Hi,
Our Elasticsearch cluster gives an Not all primary shards are active warning, and when i check the nodes it seems not to be running on one of the agents. However when i check the services on that machine it seems to be running. Can I safely restart the elasticsearch service on that agent. And secondly what is the risk of not having all the primary shards active?
Hello Gerwin,
I'm assuming you saw this in the Elastic logging. Usually this is not an issue if there's still replica shards online, however, it's better to get this resolved.
So, what we want to figure out, is how to get the "offline" node up and running. Since the service is running, it would be wise to go to http://IP:9200/ and see if you get a json back. If that's the case, the node is definitly online. Secondly, you could do http://IP:9200/_cat/nodes and check what nodes it mentions. if it mentions only one node, it means it started its own cluster and is most likely wrongly configured.
To ensure the nodes are configured correctly, I mainly recommend reading this article: Master nodes.
It's usually safe to just "restart the service" but I always recommend checking the full status first, to see what exactly is going on, this way, a more suitable fix can be used.
As for what the side effects are: Usually in DataMiner systems, for the important data, there's 2 replica shards, which means that there should be no side effect. But as mentioned, it's better to get this sorted.