Elasticsearch Cluster health is yellow

1
votes

My elasticsearch cluster "graylog2" health status is showing yellow, but in web-interface it is showing green.

I could see the following lines in Graylog web-interface.

"1 indices with a total of 26 messages under management, current write-active index is graylog2_0.

Elasticsearch cluster is green. Shards: 1 active, 0 initializing, 0 relocating, 0 unassigned" 

http://127.0.0.1:9200/_cluster/health?pretty=true
{
  "cluster_name" : "graylog2",
  "status" : "yellow",
  "timed_out" : false,
  "number_of_nodes" : 2,
  "number_of_data_nodes" : 1,
  "active_primary_shards" : 6,
  "active_shards" : 6,
  "relocating_shards" : 0,
  "initializing_shards" : 0,
  "unassigned_shards" : 5,
  "delayed_unassigned_shards" : 0,
  "number_of_pending_tasks" : 0,
  "number_of_in_flight_fetch" : 0
}

http://127.0.0.1:9200/_cat/indices?v
health status index               pri rep docs.count docs.deleted store.size     pri.store.size 
yellow open   logstash-2016.03.17   5   1         27            0     37.4kb         37.4kb 
green  open   graylog2_0            1   0         26            0     24.7kb         24.7kb

Can anyone please answer some of my questions

  1. why logstash index status is yellow even with a very little data in it?
  2. why the elasticsearch cluster's health is yellow?
  3. How to fix it.
1
elasticsearchgraylog2

1 Answers

5
votes

You have replica set to 1 (see the rep value below) each one of your primary shards will have one replica:

health status index               pri rep
yellow open   logstash-2016.03.17   5   1

To protect against data loss if a server dies, Elasticsearch won't store the replicas on the same server as the primary shards, therefore they are currently unassigned:

"unassigned_shards" : 5,

Either:

  1. add another server to your cluster
  2. set the number of replicas to zero