This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Indexing service could not be started

Hi All

    When I tested sentinel upgrade procedure...I often see a message about indexing service like below:

the testing server only provide log server and provide daily report function.

whether I should ignore it or how could I check to fix it ??

Thanks!!

Wencheng

Tags:

  • 0  

    Check the log files in /var/opt/novell/sentinel/log/ for any errors.

  • 0

    Hi Wencheng,

    Issues such as this should be raised with technical services, so they can diagnose the environment accordingly, and provide a solution.

    When you upgraded your environment, did you consult the release notes what has changed, or the installation guide - upgrade, post upgrade, and troubleshooting sections?
    What you're reporting here is something that has changed from Sentinel 8.4 onward.
    Below is what's explained in Sentinel 8.5 documentation, but the same applies to 8.4 really.

    ES has to be configured, check this:
    www.microfocus.com/.../t4e6i397w7if.html

    •    Enabling Secure Communication between Sentinel Server and Pre-bundled Elasticsearch when there is no External Elasticsearch Cluster Setup


    Anyway based on this error:
    Indexing service is initializing. It might take a few minutes, please wait..
    Could not connect indexing service. Please check indexing service logs
    Indexing service could not be started. Hence not proceeding with the connector between indexer and database.
    Indexing service could not be started.
    Sentinel is running.

    ES might show errors such as this, as root cause:
    [2021-10-29T13:22:02,397][ERROR][o.e.b.Bootstrap ] [aaa-logtest] Exception
    org.elasticsearch.ElasticsearchSecurityException: failed to load SSL configuration [xpack.security.transport.ssl]
    at org.elasticsearch.xpack.core.ssl.SSLService.lambda$loadSSLConfigurations$5(SSLService.java:528) ~[?:?]
     

     
    Caused by: org.elasticsearch.ElasticsearchException: failed to initialize SSL TrustManager - truststore file [/opt/novell/sentinel/3rdparty/elasticsearch/config/certs/node-1.p12] does not exist
    at org.elasticsearch.xpack.core.ssl.TrustConfig.missingTrustConfigFile(TrustConfig.java:113) ~[?:?]
    at org.elasticsearch.xpack.core.ssl.StoreTrustConfig.createTrustManager(StoreTrustConfig.java:68) ~[?:?]
    at org.elasticsearch.xpack.core.ssl.SSLService.createSslContext(SSLService.java:437) ~[?:?]
    at java.util.HashMap.computeIfAbsent(HashMap.java:1127) ~[?:1.8.0_302]
    at org.elasticsearch.xpack.core.ssl.SSLService.lambda$loadSSLConfigurations$5(SSLService.java:526) ~[?:?]


    Some background:
    1.       As we have removed the Elastic Search Security plugin from Sentinel 8.4, hence these steps are needed to make the communication secure between Sentinel to external clusters or even Sentinel to internal cluster.
    2.       These steps need to be performed whenever EV is enabled.
    3.       At the time of upgrade to Sentinel 8.4, on the console after the upgrade a message will be displayed saying that, these steps need to be performed. If these steps are not performed, then the Visualization service will not come up. The Sentinel service comes up and customer will be able to use Sentinel but, not the Event Visualization.
    4.       Alerts will be fetched always from Elastic Search only. There three places in Sentinel where we can search for the alerts. 1. Alert Dashboard (Landing Page), 2. Alert Views (Old UI), 3. Alerts in Event Visualization.

    So cover this first of all:
    www.microfocus.com/.../t4e6i397w7if.html


    Also other sections in the docs that are of interest.


    Unable to View Older Alerts in the Dashboard and Alert Views after Configuring Elasticsearch (that means you have to enable ES):
    www.microfocus.com/.../t4e88wxdor5z.html
     
     
    Also when configuring ES, you might hit this so keep that in mind -> Error While Adding a Password to the Elasticsearch Keystore on Upgrade Setup:
    www.microfocus.com/.../t4e7btwdtx15.html


    If for some reason you cannot get it to work, I advise you to log it with technical services, and they can start troubleshooting it.


    I hope this helps.


    Regards,


    Henk Tjalsma


  • 0 in reply to 

    Hi Henk

        Thanks your information...so this indexing service is elasticSearch service  , right ?

    Because I tested log 4j fix procedure..so I revert to old snapshot ...I forgot whether this snapshot env enable or disable elastic search

    if indexing service is ElasticSearch...I could ignore it now.

    thanks!!

     

    Wencheng

  • 0 in reply to 

    No Wencheng I would not ignore it, as it might impact views you're interested in.

    The steps are not that hard, so yes, I would make sure they are implemented.

    Regards,

    Henk