Index_closed_exception on open index

maigel · April 15, 2021, 3:38pm

Hi,

We currently have a cluster with a lot of network security (Zeek) logs. I have a script written with elasticsearch-py which periodically searches all data for known IOCs (bad IPs, bad domains, etc.)

Every once in a while, the script crashes because Elasticsearch is returning an index_closed_exception. If I check alter with the "cat indices" API, the index shows as open.

We have an ILM in place which freezes indices older than 14 days, but it never closes them.

Could this be related to the ILM? Does it temporarily close an index when rotating or something?

warkolm · April 19, 2021, 11:28pm

It does not.

What is the actual response you get from Elasticsearch? Is there anything in the Elasticsearch logs that aligns with the timing of the issue?

system · May 17, 2021, 11:29pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Request _cat/shards display index_closed_exception Elasticsearch	9	1069	January 24, 2019
INDEX CLOSED EXCEPTION Elasticsearch	1	304	December 7, 2022
INDEX IN CLOSED STATE NOT ABLE TO OPEN Elasticsearch	11	512	December 7, 2022
Closed index error Elasticsearch	3	937	August 30, 2018
Open closed index encountered problems Elasticsearch	2	203	May 8, 2022

Index_closed_exception on open index

Related topics