Hi,
I am unable to login into Kibana when my elasticsearch cluster is getting full.
The log will contain:
org.elasticsearch.xpack.monitoring.exporter.ExportException: CLusterBlockException: blocked by: [TOO_MANY_REQUESTS/12/disk usage exceeded flood-stage watermark, index has read-only-allow-delete-block]
Altough my elasticsearch volume still has 2.9GB of 35GB available.
Any idea what I should do?
Hi
When Elasticsearch is running out of disk space, there's a configurable limit when indices are set to read only( cluster.routing.allocation.disk.watermark.flood_stage) . This is the reason why you can no longer login into Kibana. You would need to reconfigure those flood stages, here is an explanation:
Best,
Matthias
Hi @matw, but since login is readonly, I don't understand with login would disabled?
The cluster is practically unuseable web-wise if the storage gets full, which turns into a Denial-of-Service vulnerability if you're running something important such as a SIEM.
Thanks!
Kibana stores data in .kibana prefixed indices, and before 7.10 login was not always read-only, and in 7.10+ it's never read-only (we create session).
Generally could try to reset readonly setting by
PUT /indexname/_settings
{
"index.blocks.read_only_allow_delete": null
}
What error message is displayed when you try to login in the flooded state?
Thx & Best;
Matthias
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.