Cluster Status Yellow
1,599 views
Skip to first unread message
John Carry
Dec 18, 2022, 12:03:44 AM12/18/22
to Wazuh mailing list
Hello All,
I am facing few performance issues so after running the Get _cluster/health I am observing cluster status of shards to YELLOW.
Please help me out to resolve the issue and getting it back to good and GREEN state.
Regards
John
Damian Nicastro
Dec 19, 2022, 3:35:21 AM12/19/22
to Wazuh mailing list
Hello John:
I hope you are fine.
The yellow state in your Wazuh-indexer is because you have Unassigned shards on it. The first thing you need to know is why you have them. For that, you have to run the following query:
# GET /_cluster/allocation/explain
Probably, you have a message like this:
"explanation" : "a copy of this shard is already allocated to this node...
This means that your Elasticsearch is trying to allocate a shard for an Index that already have one. This happens when you have set a replica for your Index and you only have one node.
If this the case, you need to set your replicas to "zero" for all your index patterns you might have. For "wazuh" indices for example:
PUT wazuh-*/_settings
{
"index.number_of_replicas" : 0,
"index.auto_expand_replicas": false
}
If this not the case, please share the result of the first query to check.
I hope this helps.
Thanks
John Carry
Dec 20, 2022, 12:01:47 PM12/20/22
to Wazuh mailing list
Hello damian,
Thanks for the response, please find the requested output, further prior executing your PUT command I need to confirm will there be any performance issue if executed with PUT segment?
Regards,
John Carry
Damian Nicastro
Dec 21, 2022, 12:30:38 AM12/21/22
to Wazuh mailing list
Hello John:
I hope you are fine.
I can see from the image, that your shards assignation issue is also with your ".opendistro..." indices. You have to do the same for this index pattern too:
PUT .opendistro-*/_settings
GET /_cluster/allocation/explain
{
"index.number_of_replicas" : 0,
"index.auto_expand_replicas": false
}
There is no performance issue because is just a change in the index pattern settings. Once is done for these two index patterns, check the cluster health and:GET /_cluster/allocation/explain
And repeat the procedure if necessary for other index patterns.
I hope this helps.
Thanks
alankrit shrivastava
Feb 6, 2025, 6:28:29 AM2/6/25
to Wazuh | Mailing List
I am also getting this same issue , and when I ran the Put command getting below error
{
"error": {
"root_cause": [
{
"type": "security_exception",
"reason": "no permissions for [] and User [name=admin, backend_roles=[admin], requestedTenant=null]"
}
],
"type": "security_exception",
"reason": "no permissions for [] and User [name=admin, backend_roles=[admin], requestedTenant=null]"
},
"status": 403
}
"error": {
"root_cause": [
{
"type": "security_exception",
"reason": "no permissions for [] and User [name=admin, backend_roles=[admin], requestedTenant=null]"
}
],
"type": "security_exception",
"reason": "no permissions for [] and User [name=admin, backend_roles=[admin], requestedTenant=null]"
},
"status": 403
}
Reply all
Reply to author
Forward
0 new messages