Data not visibile in Kibana

d6036de2b54af16665f4 · December 29, 2021, 1:31pm

Hello,

I ingested data from s3 bucket into Elasticsearch through Logstash pipelines.
BUT I AM NOT ABLE TO visualize DATA IN KIBANA .

I am only able to see data till october monthsm and after that no data is visible there....

Any suggestion would be helpufull....

Petr.Simik · December 31, 2021, 10:46am

Try to query the data from dev_tool
GET indexname/_search
and check the timestamp which is used by kibana index pattern
its value might be in incorrect format

d6036de2b54af16665f4 · December 31, 2021, 1:14pm

okay I will check that once and will let you know....

But,

Elasticsearch is their on the same machine...

And also when I am running Logstash Logs I am getting ...

[2021-12-24T06:25:16,758][ERROR][org.logstash.Logstash ] java.lang.OutOfMemoryError: Java heap space

[2021-12-24T05:12:31,352][ERROR][logstash.outputs.Elasticsearch] Attempted to send a bulk request to Elasticsearch' but Elasticsearch appears to be unreachable or down! {:error_message=>"Elasticsearch Unreachable: [http://XXXXXXXXXXxXXXX.XX-XXXXXXXXX.amazonaws.com:9200/][Manticore::ClientProtocolException] XXXXXXXXXXXXXXXXXXXXXXXXXXXXX.ZZZZZZZZZZZ.amazonaws.com:9200 failed to respond", :class=>"LogStash::Outputs::Elasticsearch::HttpClient::Pool::HostUnreachableError", :will_retry_in_seconds=>2}

[2021-12-24T03:54:42,052][ERROR][org.logstash.Logstash ] java.lang.IllegalStateException: Logstash stopped processing because of an error: (SystemExit) exit

[2021-12-24T03:35:26,776][ERROR][logstash.licensechecker.licensereader] Unable to retrieve license information from license server {:message=>"Elasticsearch Unreachable: [http://XXXXXXXX.XXXXXX.XXXXXXXXnaws.com:9200/][Manticore::ClientProtocolException] XXXXXXXXXXXXXXXXXXXXX.XXXXXXX.XXXX failed to respond"}

[2021-12-24T02:26:59,139][ERROR][logstash.outputs.Elasticsearch] Encountered a retryable error. Will Retry with exponential backoff {:code=>500,

[ERROR][org.logstash.execution.WorkerLoop] Exception in pipelineworker, the pipeline stopped processing new events, please check your filter configuration and restart Logstash.
java.lang.NullPointerException: null

Please help me to solve this issue to the complete...
You can provide me a time slot when you will be available so that i can troubleshoot this continously without any time gaping.......

d6036de2b54af16665f4 · December 31, 2021, 1:28pm

Only One date of data is showing with this query but More data is also got uploded on the same logstash machine...

Petr.Simik · January 2, 2022, 6:49pm

to check if Elasticsearch in available just type curl localhost:9200
and check if it gets any output

what is the RAM size of node where Elastic is running?
How did you set Heap size?
running logstash on the same machine is a common practice - not a problem

Petr.Simik · January 2, 2022, 6:52pm

you can also troibleshoot it by manually POST one of the logstash parsed event to Elasticsearch

print one event to screen
try to curl -x POST the event to Elasticsearch

see Index API | Elasticsearch Guide [7.16] | Elastic
POST my-index-000001/_doc/
{

your event

}

d6036de2b54af16665f4 · January 3, 2022, 7:54am

when i run curl localhost:9200 i got connection refused error...

But, when i used
curl http://XXXXXXX-XXXXXX-XXXXXX-XXX-elb-XXXXXXXXXXXXaws.com:9200 {
"name" : "ip-XXX-XX-X-XX.ec2.XXXXXXl",
"cluster_name" : "cluster name",
"cluster_uuid" : "XVHHSHD3QDtyessZOwenklaewq",
"version" : {
"number" : "7.1.0",
"build_flavor" : "default",
"build_type" : "rpm",
"build_hash" : "606a173",
"build_date" : "2019-05-16T00:43:15.323135Z",
"build_snapshot" : false,
"lucene_version" : "8.0.0",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
"tagline" : "You Know, for Search"
}

*** The instance where Elasticsearch is running is 8gb and 1 gb medium type....

*** i think the heap size is being set by jvm.options

d6036de2b54af16665f4 · January 4, 2022, 7:38am

Any update?

Petr.Simik · January 4, 2022, 9:12am

Sorry I am not support expert - you should contact someone from Elatic if you have the License.
I am just another user of Elasticsearch like you.

You are mixing up several problems
lets resolve them separately

Elasticsearch is up and running and can index new data
this problem you tested by curl commands I send you. Did you try curl POST - did it index new data to elasticsearch?
If yes - there is no problem with elasticsearch
btw you did not respond to HEAP size in /etc/elasticsearch/jvm.option file
-XmsXXg
-XmxYYg

however if elasticsearch is running and can index the data I do not see a problem here

problems with logstash
I see this might be a problem.
did you try to index simple piece of data to Elastic by Logstash
try to index static single event value
if this works the problem might be in logstash yaml parser code

provide your code here so the community can help you

Logstash problem

d6036de2b54af16665f4 · January 4, 2022, 9:20am

Elasticsearch is running yes it is indexing to new data in ES.

-Xms1g
-Xms1g
is heap size in Es jvm.options

yes i tried to index small piece of data from logstash to ES and it worked...

Then what can be the issue and what code i may help you... to identify it
thanks

system · February 1, 2022, 9:20am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.