Kibana Data Is Not Current (Endpoint 3.0)

In an environment configured with multiple instances of ElasticSearch, it is possible that Kibana will not show current data. This can be caused by a configuration issue in ElasticSearch  when using the Kafka river plugin.

Effectively, ElasticSearch will try to start the plugin on a server where it does not exist and will not recover from the resulting failure.

To resolve this:

As the interset user, on the reporting server: 

Install Elasticsearch:

sudo apt-get install elasticsearch
Edit /etc/elasticsearch/elasticsearch.yml to change the cluster name: <YOUR CLUSTER NAME>

Configure this node to be a client node (for load balancing)

# You want this node to be neither master nor data node, but
# to act as a "search load balancer" (fetching data from nodes,
# aggregating results, etc.)

node.master: false false
node.river: _none_

# Unicast discovery allows to explicitly control which nodes will be used
# to discover the cluster. It can be used when multicast is not present,
# or to restrict the cluster communication-wise.
# 1. Disable multicast discovery (enabled by default): false

# 2. Configure an initial list of master nodes in the cluster
# to perform discovery when new nodes (master or data) are started:


Also add the following sections to the bottom:

# Disable overriding index in request bodyfor multi-search, multi-get and
# bulk request. See here:
# And here:
rest.action.multi.allow_explicit_index: false

# Disable scripting. See here:
script.groovy.sandbox.enabled: false

# Disable River Allocation
script.groovy.sandbox.enabled: false

Restart the ES service:
service elasticsearch restart

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request