Indices is showing red in Kibana

vijay90 · March 5, 2020, 1:42pm

Hi All,

I am new to Elastic Stack and I have two queries,

Indices status in Kibana - we are indexing all the data from servers to ElasticSearch using Fluentd agent. When we did a POC setup, we were able to search data in Kibana and indices status was green but when the same configurations are used in Prod env, we are unable to search data in Kibana and indices status is showing red. Where and what we need to check to fix this?
Even though time format is defined in the td-agent.conf file, timestamp filter is not reflected in the index pattern on the Kibana. What additional configuration we need to make to fix it? Meta_field was edited in the advanced settings to add the timestamp filter but search didn't work, so reverted this change.

Marius_Dragomir · March 12, 2020, 12:34pm

For the first question you need to check the Elasticsearch logs. Index status is taken from ES and if they are red, there is something wrong in Elasticsearch. As for the config, that seems like a Fluentd question.

ropc · March 13, 2020, 6:34am

To add-on to @Marius_Dragomir comments, you can use the cluster allocation explain API to find-out why the indices are red. You could check this blog article for further details.

system · April 10, 2020, 6:34am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.