I’ve got this issue since a while now.
My Elasticsearch cluster is always yellow or red. I always got unassigned shards.
When I identify them with the statement:
curl -XGET 10.26.2.243:9200/_cat/shards?h=index,shard,prirep,state,unassigned.reason| grep UNASSIGNED
I can of course delete them manually and it gets back to green:
curl -XDELETE ‘10.26.2.243:9200/graylog_XXX/’
But if than a new Index will be creatad the Elasticsearch cluster gets back to yellow and has 4 shards unassigned. Always a new Index gets rotated 4 new unassigned shards will appear…
I got the follwoing rotation in place:
Index rotation strategy:Index Size
Max index size:1073741824 bytes (1.0GB)
Index retention strategy:DeleteMax
number of indices:200
200 indices with a total of 820,506,688 messages under management, current write-active index is graylog_404.
Elasticsearch cluster is yellow. Shards: 800 active, 0 initializing, 0 relocating, 44 unassigned
Does anyone has an idea how to fix this issue?
Thanks in advance