Don
Mate

File Access Manager Elastic Search shows offline although running.

After installing or upgrading FAM, you might notice that Elastic Search keep on going offline in the Health Centre on the Client as well as on the Web Interface, even though the service is in fact running without fail.

For the below you will need Notepad++ or similar running in Administrative mode to be able to edit and save the file on Server 2016 or later.

To resolve the matter. Log onto the server hosting Elastic Search.

  1. Browse to the Elastic Search Configuration directory on the server (Example: C:\Program Files\SailPoint\elasticsearch-5.1.1\config
  2. Make a backup of the file  "elasticsearch.yml"
  3. Open the original file, and go to line 57 "network.host: _local_,_site_"
  4. Replace "_local_,_site_ with the IPv4 address of your Elastic Search Server. 
  5. The file should look like this after editing:
    1. # Set the bind address to a specific IP (IPv4 or IPv6):
      #
      network.host: 10.180.0.50 <<< Replace with your Elastic Server IP
      #_local_,_site_
  6. Save the file in place
  7. Restart the Elastic Search Services on the server.

It should take 60-120 seconds to turn green on the health consoles, but should now remain green.

 

 

0 Kudos
Reply
3 Replies
barbara_hodgkin
SailPoint Employee
SailPoint Employee

Hi @Don,

   What error were you encountering in the elastic logs files which was addressed with this change?  It may be beneficial to provide more context and we may also be able to help explain why this change helped and how you may be able to revert back (if desired) to OOTB settings.

As a general note, we always recommend working with SailPoint Support for official guidance when encountering issues.

Thank you,

Barbie

0 Kudos
Reply
Don
Mate

Hi Barbara.

There was no error in the logs, as the service was never really "unavailable". This is a purely cosmetic issue. Which makes it look like the service is down when in fact it's not, which in turn might send some people on a wild goose chase.

 

Regards.

Don.

0 Kudos
Reply
barbara_hodgkin
SailPoint Employee
SailPoint Employee

Hi @Don,

  The Scheduled Task Handler is the service currently in charge of updating the status of Elasticsearch and RabbitMQ, which means if you are seeing red in the Health Center for Elasticsearch, the Schedule Task Handler is unable to reach it within the latest interval.  This should lead to an error being written in the Schedule Task Handler logs.  It may be worth looking there (in older log files when this issue was occurring). 

 

Thank you,

Barbie

0 Kudos
Reply