Self-induced error -deleted indeces

Orpheus · December 15, 2021, 5:15pm

Hi all,

rookie here again. Looking for some advice on this situation:

I just installed ELK with Filebeats about 3 weeks ago. Had a few modules running ok.

however, in three weeks I filled up the entire 700GB drive with logs, and everything stopped working.

My actions: manually deleted the indeces under the path.data source (not important log data to maintain, so I thought I would be ok here in order to free up the space)

updated the system as well as the software.

created an index lifecycle policy, so the data deletes after certain amount of time (14 days)

all patterns, config files are the same as before.

I was able to get the stack back up and running, (couldn't even access the API before) but none of the previous modules seem to be working. it appears that no new data is coming into kibana, and throws errors while trying to access indeces (likely because I deleted them)

any hints as to what I did/what I need to do to fix the modules?

Thanks

warkolm · December 20, 2021, 1:11am

First up, never do this again. It's going to cause all sorts of problems for Elasticsearch and everything that depends on it.
Always use the APIs to manage this - Delete index API | Elasticsearch Guide [8.11] | Elastic

As for fixing things, we'd need to see the errors you see. But restarting Elasticsearch and then all the other parts of the stack might help.

Orpheus · December 20, 2021, 2:19pm

Hi Mark, thank you for the heads up. I wasn't able to access the API, so I didn't see any other recourse. Hence the result was to create a new machine and do a fresh install altogether. Which you appear to be helping me with on a different thread. Thanks again.

system · January 17, 2022, 2:20pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.