We have a single node elasticsearch installation for ELK and today we noticed that all of our Kibana Dashboards are gone and only data from the last few days is being displayed.
Looking in the Elasticsearch data directories I found two sub-directories under nodes, elasticsearch/nodes/0 and elasticsearch/nodes/1. On our test environments they have the same indices, but on the production environment 0 has the dashboards and all of the data up to the 28th of Aug and 1 has only data since the 28th of Aug, which is what Kibana must be using.
Any idea how this might have happened and if there's anything I can do to fix it?
Thanks, figured out the issue, looks like there was a zombie elasitcsearch running, making the live elasticsearch be counted as a second node. Killed stuff off I have dashboards back, now just the last 3 days of data is missing because its under the node/1 folder. Was thinking of copying the data to node/0, any tips on how to do that safely?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.