhost:9200/_cluster/allocation/explain
{"index":".async-search","shard":0,"primary":true,"current_state":"unassigned","unassigned_info":{"reason":"MANUAL_ALLOCATION","at":"2021-03-14T09:50:33.618Z","details":"failed shard on node [ilFsR3BDQM2NRN_3qqHMsA]: master {SELKS}{ilFsR3BDQM2NRN_3qqHMsA}{LiyfydQ6S0S0tpZwj6qtWg}{127.0.0.1}{127.0.0.1:9300}{dilmrt}{ml.machine_memory=8365240320, xpack.installed=true, transform.node=true, ml.max_open_jobs=20} has not removed previously failed shard. resending shard failure","last_allocation_status":"no_valid_shard_copy"},"can_allocate":"no_valid_shard_copy","allocate_explanation":"cannot allocate because a previous copy of the primary shard existed but can no longer be found on the nodes in the cluster","node_allocation_decisions":[{"node_id":"ilFsR3BDQM2NRN_3qqHMsA","node_name":"SELKS","transport_address":"127.0.0.1:9300","node_attributes":{"ml.machine_memory":"8365240320","xpack.installed":"true","transform.node":"true","ml.max_open_jobs":"20"},"node_decision":"no","store":{"found":false}}]}

would you please help me what should i do to fix this problem ?

dadoonet · March 15, 2021, 1:23pm

A primary shard is missing.

I suppose that something happened in your cluster. Can you tell? What else is there in logs?

Please format your code, logs or configuration files using </> icon as explained in this guide and not the citation button. It will make your post more readable.

Or use markdown style like:

```
CODE
```

This is the icon to use if you are not using markdown format:

There's a live preview panel for exactly this reasons.

Lots of people read these forums, and many of them will simply skip over a post that is difficult to read, because it's just too large an investment of their time to try and follow a wall of badly formatted text.
If your goal is to get an answer to your questions, it's in your interest to make it as easy to read and understand as possible.

asan · March 17, 2021, 6:09am

Hi Dear David
thank for your attention and i solved my issue. But i have a question and up to now i couldn't find any solution for it. I've Configured three of my network devices to write their logs in separated file in /var/log and also i configured my Logstash to read these file as input and it's working well and i could create index for them and i configured my cisco device to send its log in netflow format and i've installed netflow plugin for it and it started to work well but i figure out that my other index that was reading their input from /var/log stop working but as soon as is comment modules part in logsatsh.yml :
#modules:

- name: netflow

var.input.udp.port: 2055

my other index start working again but my netflow index stop working and i don't know how to configure logstash to use path file and port as input at the same time. would you please help me in this case.
thanks in advance

dadoonet · March 17, 2021, 11:01am

Hey

You should share here maybe how you solved your issue as it can help future readers.

As you have another type of question, I'd recommend opening a new discussion. Probably in #elastic-stack:logstash.

Also again, please format your code as I mentioned previously.

Thanks

system · April 14, 2021, 11:01am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.