Hello! The elastic can not create an index graylog_58. How can I understand why the status of elastic is red? I have everything in 1 place and graylog and elastic. Where can I see the logs and find out the reason?
Could this be due to the fact that the disk is 92% busy?
cluster.routing.allocation.disk.watermark.high
Controls the high watermark. It defaults to90%, meaning that Elasticsearch will attempt to relocate shards away from a node whose disk usage is above 90%. It can also be set to an absolute byte value (similarly to the low watermark) to relocate shards away from a node if it has less than the specified amount of free space. This setting affects the allocation of all shards, whether previously allocated or not.
It doesn’t mention it can’t allocate more shards, but I think it would be logical.
You can check the elastic log also.
http://docs.graylog.org/en/2.5/pages/configuration/file_location.html
What is wrong in my settings? Do I need more shards? I will edit the elasticsearch.yml file now.
And I understand correctly that with my settings, after 35 days will the logs be deleted that are older than 35 days?
And if I understood correctly, then this command will give you the opportunity to find the indexes until 5 GB of free space remains on the disk?
curl -X PUT "localhost:9200/_cluster/settings" -H 'Content-Type: application/json' -d' { "transient": { "cluster.routing.allocation.disk.watermark.high": "5gb"} } 'Do whatever you want.
First I suggest to thinking.
What will the result if you
Do a fast research for this questions:
After you find the answers to your questions, please let us know.
yes.
okay, he opened 58 index, and start write, but status is red :c
red open graylog_58 nNUHlBKLRai61sPR0NouXg 8 0 39314 0 35.1mb 35.1mbokay i writed service elasticsearch restart and status red was down.
check your first picture.
the status of graylog_58 index was the same, so no changes.
red means not all primary shards are available.
maybe one of your clients sends log with epoch 0 time.
i know. And when i go to /var/log/ealsticsearch/graylog.log and dont find any logs
what epoch is this?
I would like to share my best friend’s resource with you.
Elasticsearch has changed the default behaviour to close indices on low-watermark. What means you can’t ingest any new messages. Your 92% usage of available space would mean you have hit the low-watermark limit.
In graylog you should go to System > indices > default index set and hit Maintenancen > Recalculate index range once you have added more space or deleted messages to fix the knowledge of Graylog about the available data.
aahahh, okay, i understanded.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
49 years 