Peter Manev
Peter Manev
Do you use Moloch ? Can you paste the full output of `selks-health-check_stamus`?
Just to double check - Did the first time setup finished without a problem? (https://github.com/StamusNetworks/SELKS/wiki/First-time-setup) Also noticed you could upgrade (post QA test :) ) (https://github.com/StamusNetworks/SELKS/wiki/SELKS-upgrades)
It could also be related to disk filing up ?
If it does this once every 2 days or so - it can help to do a health check when it actually happens - could be easier to troubleshoot. Did...
From the report it seems you have `3.5.0-3` running , the current stable is `3.7.0-6` , hence my note about upgrading.
Just noticed too that you are running the latest Moloch (`3.0`) so might be some errs in the logs, might be related to that upgrade path.
What is the output of: `cat /etc/apt/sources.list.d/selks5.list`
Can you try `apt-get upgrade` only ?
What size of data/volume do you have? Is it still one node cluster?
I that case I think ES hits the watermark i suspect - full disk ? (`/avr/log/elasticsearch/elasticsearch.log`) https://stackoverflow.com/questions/50609417/elasticsearch-error-cluster-block-exception-forbidden-12-index-read-only-all If that is the case it means you generate more data fast and...