Error: index_not_found_exception

26
votes

I use ELK stack to analyze my log file. I have tested last week and everything works well.

Today, I tested but I get this error when I typed "http://localhost:9200/iot_log/_count" (iot_log is my index pattern):

{"error":{"root_cause":[{"type":"index_not_found_exception","reason":"no such index","resource.type":"index_or_alias","resource.id":"iot_log","index_uuid":"na","index":"iot_log"}],"type":"index_not_found_exception","reason":"no such index","resource.type":"index_or_alias","resource.id":"iot_log","index_uuid":"na","index":"iot_log"},"status":404}

I really searched the forums but I have not found a solution, I want to know what is the cause of this problem please and how can I correct it?

4
elasticsearchlogstashkibana
Can you show the output you get from curl -XGET localhost:9200/_cat/indices/ ?Val
Thank you for your return. When I tried your command line I get this: yellow open .kibana aC1e9PoVQBGNGjW0CbmdsA 1 1 6 0 34.7kb 34.7kbFariha
Then it means you have a single index called .kibana and nothing else, so something or someone has deleted all other indices, or you're not hitting the correct ES cluster.Val
I tried to change the filter (add a variable) and then I got this error. Then, I tried to remove logstash-5.1.1 and re install it again but I still have the same error, so have you an idea please how can I correct it? What should I do?Fariha
Not sure what to say, except that your ES cluster is completely empty according to the info you provided...Val

4 Answers

22
votes

Make sure index iot_log exist and create it if not:

curl -X PUT "localhost:9200/iot_log" -H 'Content-Type: application/json' -d'{ "settings" : { "index" : { } }}'

9
votes

You need to set your action.auto_create_index parameter in elasticsearch.yml file.

Example:

action.auto_create_index: -l*,+z*

With this kind of configuration, indexes starting with "z" will be created automatically while indexes starting with "l" will not.

1
votes

The best way to resolve it by using setting as follow

Allow Auto Create YourIndexName and index10 and not allowing any index name matching index1* and any other index matching ind*. The patterns are matched in the order they are given.

curl -X PUT "localhost:9200/_cluster/settings?pretty" -H 'Content-Type: application/json' -d'{
    "persistent": {
        "action.auto_create_index": "YourIndexName,index10,-index1*,+ind*" 
    }
}'

Stop any Auto Indexing

curl -X PUT "localhost:9200/_cluster/settings?pretty" -H 'Content-Type: application/json' -d'{
    "persistent": {
        "action.auto_create_index": "false" 
    }
}'

Allow any Index create automatically

curl -X PUT "localhost:9200/_cluster/settings?pretty" -H 'Content-Type: application/json' -d'{
    "persistent": {
        "action.auto_create_index": "true" 
    }
}'
```
0
votes

In my case, My all data is DELETED in elastic search automatically, After importing data again in elastic search my application working good.