RE: Not seeing feeds in metron -alerts ui

Meenakshi.S Thu, 04 Apr 2019 05:44:41 -0700

Hi


Elastic search health is red in kibana and we are getting cluster block 
exception elasticsearch. 

 

Kibana dashboard is not up . 

 

These are my config details It is a single node installation 

 

Regards,

Meenakshi

 

ElasticSearch.yml

 

cluster:

  name:   metron

  routing:

    allocation.node_concurrent_recoveries: 4

    allocation.disk.watermark.low: .97

    allocation.disk.threshold_enabled: true

    allocation.disk.watermark.high: 0.99

 

discovery:

  zen:

    ping:

      unicast:

        hosts: ["10.3.1.67"]

 

node:

  data: true

  master: true

  name: node1

path:

  data: "/opt/lmm/es_data"

 

http:

  port: 9200-9300

  cors.enabled: "false"

 

 

transport:

  tcp:

    port: 9300-9400

 

gateway:

  recover_after_data_nodes: 3

  recover_after_time: 15m

  expected_data_nodes: 0

 

# 
https://www.elastic.co/guide/en/elasticsearch/guide/current/indexing-performance.html

indices:

  store.throttle.type: none

  memory:

   index_buffer_size: 10%

  fielddata:

   cache.size: 25%

 

bootstrap:

  memory_lock: true

  system_call_filter: false

 

thread_pool:

  bulk:

    queue_size: 3000

  index:

    queue_size: 1000

 

discovery.zen.ping_timeout: 5s

discovery.zen.fd.ping_interval: 15s

discovery.zen.fd.ping_timeout: 60s

discovery.zen.fd.ping_retries: 5

discovery.zen.minimum_master_nodes: 1

 

network.host: [ _local_, _site_ ]

network.publish_host: []

 

 

Error

 

{"error":{"root_cause":[{"type":"cluster_block_exception","reason":"blocked by: 
[SERVICE_UNAVAILABLE/1/state not recovered / 
initialized];"}],"type":"cluster_block_exception","reason":"blocked by: 
[SERVICE_UNAVAILABLE/1/state not recovered / initialized];"},"status":503}

 

 

 

From: Michael Miklavcic [mailto:[email protected]] 
Sent: 03 April 2019 20:15
To: [email protected]; [email protected]
Subject: Re: Not seeing feeds in metron -alerts ui

 

I think I need a bit more context. Are you saying it makes it to indexing and 
then never makes it to ES or Solr? Are you running fulldev or another type of 
manual installation? Which index tool are you using, es or solr?

 

On Wed, Apr 3, 2019, 5:26 AM Meenakshi.S <[email protected] 
<mailto:[email protected]> > wrote:

Hi Team,

 

I am able to insert snort related feeds to metron . 

 

I am able to see the feed till the indexing kakfka topic . After that I am not 
able to trace it . Any help is highly appreciated 

 

 

Regards,

Meenakshi

RE: Not seeing feeds in metron -alerts ui

Reply via email to