Discover: Bad Gateway issue in kibana

Elastic Stack Kibana
1

Hi All,
I am facing "Discover Bad Gateway" issue while searching in Kibana UI for the field "message" and string contains the value something like below

  message: "7d5c65e2-e954-4de6-ae4f-f78s88c0dc4c"

But there is a record exists/indexed in elastic search with the above value.
But I am able to search for other values seamlessly except the above search value. I am guessing that it is related to elastic search cache issue. Please advice on this issue.

Settings / Configurations in my system:

  1. We are not using any proxy servers to process kibana to elastic searches or requests. There is no firewall issue here
  2. Version of ELK stack using is 6.5.4

Kibana UI ERROR:
SearchError: Bad Gateway
at

 http://host1.corp.xxx.com:5661/bundles/commons.bundle.js:3:2531484
at processQueue (http://host1.corp.xxx.com:5661/bundles/vendors.bundle.js:257:199684)
at http://host1.corp.xxx.com:5661/bundles/vendors.bundle.js:257:200647
at Scope.$digest (http://host1.corp.xxx.com:5661/bundles/vendors.bundle.js:257:210409)
at Scope.$apply (http://host1.corp.xxx.com:5661/bundles/vendors.bundle.js:257:213216)
at done (http://host1.corp.xxx.com:5661/bundles/vendors.bundle.js:257:132715)
at completeRequest (http://host1.corp.xxx.com:5661/bundles/vendors.bundle.js:257:136327)
at XMLHttpRequest.requestLoaded (http://host1.corp.xxx.com:5661/bundles/vendors.bundle.js:257:135223)

Thanks
Sukumar

2

Bad Gateway means a proxy was not able to pass a request to server, successfully. It looks like in this case server that wasn't handling the request was the Elasticsearch server, so you'll want to check the logs on the proxy in front of Elasticsearch.

AFAIK, many things can cause a bad gateway:

  • the upstream server was an unknown host
  • the upstream server couldn't be connected
  • a request to the upstream server timed out
  • the upstream server wants to send a response that the proxy doesn't understand

I'm thinking that in this case, the problem is one of the last 2, since it only happens for that one search case.

Getting to the bottom of it will probably require looking at the Elasticsearch proxy logs. I would also try sending the same request to Elasticsearch directly by doing curl to localhost from the Elasticsearch server.

Just to double-check, the message field is mapped as keyword type, correct? If it is an analyzed string, this query could cause problems. More info could be in the Elasticsearch logs.

3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.