Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Arkime: "Oh no, Arkime is empty! There is no data to search." #2

Open
agrieco opened this issue Dec 24, 2024 · 0 comments
Open

Arkime: "Oh no, Arkime is empty! There is no data to search." #2

agrieco opened this issue Dec 24, 2024 · 0 comments

Comments

@agrieco
Copy link

agrieco commented Dec 24, 2024

Fresh install via the instructions here:
https://docs.clearndr.io/docs/start/getting-started

Lots of stuff seems to be working but Arkime gives me the message: "Oh no, Arkime is empty! There is no data to search."

It also seems to note that in ES a shard is unassigned. Not sure if that is realted or not:

docker logs config-arkime-rAtqri
Using ES_HOST: elasticsearch and ES_PORT: 9200
Giving ES time to start...
{"cluster_name":"docker-cluster","status":"red","timed_out":false,"number_of_nodes":1,"number_of_data_nodes":1,"discovered_master":true,"active_primary_shards":16,"active_shards":16,"relocating_shards":0,"initializing_shards":4,"unassigned_shards":21,"delayed_unassigned_shards":0,"number_of_pending_tasks":0,"number_of_in_flight_fetch":0,"task_max_waiting_in_queue_millis":0,"active_shards_percent_as_number":39.02439024390244}
ES started...
Initializing ES database...
WARNING OpenSearch/Elasticsearch health is 'red' instead of 'green', things may be broken

It is STRONGLY recommended that you stop ALL Arkime captures and viewers before proceeding.  Use 'db.pl http://elasticsearch:9200 backup' to backup db first.

There is 1 OpenSearch/Elasticsearch data node, if you expect more please fix first before proceeding.

It appears this OpenSearch/Elasticsearch cluster already has Arkime installed (version 81), this will delete ALL data in OpenSearch/Elasticsearch! (It does not delete the pcap files on disk.)

Type "INIT" to continue - do you want to erase everything??
Erasing
Creating
Finished
Added
Added
WARNING OpenSearch/Elasticsearch health is 'yellow' instead of 'green', things may be broken

It is STRONGLY recommended that you stop ALL Arkime captures and viewers before proceeding.  Use 'db.pl http://elasticsearch:9200 backup' to backup db first.

There is 1 OpenSearch/Elasticsearch data node, if you expect more please fix first before proceeding.

Trying to upgrade from version 81 to version 81.

Type "UPGRADE" to continue - do you want to upgrade??
Starting Upgrade
Finished
Starting Arkime capture in the background...
Look at log files for errors
  /data/logs/viewer.log
  /data/logs/capture.log
Visit http://127.0.0.1:8005 with your favorite browser.
  user: selks-user
  password: selks-user
Launch viewer...

App Info
User Name
 
User ID
anonymous 
ES Version
1.3.19 
DB Version
81 
Cluster
docker-cluster 
Status
yellow 
Nodes
1 
Shards
40 
Relocating Shards
0 
Unassigned Shards
1 
Initializing Shards
0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@agrieco