Hello, How many ES data nodes do you have? Given the following setting: gateway: recover_after_data_nodes: 3
you must have at least 3 living data nodes to have a working ES cluster. I faced this issue last week after my install. Stéphane From: Meenakshi.S [mailto:[email protected]] Sent: Thursday, April 04, 2019 14:44 To: [email protected] Subject: RE: Not seeing feeds in metron -alerts ui Hi Elastic search health is red in kibana and we are getting cluster block exception elasticsearch. Kibana dashboard is not up . These are my config details It is a single node installation Regards, Meenakshi ElasticSearch.yml cluster: name: metron routing: allocation.node_concurrent_recoveries: 4 allocation.disk.watermark.low: .97 allocation.disk.threshold_enabled: true allocation.disk.watermark.high: 0.99 discovery: zen: ping: unicast: hosts: ["10.3.1.67"] node: data: true master: true name: node1 path: data: "/opt/lmm/es_data" http: port: 9200-9300 cors.enabled: "false" transport: tcp: port: 9300-9400 gateway: recover_after_data_nodes: 3 recover_after_time: 15m expected_data_nodes: 0 # https://www.elastic.co/guide/en/elasticsearch/guide/current/indexing-performance.html indices: store.throttle.type: none memory: index_buffer_size: 10% fielddata: cache.size: 25% bootstrap: memory_lock: true system_call_filter: false thread_pool: bulk: queue_size: 3000 index: queue_size: 1000 discovery.zen.ping_timeout: 5s discovery.zen.fd.ping_interval: 15s discovery.zen.fd.ping_timeout: 60s discovery.zen.fd.ping_retries: 5 discovery.zen.minimum_master_nodes: 1 network.host: [ _local_, _site_ ] network.publish_host: [] Error {"error":{"root_cause":[{"type":"cluster_block_exception","reason":"blocked by: [SERVICE_UNAVAILABLE/1/state not recovered / initialized];"}],"type":"cluster_block_exception","reason":"blocked by: [SERVICE_UNAVAILABLE/1/state not recovered / initialized];"},"status":503} From: Michael Miklavcic [mailto:[email protected]] Sent: 03 April 2019 20:15 To: [email protected]; [email protected] Subject: Re: Not seeing feeds in metron -alerts ui I think I need a bit more context. Are you saying it makes it to indexing and then never makes it to ES or Solr? Are you running fulldev or another type of manual installation? Which index tool are you using, es or solr? On Wed, Apr 3, 2019, 5:26 AM Meenakshi.S <[email protected]<mailto:[email protected]>> wrote: Hi Team, I am able to insert snort related feeds to metron . I am able to see the feed till the indexing kakfka topic . After that I am not able to trace it . Any help is highly appreciated Regards, Meenakshi _________________________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you.
