seeing below from the logs
ng","MessageType":"XAResource","event":".rollback(). Server returned XAER_NOTA. ERRORCODE=-4203, SQLSTATE=null"}]}
ProcessClusterEventTimeoutException[failed to process cluster event (put-mapping [log]) within 30s]
at org.elasticsearch.cluster.service.InternalClusterService$2$1.run(InternalClusterService.java:343)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
[2017-07-06 06:38:26,922][DEBUG][action.bulk ] [monelkeswhq00.northamerica.cerner.net] [logstash-2017.07.06][0] failed to execute bulk item (index) index {[logstash-2017.07.06][wineventlog][AV0Xr8URSHp5XPPi6PgK], source[{"message":"McShield service started.\n Engine version : 5800.7501\n DAT version : 8582.0000\n \n Number of signatures in EXTRA.DAT : 2\n Names of threats that EXTRA.DAT can detect : Generic.Tra!36479503101e (ED)\nRansomware-GCC (ED)","@version":"1","@timestamp":"2017-07-06T03:44:15.000Z","beat":{"hostname":"CESSOAIISWHQ03","name":"CESSOAIISWHQ03"},"computer_name":"CESSOAIISWHQ03.northamerica.cerner.net","count":1,"event_id":5000,"level":"Information","log_name":"Application","record_number":"16913","source_name":"McLogEvent","tags":["wsi","cessoaiiswhq03","wsi-iis","beats_input_codec_plain_applied"],"type":"wineventlog","user":{"domain":"NT AUTHORITY","identifier":"S-1-5-18","name":"SYSTEM","type":"User"},"host":"CESSOAIISWHQ03"}]}
ProcessClusterEventTimeoutException[failed to process cluster event (put-mapping [wineventlog]) within 30s]
at org.elasticsearch.cluster.service.InternalClusterService$2$1.run(InternalClusterService.java:343)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
[2017-07-06 06:39:21,712][WARN ][transport ] [monelkeswhq00.northamerica.cerner.net] Received response for a request that has timed out, sent [53826ms] ago, timed out [23826ms] ago, action [internal:discovery/zen/fd/master_ping], node [{monelkeswhq01.northamerica.cerner.net}{b31ABHuVSPekwE--5_72ow}{10.190.157.78}{10.190.157.78:9300}], id [174139]
Are you seeing/facing back pressure from Elasticsearch? Have a look at the following in regards to bulk rejections, Monitoring Individual Nodes | Elasticsearch: The Definitive Guide [2.x] | Elastic
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.