Elastic search is failing to perform bulk index

Elastic Stack Elasticsearch
1

I'm using filebeat to ship the logs to elastic search. I have noticed that its failing to index the logs from 2 weeks.

File beat error:
ERR Failed to perform any bulk index operations: Post http://dt1es01p02:9200/_bulk: net/http: request canceled (Client.Timeout exceeded while awaiting headers)

Elastic search log:
[DEBUG][action.admin.indices.create] [dt1es01p02] [bit-logs-2016.12.30] failed to create
ProcessClusterEventTimeoutException[failed to process cluster event (create-index [bit-logs-2016.12.30], cause [auto(bulk api)]) within 1m]
at org.elasticsearch.cluster.service.InternalClusterService$2$1.run(InternalClusterService.java:349)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)

I'm not sure about this error, Is this something I need to change the config file in elasticsearch or filebeat.yaml?
How could I fix this issue? I've tried changing the bulk index,timeout, flush interval but no use

2

@iluvcode Any help?

3

What state is your cluster in?

4

I didn't get you. Are you asking about health, its green.

5

Have you checked threadpool setting, Since you are using _bulk API ,

Please try to increase it if possible.

https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-threadpool.html

6

It looks like it is timing out trying to create the new index. Which Elasticsearch version are you on? Do you have any non-default cluster settings? How large is your cluster? How many indices/shards do you have in the cluster?

7

@Christian_Dahlqvist @amar-tari i'm using 2.3.3 version. Here is my config on node3, which is similar on other 2 nodes except the nodename and networkhost will different(i'e hostname is selected for nodename,networkhost)

 # ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
#       Before you set out to tweak and tune the configuration, make sure you
#       understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please see the documentation for further information on configuration options:
# <http://www.elastic.co/guide/en/elasticsearch/reference/current/setup-configuration.html>
#
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
 cluster.name: elkdev
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
 node.name: dt1es01p03
 node.master: true 
 node.data: true
#
# Add custom attributes to the node:
#
# node.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
 path.data: e:\data
#
# Path to log files:
#
 path.logs: e:\logs
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
 bootstrap.mlockall: true
#
# Make sure that the `ES_HEAP_SIZE` environment variable is set to about half the memory
# available on the system and that the owner of the process is allowed to use this limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# Set the bind address to a specific IP (IPv4 or IPv6):
#
 network.host: dt1es01p03
#
# Set a custom port for HTTP:
#
 http.port: 9200
#
# For more information, see the documentation at:
# <http://www.elastic.co/guide/en/elasticsearch/reference/current/modules-network.html>
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when new node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
 discovery.zen.ping.unicast.hosts: ["dt1es01p01", "dt1es01p02", "dt1es01p03"]
#
# Prevent the "split brain" by configuring the majority of nodes (total number of nodes / 2 + 1):
#
 discovery.zen.minimum_master_nodes: 2
#
# For more information, see the documentation at:
# <http://www.elastic.co/guide/en/elasticsearch/reference/current/modules-discovery.html>
#
# ---------------------------------- Gateway -----------------------------------
#
# Block initial recovery after a full cluster restart until N nodes are started:
#
# gateway.recover_after_nodes: 3
#
# For more information, see the documentation at:
# <http://www.elastic.co/guide/en/elasticsearch/reference/current/modules-gateway.html>
#
# ---------------------------------- Various -----------------------------------
#
# Disable starting multiple nodes on a single system:
#
# node.max_local_storage_nodes: 1
#
# Require explicit names when deleting indices:
#
# action.destructive_requires_name: true
8

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.