What are node counts in the console, and what does its color signify?


DNIF uses a distributed indexing architecture. Since it is based on Apache Lucene your data can be stored across multiple compute nodes or servers or virtual instances. This is where data that is being ingested by DNIF is getting distributed across multiple such nodes who are tied into a cluster.

The cluster also works together in resolving/responding to queries from the search console or the correlator. The console shows how many nodes are a part of the cluster you are about to query. The colour of the label also shows the health of the cluster, green is good, yellow is services are on, but there are issues and red is more like bad news.