i have added multiple log in logstash conf
if i refresh kibana4 showing this
Courier Fetch: 70 of 80 shards failed.
for this i searched in google they told to add
this line in elasticsearch.yml
threadpool.search.type: fixed
threadpool.search.size: 200
threadpool.search.queue_size: 20000
but still its showing that error
note:im using mac
using local ip
Hi @manopmk,
this sounds like Elasticsearch does not have enough resources to completely answer the query. Increasing the search threadpool size is a measure that might help, but like all performance parameters it is highly dependent on the runtime environment. The Elasticsearch log output might give some indication about the reason for the 10 failed shards.
Thank you buddy
in es log
org.elasticsearch.search.SearchParseException: [logstash-2016.10.21][4]: from[-1],size[500]: Parse Failure [Failed to parse source [{"size":500,"sort":{"tstamp":"asc"},"query":{"filtered":{"query":{"query_string":{"analyze_wildcard":true,"query":""}},"filter":{"bool":{"must":[{"range":{"tstamp":{"gte":1490595144374,"lte":1490609544374}}}],"must_not":[]}}}},"highlight":{"pre_tags":["@kibana-highlighted-field@"],"post_tags":["@/kibana-highlighted-field@"],"fields":{"":{}}},"aggs":{"2":{"date_histogram":{"field":"tstamp","interval":"5m","pre_zone":"+05:30","pre_zone_adjust_large_interval":true,"min_doc_count":0,"extended_bounds":{"min":1490595144374,"max":1490609544374}}}},"fields":["*","_source"],"script_fields":{},"fielddata_fields":["_timestamp","@timestamp","tstamp"]}]]
Parse Failure [No mapping found for [tstamp] in order to sort on]];
Actullay i created index called tstamp which contain exact time stamp of log
my conf
filter {
grok {
match => [ "message", "%{DATESTAMP:timestamp}" ]
}
date {
locale => "en"
match => [ "timestamp", "MM-dd-YYYY HH:mm:ss","ISO8601" ]
target => ["tstamp"]
remove_field => ["timestamp"]
}
}
Json i got
"message" => "03-27-2017 10:26:11 INFO - in DAO Impl query: fetching username from username_notification table",
"@version" => "1",
"@timestamp" => "2017-03-27T09:33:50.768Z",
"host" => "Vishnu-Prasad.local",
"path" => "/Users/tcstsb3/Downloads/batch/starbuck-batch-service.log",
"tstamp" => "2017-03-27T04:56:11.000Z"
}
in kibana i added new index called tstamp i overrided the changes
but i dont know why this showing No mapping found
can you plz help me
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.