Problem: Switching from a cluster to a single node ES

Elastic Stack Elasticsearch
1

Hi there,

My ES infrastructure is composed of 2 servers:
An ELK server and another server only with Elasticsearch.

So there were 2 elasticsearch nodes. However for internal needs. The second server with only elasticsearch had to be decommissioned.

To do this, I ran the command:

PUT _cluster/settings
{
"transient": {
"cluster.routing.allocation.exclude._ip": "10.0.0.1"
}
}

To switch data to my first node.

I then shut down the second server.

Since this operation, I have the impression that some data is missing in the new indexes created.

Is there a procedure to remove an elasticsearch node?

Here is the configuration of my elasticsearch.yml:

cluster.name: elastic-7.9.1
node.name: node-1
node.master: true
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
bootstrap.memory_lock: true
network.host: 0.0.0.0
cluster.initial_master_nodes: ["node-1"]

Thank you

2

Why is that?

Also if you are running 7.9 you need to upgrade, it's EOL.

3

Hello Mark,

Thank you for your reply.

I think this because the size of my indexes since the operation has been reduced.

You should know that every day a new index is created. When I compare the indexes, before the stop of the node it is much larger. We go from 15GB to 4GB.

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.