Peter Manev
Peter Manev
``` /var/log/scirius-error.log /var/log/scirius.log /var/log/scirius/elasticsearch.log ```
Thanks for trying out SELKS. Did you do the first time setup after the install - https://github.com/StamusNetworks/SELKS/wiki/First-time-setup ?
ok , thank you for the update. I think this switch is not handled correctly. there is a fix here - https://github.com/StamusNetworks/selks-scripts/pull/9/commits/8e5d29afa0d0d6494cbc86a7ca8ff16af924f028 that I will cook a pkg for.
What exactly is the issue - Arkime is not working or something else too?
It seems Es did not start. What is the output of the last 50 lines in `/var/log/elasticsearch/elasticsearch.log` ?
Did you do the first time install and it finished properly/successfully ? ( https://github.com/StamusNetworks/SELKS/wiki/First-time-setup#first-time-setup )
When you reboot - does the problem persist, could be just service start delay.
For the VM not rebooting in a long time you might be hitting this maybe - https://github.com/StamusNetworks/SELKS/wiki/A-stop-job-running-for-logstash-takes-too-long-on-shutdown Data in Arkime takes time to populate due to rotations and needs constant...
The `FPC_Retain` is automatically taken care of in the setup script, no need to do anything. Yellow shards in general do not mean ES is not functioning , not sure...
Can you please describe what is the background of this error or what are you trying to do ?