Busqueda con error en Discoverc

volivares · October 18, 2023, 4:42pm

Hola

Estoy queriendo realizar una búsqueda de una frase dentro de un conjunto de palabras en el "message" y me devuelve el siguiente error:

Response:

{
  "took": 1963,
  "timed_out": false,
  "_shards": {
    "total": 26,
    "successful": 25,
    "skipped": 25,
    "failed": 1,
    "failures": [
      {
        "shard": 0,
        "index": ".ds-log-openshift-8.0.0-2023.10.18-001746",
        "node": "HDA8BQG7SM61JputeQBHTw",
        "reason": {
          "type": "index_out_of_bounds_exception",
          "reason": "index_out_of_bounds_exception: Index 15565 out of bounds for length 15442"
        }
      }
    ]
  },
  "hits": {
    "max_score": null,
    "hits": []
  }
}

Priscilla_Parodi · October 18, 2023, 5:11pm

Hello @volivares, welcome to the community!

If you remove the message field from the query, does it work? Is this field in all of your documents?

Could you please share the query (text, not an image) and provide a sample document?

volivares · October 18, 2023, 7:37pm

hi

Share us the query KQL:


kubernetes.container_name:"unificacion" AND kubernetes.namespace_name:"unificacion-prod" and message:  "request starting"

example :

{
  "_index": ".ds-log-openshift-8.0.0-2023.10.18-001747",
  "_id": "2h1FRIsBI0D8kBIGZbvG",
  "_version": 1,
  "_score": 0,
  "_source": {
    "@timestamp": "2023-10-18T19:31:05.318Z",
    "input": {
      "type": "syslog"
    },
    "openshift": {
      "sequence": 66666160,
      "cluster_id": "97261e16-3ece-42ee-8206-9b12063ef32b"
    },
    "log": {
      "source": {
        "address": "10.250.8.72:49350"
      }
    },
    "message": "[16:31:05 INF] Request starting HTTP/1.1 GET http://x/api/V1/unificacion/resultsGoogleRouteApi?q=GAONA%20%202916&f=UriSearch application/json ",
    "ecs": {
      "version": "8.0.0"
    },
    "event": {
      "severity": 7
    },
    "hostname": "x",
    "host": {
      "name": "filebeat-3-4p4mf"
    },
    "process": {
      "name": "ocpprod",
      "entity_id": "-"
    },
    "agent": {
      "ephemeral_id": "87bdf49d-e1d1-44d4-a709-b21a0910c633",
      "id": "041f669d-325c-4ede-9e46-fd2308a6cbea",
      "name": "filebeat-3-4p4mf",
      "type": "filebeat",
      "version": "8.0.0"
    },
    "kubernetes": {
      "namespace_name": "unificacion-prod",
      "pod_ip": "10.250.8.209",
      "host": "x",
      "container_name": "unificacion",
      "pod_name": "unificacion-29-xspz4",
      "pod_id": "986d49ee-5bdb-409e-a78b-845996157245",
      "flat_labels": [
        "app=unificacion",
        "deployment=unificacion-29",
        "deploymentconfig=unificacion",
        "log=clusterlogging",
        "source=cicd"
      ]
    }
  },
  "fields": {
    "kubernetes.pod_ip": [
      "10.250.8.209"
    ],
    "process.name.text": [
      "ocpprod"
    ],
    "process.entity_id": [
      "-"
    ],
    "agent.type": [
      "filebeat"
    ],
    "hostname": [
      "x"
    ],
    "agent.name": [
      "filebeat-3-4p4mf"
    ],
    "host.name": [
      "filebeat-3-4p4mf"
    ],
    "kubernetes.host": [
      "x"
    ],
    "kubernetes.flat_labels": [
      "app=unificacion",
      "deployment=unificacion-29",
      "deploymentconfig=unificacion",
      "log=clusterlogging",
      "source=cicd"
    ],
    "event.severity": [
      7
    ],
    "kubernetes.container_name": [
      "unificacion"
    ],
    "input.type": [
      "syslog"
    ],
    "agent.hostname": [
      "filebeat-3-4p4mf"
    ],
    "message": [
      "[16:31:05 INF] Request starting HTTP/1.1 GET http://x/api/V1/unificacion/resultsGoogleRouteApi?q=GAONA%20%202916&f=UriSearch application/json "
    ],
    "kubernetes.namespace_name": [
      "unificacion-prod"
    ],
    "process.name": [
      "x"
    ],
    "@timestamp": [
      "2023-10-18T19:31:05.318Z"
    ],
    "agent.id": [
      "041f669d-325c-4ede-9e46-fd2308a6cbea"
    ],
    "ecs.version": [
      "8.0.0"
    ],
    "kubernetes.pod_id": [
      "986d49ee-5bdb-409e-a78b-845996157245"
    ],
    "openshift.sequence": [
      66666160
    ],
    "log.source.address": [
      "x"
    ],
    "openshift.cluster_id": [
      "97261e16-3ece-42ee-8206-9b12063ef32b"
    ],
    "agent.ephemeral_id": [
      "87bdf49d-e1d1-44d4-a709-b21a0910c633"
    ],
    "agent.version": [
      "8.0.0"
    ],
    "kubernetes.pod_name": [
      "unificacion-29-xspz4"
    ]
  }
}

Priscilla_Parodi · October 18, 2023, 8:34pm

Thanks for the info.

Apparently kubernetes.container_name and kubernetes.namespace_name are keywords and you are searching for the specific keyword and the message field is a text value and you want to search for a text that contains “request starting” as part of the message. Is that it?

Could you please try to do this with a wildcard query?

It will be:

kubernetes.container_name:"unificacion" AND kubernetes.namespace_name:"unificacion-prod" and message: *starting*

system · November 15, 2023, 8:34pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
No se muestran documentos en un espacio distinto al de por defecto Elastic en Español	2	824	July 16, 2021
Errors help: Kibana error: Shard Failures FetchPhaseExecutionException Elasticsearch	3	1560	July 5, 2017
Как выяснить причину ошибки при поиске в Kibana: "Courier fetch: xxx of xxx shards failed" Вопросы на русском языке	2	665	January 4, 2022
Got this error "Error loading data" when we search for :,<,> in Discover page on kibana UI Kibana	12	699	December 4, 2020
Help required in visualization Kibana	8	394	June 9, 2020

Busqueda con error en Discoverc

Related topics