adm-connector error found in messages log "Error in Elasticsearch"
search cancel

adm-connector error found in messages log "Error in Elasticsearch"


Article ID: 175325


Updated On:


Security Analytics


Message in /var/log/messages file reports the following:

Feb 22 02:57:13 sensor1 /usr/sbin/adm-connector[8788]: Error (HTTP 500) posting to localhost:8080/engine/v1/data/20171018140938-00002, response: {  "message" : "Error in Elasticsearch: = org.elasticsearch.action.NoShardAvailableActionException: [20171018140938-00002][0] null; org.elasticsearch.transport.RemoteTransportException: [Persuasion][inet[/]][indices:data/read/get[s]]; org.elasticsearch.index.shard.IllegalIndexShardStateException: [20171018140938-00002][0] CurrentState[RECOVERING] operations only allowed when started/relocated",  "errorCode" : 20001,  "cause" : "org.elasticsearch.action.NoShardAvailableActionException: [20171018140938-00002][0] null"}, this data : f...


The jobs need to be removed and the service restarted.

First, try restarting the adm-connector, and then watch the Messages log.  

service adm-connector restart

If that doesn't work, delete the job using these commands:

service adm-connector restart
curl -X DELETE 'http://localhost:8080/engine/v1/jobs/20170123182409-00002'  (use the job number from your own log file)
service adm-connector restart