How to fix Elasticsearch unassigned shards in Panorama Log Collector running 11.0

How to fix Elasticsearch unassigned shards in Panorama Log Collector running 11.0

24578
Created On 02/01/23 21:08 PM - Last Modified 05/14/24 09:58 AM


Objective


The goal of the article is to show how to review and fix the Elasticsearch unassigned shards.

Environment


  • Panorama Log Collector
  • PAN-OS 11.0 and above

Procedure


  1. Review the details of the Elasticsearch unassigned shards, by running the following command on the standard CLI:
> debug elasticsearch show unassigned
The command will go through all the primary unassigned shards first and their details and then it goes through all the replica shards to find the unassigned reasons.
 
  1. Repair the unassigned shards using the following command:
> debug elasticsearch repair unassigned
Note: The command works as long ES is functional  (> show log-collector-es-cluster health), make sure to check the health status as either Green|Yellow|Red to view the unassigned shards.
  
> show log-collector-es-cluster health
-------------------------------
"cluster_name" : "__pan_cluster__",
"status" : "green",
"timed_out" : false,
"number_of_nodes" : 1,
"number_of_data_nodes" : 1,

 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000sam4CAA&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail