And the solution is that the instructions are incorrect: Do not run the ElasticSearch Master and Data Node on the same machine.
I installed the Master on the Metron node and installed the Data Node on a different node. With only one Data Node, I've also set gateway_recovery_after_data_nodes to 1 and index_number_of_replicas to 1. Regards, Tobin ________________________________________ Roke Manor Research Limited, Romsey, Hampshire, SO51 0ZN, United Kingdom.Part of the Chemring Group. Registered in England & Wales. Registered No: 00267550 http://www.roke.co.uk _______________________________________ The information contained in this e-mail and any attachments is proprietary to Roke Manor Research Limited and must not be passed to any third party without permission. This communication is for information only and shall not create or change any contractual relationship. ________________________________________ -----Original Message----- From: Landricombe, Tobin Sent: 22 January 2019 12:39 To: '[email protected]' <[email protected]> Subject: ElasticSearch issue on Metron 0.7.0 Hi, I've installed Metron 0.7.0 on CentOS7 using Ambari. I've got 8 nodes of which master is the Ambari master and slave5 is the Metron node. Metron node has all the Metron services on it plus one ElasticSearch Master and one ElasticSearch Data Node as per https://community.hortonworks.com/articles/60805/deploying-a-fresh-metron-cluster-using-ambari-serv.html Ambari is showing no issues, but when I open Kibana, it shows "Elasticsearch plugin is red". Checking ES gives me: # curl -X GET "slave5:9200/_cat/indices" {"error":{"root_cause":[{"type":"master_not_discovered_exception... Checking the logs gives me: # tail /var/log/elasticsearch/metron.log ...not enough master nodes discovered during pinging (found [[]], but needed [-1])... # tail /var/log/kibana/kibana.log ...No living connections... ...Unable to revive connection: http://slave5:9200/... ...Service Unavailable... Any ideas how to resolve these errors? If you can't answer that, please consider the following: Where else should I look for errors? Is one ElasticSearch Master and one ElasticSearch Data Node correct? What is the difference between Master and Data Node - this doesn't seem to make much sense from an ElasticSearch pov? Thanks, Tobin
