Elastic Search Service fails to come up after an upgrade of the Log-Collector

Elastic Search Service fails to come up after an upgrade of the Log-Collector

2375
Created On 05/02/25 20:39 PM - Last Modified 06/06/25 03:13 AM


Symptom


  • Panorama configured as Log collector Upgraded to a new version.
  • After Upgrade, the ElasticSearch Service (ES) fails to come up.
  • This can be monitored using the following commands.
    • show log-collector-es-cluster health  >> The status: column displays RED.
    • show system software status | match elasticsearch >> The process id keeps changing indicating the ES is failing to start.

Environment


  • Panorama
  • Log-Collector
  • PAN-OS Upgrade

Cause


A Collector Group push from the Panorama to the upgraded Log-Collector is required for the ElasticSearch process to run.

Resolution


Make a dummy change in the specific Collector Group configuration in Panorama and initiate a Collector Group push.

Additional Information


A Collector Group push kicks off a script on the Log-Collector to set the sdb variable required by masterd to detect that ElasticSearch needs to be run. 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA1Ki000000TN8zKAG&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail