Elasticsearch get exited and shows unhealthy status in docker container

I Run Elasticsearch on docker production on aws ec2(ubuntu).It was working fine.my elasticsearch got exited today after I updated an index I started again manually.after this the status of the containers changed to unhealthy

Screen Shot 2022-09-07 at 4.31.43 PM1454×174 14.7 KB

Why this happens?What can I do to recover the cluster?

Here is the logs of it:

es01:

amp":"2022-09-04T01:38:32.025Z", "log.level": "INFO", "message":"successfully loaded geoip database file [GeoLite2-Country.mmdb]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][generic][T#3]","log.logger":"org.elasticsearch.ingest.geoip.DatabaseNodeService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"IKg4rU8uR9WW9D6yPqfEZQ","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-04T01:38:35.854Z", "log.level": "INFO", "message":"evicted [0] entries from cache after reloading database [/tmp/elasticsearch-1445181459173855649/geoip-databases/IKg4rU8uR9WW9D6yPqfEZQ/GeoLite2-City.mmdb]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][generic][T#1]","log.logger":"org.elasticsearch.ingest.geoip.DatabaseReaderLazyLoader","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"IKg4rU8uR9WW9D6yPqfEZQ","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-04T01:38:35.854Z", "log.level": "INFO", "message":"successfully loaded geoip database file [GeoLite2-City.mmdb]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][generic][T#1]","log.logger":"org.elasticsearch.ingest.geoip.DatabaseNodeService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"IKg4rU8uR9WW9D6yPqfEZQ","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T01:38:33.554Z", "log.level": "INFO", "message":"evicted [0] entries from cache after reloading database [/tmp/elasticsearch-1445181459173855649/geoip-databases/IKg4rU8uR9WW9D6yPqfEZQ/GeoLite2-ASN.mmdb]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][generic][T#1]","log.logger":"org.elasticsearch.ingest.geoip.DatabaseReaderLazyLoader","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"IKg4rU8uR9WW9D6yPqfEZQ","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T01:38:33.555Z", "log.level": "INFO", "message":"successfully loaded geoip database file [GeoLite2-ASN.mmdb]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][generic][T#1]","log.logger":"org.elasticsearch.ingest.geoip.DatabaseNodeService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"IKg4rU8uR9WW9D6yPqfEZQ","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T01:38:42.577Z", "log.level": "INFO", "message":"evicted [0] entries from cache after reloading database [/tmp/elasticsearch-1445181459173855649/geoip-databases/IKg4rU8uR9WW9D6yPqfEZQ/GeoLite2-Country.mmdb]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][generic][T#4]","log.logger":"org.elasticsearch.ingest.geoip.DatabaseReaderLazyLoader","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"IKg4rU8uR9WW9D6yPqfEZQ","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T01:38:42.577Z", "log.level": "INFO", "message":"successfully loaded geoip database file [GeoLite2-Country.mmdb]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][generic][T#4]","log.logger":"org.elasticsearch.ingest.geoip.DatabaseNodeService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"IKg4rU8uR9WW9D6yPqfEZQ","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T01:38:46.151Z", "log.level": "INFO", "message":"evicted [0] entries from cache after reloading database [/tmp/elasticsearch-1445181459173855649/geoip-databases/IKg4rU8uR9WW9D6yPqfEZQ/GeoLite2-City.mmdb]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][generic][T#1]","log.logger":"org.elasticsearch.ingest.geoip.DatabaseReaderLazyLoader","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"IKg4rU8uR9WW9D6yPqfEZQ","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T01:38:46.152Z", "log.level": "INFO", "message":"successfully loaded geoip database file [GeoLite2-City.mmdb]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es01][generic][T#1]","log.logger":"org.elasticsearch.ingest.geoip.DatabaseNodeService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"IKg4rU8uR9WW9D6yPqfEZQ","elasticsearch.node.name":"es01","elasticsearch.cluster.name":"docker-cluster"}

ERROR: Elasticsearch exited unexpectedly

es02:

{"@timestamp":"2022-09-07T00:06:04.074Z", "log.level": "INFO",  "current.health":"GREEN","message":"Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[restaurant_location][0]]]).","previous.health":"YELLOW","reason":"shards started [[restaurant_location][0]]" , "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.routing.allocation.AllocationService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T00:07:50.954Z", "log.level": "INFO", "message":"[restaurant_location/cQuHs6RHSxqULZtzHDt7Aw] create_mapping", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataMappingService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T00:07:51.015Z", "log.level": "INFO", "message":"[restaurant_location/cQuHs6RHSxqULZtzHDt7Aw] update_mapping [_doc]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataMappingService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T00:07:51.066Z", "log.level": "INFO", "message":"[restaurant_location/cQuHs6RHSxqULZtzHDt7Aw] update_mapping [_doc]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataMappingService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T00:07:51.110Z", "log.level": "INFO", "message":"[restaurant_location/cQuHs6RHSxqULZtzHDt7Aw] update_mapping [_doc]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataMappingService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T00:07:51.222Z", "log.level": "INFO", "message":"[restaurant_location/cQuHs6RHSxqULZtzHDt7Aw] update_mapping [_doc]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataMappingService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T00:07:51.372Z", "log.level": "INFO", "message":"[restaurant_location/cQuHs6RHSxqULZtzHDt7Aw] update_mapping [_doc]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataMappingService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T00:07:51.769Z", "log.level": "INFO", "message":"[restaurant_location/cQuHs6RHSxqULZtzHDt7Aw] update_mapping [_doc]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataMappingService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T01:30:00.000Z", "log.level": "INFO", "message":"starting SLM retention snapshot cleanup task", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][trigger_engine_scheduler][T#1]","log.logger":"org.elasticsearch.xpack.slm.SnapshotRetentionTask","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T01:30:00.000Z", "log.level": "INFO", "message":"there are no repositories to fetch, SLM retention snapshot cleanup task complete", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][trigger_engine_scheduler][T#1]","log.logger":"org.elasticsearch.xpack.slm.SnapshotRetentionTask","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T01:38:00.001Z", "log.level": "INFO", "message":"triggering scheduled [ML] maintenance tasks", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#3]","log.logger":"org.elasticsearch.xpack.ml.MlDailyMaintenanceService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T01:38:00.002Z", "log.level": "INFO", "message":"Deleting expired data", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#3]","log.logger":"org.elasticsearch.xpack.ml.action.TransportDeleteExpiredDataAction","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T01:38:00.004Z", "log.level": "INFO", "message":"Successfully deleted [0] unused stats documents", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#2]","log.logger":"org.elasticsearch.xpack.ml.job.retention.UnusedStatsRemover","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T01:38:00.005Z", "log.level": "INFO", "message":"Completed deletion of expired ML data", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][ml_utility][T#3]","log.logger":"org.elasticsearch.xpack.ml.action.TransportDeleteExpiredDataAction","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T01:38:00.005Z", "log.level": "INFO", "message":"Successfully completed [ML] maintenance task: triggerDeleteExpiredDataTask", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][ml_utility][T#3]","log.logger":"org.elasticsearch.xpack.ml.MlDailyMaintenanceService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T01:38:33.460Z", "log.level": "INFO", "message":"evicted [0] entries from cache after reloading database [/tmp/elasticsearch-16016688957705358733/geoip-databases/_On0JHF6SsCi8T2qU4FyFQ/GeoLite2-ASN.mmdb]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#2]","log.logger":"org.elasticsearch.ingest.geoip.DatabaseReaderLazyLoader","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T01:38:33.460Z", "log.level": "INFO", "message":"successfully loaded geoip database file [GeoLite2-ASN.mmdb]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#2]","log.logger":"org.elasticsearch.ingest.geoip.DatabaseNodeService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T01:38:42.430Z", "log.level": "INFO", "message":"evicted [0] entries from cache after reloading database [/tmp/elasticsearch-16016688957705358733/geoip-databases/_On0JHF6SsCi8T2qU4FyFQ/GeoLite2-Country.mmdb]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#3]","log.logger":"org.elasticsearch.ingest.geoip.DatabaseReaderLazyLoader","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T01:38:42.430Z", "log.level": "INFO", "message":"successfully loaded geoip database file [GeoLite2-Country.mmdb]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#3]","log.logger":"org.elasticsearch.ingest.geoip.DatabaseNodeService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T01:38:44.931Z", "log.level": "INFO", "message":"evicted [0] entries from cache after reloading database [/tmp/elasticsearch-16016688957705358733/geoip-databases/_On0JHF6SsCi8T2qU4FyFQ/GeoLite2-City.mmdb]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#4]","log.logger":"org.elasticsearch.ingest.geoip.DatabaseReaderLazyLoader","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T01:38:44.932Z", "log.level": "INFO", "message":"successfully loaded geoip database file [GeoLite2-City.mmdb]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#4]","log.logger":"org.elasticsearch.ingest.geoip.DatabaseNodeService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:21:46.540Z", "log.level": "INFO", "message":"[restaurant_location/cQuHs6RHSxqULZtzHDt7Aw] update_mapping [_doc]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataMappingService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:26:25.772Z", "log.level": "INFO", "message":"transport connection to [{es01}{IKg4rU8uR9WW9D6yPqfEZQ}{zsLfR_mvRTuFDtvFwq6Ddg}{es01}{172.19.0.3}{172.19.0.3:9300}{cdfhilmrstw}] closed by remote", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][transport_worker][T#2]","log.logger":"org.elasticsearch.transport.ClusterConnectionManager","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:26:25.782Z", "log.level": "INFO",  "current.health":"YELLOW","message":"Cluster health status changed from [GREEN] to [YELLOW] (reason: [{es01}{IKg4rU8uR9WW9D6yPqfEZQ}{zsLfR_mvRTuFDtvFwq6Ddg}{es01}{172.19.0.3}{172.19.0.3:9300}{cdfhilmrstw} reason: disconnected]).","previous.health":"GREEN","reason":"{es01}{IKg4rU8uR9WW9D6yPqfEZQ}{zsLfR_mvRTuFDtvFwq6Ddg}{es01}{172.19.0.3}{172.19.0.3:9300}{cdfhilmrstw} reason: disconnected" , "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.routing.allocation.AllocationService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:26:25.802Z", "log.level": "INFO", "message":"node-left[{es01}{IKg4rU8uR9WW9D6yPqfEZQ}{zsLfR_mvRTuFDtvFwq6Ddg}{es01}{172.19.0.3}{172.19.0.3:9300}{cdfhilmrstw} reason: disconnected], term: 20, version: 1172, delta: removed {{es01}{IKg4rU8uR9WW9D6yPqfEZQ}{zsLfR_mvRTuFDtvFwq6Ddg}{es01}{172.19.0.3}{172.19.0.3:9300}{cdfhilmrstw}}", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.service.MasterService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:26:25.906Z", "log.level": "INFO", "message":"removed {{es01}{IKg4rU8uR9WW9D6yPqfEZQ}{zsLfR_mvRTuFDtvFwq6Ddg}{es01}{172.19.0.3}{172.19.0.3:9300}{cdfhilmrstw}}, term: 20, version: 1172, reason: Publication{term=20, version=1172}", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][clusterApplierService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.service.ClusterApplierService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:26:25.950Z", "log.level": "INFO", "message":"scheduling reroute for delayed shards in [59.8s] (15 delayed shards)", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][clusterApplierService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.routing.DelayedAllocationService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:26:25.956Z", "log.level": "INFO", "message":"primary-replica resync completed with 0 operations", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#6]","log.logger":"org.elasticsearch.index.shard.IndexShard","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster","tags":[" [.kibana-event-log-8.3.2-000002][0]"]}
{"@timestamp":"2022-09-07T17:26:25.961Z", "log.level": "INFO", "message":"primary-replica resync completed with 0 operations", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#3]","log.logger":"org.elasticsearch.index.shard.IndexShard","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster","tags":[" [.apm-custom-link][0]"]}
{"@timestamp":"2022-09-07T17:26:25.973Z", "log.level": "INFO", "message":"primary-replica resync completed with 0 operations", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#6]","log.logger":"org.elasticsearch.index.shard.IndexShard","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster","tags":[" [restaurant_items][0]"]}
{"@timestamp":"2022-09-07T17:27:26.004Z", "log.level": "WARN", "message":"[.security-7][0] marking unavailable shards as stale: [iX31xcNqRSWD9UQRj0KbxA]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.routing.allocation.AllocationService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:27:26.086Z", "log.level": "WARN", "message":"[.kibana_task_manager_8.3.2_001][0] marking unavailable shards as stale: [oSWzHXHEQbWSh6bxZ7bf2g]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.routing.allocation.AllocationService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:27:26.335Z", "log.level": "WARN", "message":"[.apm-custom-link][0] marking unavailable shards as stale: [nBUe7MqYQGiNRDOWF4xDyw]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.routing.allocation.AllocationService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:27:26.385Z", "log.level": "WARN", "message":"[.async-search][0] marking unavailable shards as stale: [6uBmF5DGQTGCR1ZRD2Jj6w]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.routing.allocation.AllocationService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:27:26.445Z", "log.level": "WARN", "message":"[.tasks][0] marking unavailable shards as stale: [58f1y6RrSNOL3SccPyeyyQ]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.routing.allocation.AllocationService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:27:26.767Z", "log.level": "WARN", "message":"[restaurants][0] marking unavailable shards as stale: [0s-uHGuxSq2yDSbR_VEu8w]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.routing.allocation.AllocationService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:27:26.937Z", "log.level": "WARN", "message":"[.ds-.logs-deprecation.elasticsearch-default-2022.08.12-000002][0] marking unavailable shards as stale: [6woD3_CvRAqD8UKk6R9wzQ]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.routing.allocation.AllocationService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:27:27.278Z", "log.level": "WARN", "message":"[.kibana-event-log-8.3.2-000002][0] marking unavailable shards as stale: [vfw_hUhLRhWXVSviWg7lfA]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.routing.allocation.AllocationService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:27:28.657Z", "log.level": "WARN", "message":"[smfood-recipe-combo][0] marking unavailable shards as stale: [-XYM89GVS_yzcnpdncNGyQ]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.routing.allocation.AllocationService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:27:28.711Z", "log.level": "WARN", "message":"[smfood][0] marking unavailable shards as stale: [5J_Tpy1pQU6Upfacp4C8ZA]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.routing.allocation.AllocationService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:27:29.529Z", "log.level": "WARN", "message":"[.ds-.logs-deprecation.elasticsearch-default-2022.07.13-000001][0] marking unavailable shards as stale: [AhokeX6RTCKENYN2-qT6NQ]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.routing.allocation.AllocationService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:27:30.267Z", "log.level": "WARN", "message":"[.kibana-event-log-8.3.2-000001][0] marking unavailable shards as stale: [r-ZZmzgKR4SLnVZOEX4Zhg]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.routing.allocation.AllocationService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:27:33.246Z", "log.level": "WARN", "message":"[restaurant_location][0] marking unavailable shards as stale: [85FegeDxT5aLuTt7gR8CAA]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.routing.allocation.AllocationService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:27:34.940Z", "log.level": "WARN", "message":"[restaurant_items][0] marking unavailable shards as stale: [BQ6m973VSHmjz2z3eCp3-w]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.routing.allocation.AllocationService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:27:43.962Z", "log.level": "WARN", "message":"[cpg][0] marking unavailable shards as stale: [y6jmNn6aSEKQmYyHehWybA]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.routing.allocation.AllocationService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}```




ERROR: Elasticsearch exited unexpectedly




is there any solution for this?

Please don't post pictures of text, logs or code. They are difficult to read, impossible to search and replicate (if it's code), and some people may not be even able to see them

We'd need to see more of the Elasticsearch log.

Thanks for letting me now.here is the logs of es02
I will break it down into several replies due to the word limitations

1:

set":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#1]","log.logger":"org.elasticsearch.xpack.ml.MlDailyMaintenanceService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-08-26T01:38:00.001Z", "log.level": "INFO", "message":"Deleting expired data", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#1]","log.logger":"org.elasticsearch.xpack.ml.action.TransportDeleteExpiredDataAction","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-08-26T01:38:00.003Z", "log.level": "INFO", "message":"Successfully deleted [0] unused stats documents", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#4]","log.logger":"org.elasticsearch.xpack.ml.job.retention.UnusedStatsRemover","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-08-26T01:38:00.003Z", "log.level": "INFO", "message":"Completed deletion of expired ML data", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][ml_utility][T#3]","log.logger":"org.elasticsearch.xpack.ml.action.TransportDeleteExpiredDataAction","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-08-26T01:38:00.003Z", "log.level": "INFO", "message":"Successfully completed [ML] maintenance task: triggerDeleteExpiredDataTask", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][ml_utility][T#3]","log.logger":"org.elasticsearch.xpack.ml.MlDailyMaintenanceService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-08-26T20:49:04.320Z", "log.level": "INFO", "message":"[restaurants/GZ_lPV7ZSy6fR5hEUaG_CA] update_mapping [_doc]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataMappingService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-08-26T20:49:04.409Z", "log.level": "INFO", "message":"[restaurants/GZ_lPV7ZSy6fR5hEUaG_CA] update_mapping [_doc]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataMappingService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-08-27T01:30:00.000Z", "log.level": "INFO", "message":"starting SLM retention snapshot cleanup task", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][trigger_engine_scheduler][T#1]","log.logger":"org.elasticsearch.xpack.slm.SnapshotRetentionTask","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-08-27T01:30:00.000Z", "log.level": "INFO", "message":"there are no repositories to fetch, SLM retention snapshot cleanup task complete", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][trigger_engine_scheduler][T#1]","log.logger":"org.elasticsearch.xpack.slm.SnapshotRetentionTask","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-08-27T01:38:00.000Z", "log.level": "INFO", "message":"triggering scheduled [ML] maintenance tasks", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#5]","log.logger":"org.elasticsearch.xpack.ml.MlDailyMaintenanceService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-08-27T01:38:00.001Z", "log.level": "INFO", "message":"Deleting expired data", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#5]","log.logger":"org.elasticsearch.xpack.ml.action.TransportDeleteExpiredDataAction","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-08-27T01:38:00.003Z", "log.level": "INFO", "message":"Successfully deleted [0] unused stats documents", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#7]","log.logger":"org.elasticsearch.xpack.ml.job.retention.UnusedStatsRemover","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-08-27T01:38:00.003Z", "log.level": "INFO", "message":"Completed deletion of expired ML data", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][ml_utility][T#2]","log.logger":"org.elasticsearch.xpack.ml.action.TransportDeleteExpiredDataAction","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-08-27T01:38:00.003Z", "log.level": "INFO", "message":"Successfully completed [ML] maintenance task: triggerDeleteExpiredDataTask", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][ml_utility][T#2]","log.logger":"org.elasticsearch.xpack.ml.MlDailyMaintenanceService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-08-28T01:30:00.000Z", "log.level": "INFO", "message":"starting SLM retention snapshot cleanup task", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][trigger_engine_scheduler][T#1]","log.logger":"org.elasticsearch.xpack.slm.SnapshotRetentionTask","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-08-28T01:30:00.000Z", "log.level": "INFO", "message":"there are no repositories to fetch, SLM retention snapshot cleanup task complete", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][trigger_engine_scheduler][T#1]","log.logger":"org.elasticsearch.xpack.slm.SnapshotRetentionTask","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-08-28T01:38:00.000Z", "log.level": "INFO", "message":"triggering scheduled [ML] maintenance tasks", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#4]","log.logger":"org.elasticsearch.xpack.ml.MlDailyMaintenanceService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-08-28T01:38:00.001Z", "log.level": "INFO", "message":"Deleting expired data", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#4]","log.logger":"org.elasticsearch.xpack.ml.action.TransportDeleteExpiredDataAction","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-08-28T01:38:00.008Z", "log.level": "INFO", "message":"Successfully deleted [0] unused stats documents", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#5]","log.logger":"org.elasticsearch.xpack.ml.job.retention.UnusedStatsRemover","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}

2

{"@timestamp":"2022-08-28T01:38:00.011Z", "log.level": "INFO", "message":"Completed deletion of expired ML data", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][ml_utility][T#3]","log.logger":"org.elasticsearch.xpack.ml.action.TransportDeleteExpiredDataAction","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-08-28T01:38:00.011Z", "log.level": "INFO", "message":"Successfully completed [ML] maintenance task: triggerDeleteExpiredDataTask", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][ml_utility][T#3]","log.logger":"org.elasticsearch.xpack.ml.MlDailyMaintenanceService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-08-29T01:30:00.001Z", "log.level": "INFO", "message":"starting SLM retention snapshot cleanup task", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][trigger_engine_scheduler][T#1]","log.logger":"org.elasticsearch.xpack.slm.SnapshotRetentionTask","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-08-29T01:30:00.001Z", "log.level": "INFO", "message":"there are no repositories to fetch, SLM retention snapshot cleanup task complete", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][trigger_engine_scheduler][T#1]","log.logger":"org.elasticsearch.xpack.slm.SnapshotRetentionTask","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-08-29T01:38:00.000Z", "log.level": "INFO", "message":"triggering scheduled [ML] maintenance tasks", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#3]","log.logger":"org.elasticsearch.xpack.ml.MlDailyMaintenanceService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-08-29T01:38:00.001Z", "log.level": "INFO", "message":"Deleting expired data", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#3]","log.logger":"org.elasticsearch.xpack.ml.action.TransportDeleteExpiredDataAction","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-08-29T01:38:00.002Z", "log.level": "INFO", "message":"Successfully deleted [0] unused stats documents", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#6]","log.logger":"org.elasticsearch.xpack.ml.job.retention.UnusedStatsRemover","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-08-29T01:38:00.004Z", "log.level": "INFO", "message":"Completed deletion of expired ML data", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][ml_utility][T#3]","log.logger":"org.elasticsearch.xpack.ml.action.TransportDeleteExpiredDataAction","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-08-29T01:38:00.005Z", "log.level": "INFO", "message":"Successfully completed [ML] maintenance task: triggerDeleteExpiredDataTask", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][ml_utility][T#3]","log.logger":"org.elasticsearch.xpack.ml.MlDailyMaintenanceService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-08-29T01:38:00.990Z", "log.level": "INFO", "message":"evicted [0] entries from cache after reloading database [/tmp/elasticsearch-16016688957705358733/geoip-databases/_On0JHF6SsCi8T2qU4FyFQ/GeoLite2-ASN.mmdb]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#7]","log.logger":"org.elasticsearch.ingest.geoip.DatabaseReaderLazyLoader","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}

3

{"@timestamp":"2022-08-29T01:38:00.990Z", "log.level": "INFO", "message":"successfully loaded geoip database file [GeoLite2-ASN.mmdb]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#7]","log.logger":"org.elasticsearch.ingest.geoip.DatabaseNodeService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-08-29T01:38:13.442Z", "log.level": "INFO", "message":"evicted [0] entries from cache after reloading database [/tmp/elasticsearch-16016688957705358733/geoip-databases/_On0JHF6SsCi8T2qU4FyFQ/GeoLite2-Country.mmdb]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#2]","log.logger":"org.elasticsearch.ingest.geoip.DatabaseReaderLazyLoader","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-08-29T01:38:13.442Z", "log.level": "INFO", "message":"successfully loaded geoip database file [GeoLite2-Country.mmdb]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#2]","log.logger":"org.elasticsearch.ingest.geoip.DatabaseNodeService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-08-29T01:38:14.665Z", "log.level": "INFO", "message":"evicted [0] entries from cache after reloading database [/tmp/elasticsearch-16016688957705358733/geoip-databases/_On0JHF6SsCi8T2qU4FyFQ/GeoLite2-City.mmdb]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#7]","log.logger":"org.elasticsearch.ingest.geoip.DatabaseReaderLazyLoader","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-08-29T01:38:14.665Z", "log.level": "INFO", "message":"successfully loaded geoip database file [GeoLite2-City.mmdb]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#7]","log.logger":"org.elasticsearch.ingest.geoip.DatabaseNodeService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-08-29T18:52:31.764Z", "log.level": "INFO", "message":"[restaurant_location] creating index, cause [api], templates [], shards [1]/[1]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataCreateIndexService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-08-29T18:52:31.965Z", "log.level": "INFO",  "current.health":"GREEN","message":"Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[restaurant_location][0]]]).","previous.health":"YELLOW","reason":"shards started [[restaurant_location][0]]" , "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.routing.allocation.AllocationService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-08-29T18:52:49.336Z", "log.level": "INFO", "message":"[restaurant_location/lena78-3S7mgxbsqrfSnxw] create_mapping", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataMappingService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-08-29T18:53:08.374Z", "log.level": "INFO", "message":"[restaurant_location/lena78-3S7mgxbsqrfSnxw] update_mapping [_doc]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataMappingService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-08-29T18:53:08.797Z", "log.level": "INFO", "message":"[restaurant_location/lena78-3S7mgxbsqrfSnxw] update_mapping [_doc]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataMappingService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-08-29T18:58:15.864Z", "log.level": "INFO", "message":"[restaurant_location/lena78-3S7mgxbsqrfSnxw] update_mapping [_doc]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataMappingService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-08-29T19:00:16.618Z", "log.level": "INFO", "message":"[.ds-.logs-deprecation.elasticsearch-default-2022.08.12-000002/SM-tG7Q9QVWzcLvv3UMxIw] update_mapping [_doc]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataMappingService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-08-30T01:30:00.000Z", "log.level": "INFO", "message":"starting SLM retention snapshot cleanup task", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][trigger_engine_scheduler][T#1]","log.logger":"org.elasticsearch.xpack.slm.SnapshotRetentionTask","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-08-30T01:30:00.001Z", "log.level": "INFO", "message":"there are no repositories to fetch, SLM retention snapshot cleanup task complete", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][trigger_engine_scheduler][T#1]","log.logger":"org.elasticsearch.xpack.slm.SnapshotRetentionTask","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-08-30T01:38:00.000Z", "log.level": "INFO", "message":"triggering scheduled [ML] maintenance tasks", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#4]","log.logger":"org.elasticsearch.xpack.ml.MlDailyMaintenanceService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-08-30T01:38:00.001Z", "log.level": "INFO", "message":"Deleting expired data", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#4]","log.logger":"org.elasticsearch.xpack.ml.action.TransportDeleteExpiredDataAction","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-08-30T01:38:00.011Z", "log.level": "INFO", "message":"Successfully deleted [0] unused stats documents", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#1]","log.logger":"org.elasticsearch.xpack.ml.job.retention.UnusedStatsRemover","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-08-30T01:38:00.011Z", "log.level": "INFO", "message":"Completed deletion of expired ML data", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][ml_utility][T#2]","log.logger":"org.elasticsearch.xpack.ml.action.TransportDeleteExpiredDataAction","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-08-30T01:38:00.012Z", "log.level": "INFO", "message":"Successfully completed [ML] maintenance task: triggerDeleteExpiredDataTask", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][ml_utility][T#2]","log.logger":"org.elasticsearch.xpack.ml.MlDailyMaintenanceService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-08-30T22:24:10.581Z", "log.level": "INFO", "message":"[restaurants/GZ_lPV7ZSy6fR5hEUaG_CA] deleting index", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataDeleteIndexService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-08-30T22:24:55.540Z", "log.level": "INFO", "message":"[restaurants] creating index, cause [api], templates [], shards [1]/[1]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataCreateIndexService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-08-30T22:24:55.748Z", "log.level": "INFO",  "current.health":"GREEN","message":"Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[restaurants][0]]]).","previous.health":"YELLOW","reason":"shards started [[restaurants][0]]" , "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.routing.allocation.AllocationService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-08-30T22:25:12.094Z", "log.level": "INFO", "message":"[restaurants/_DBoyUGdTP2nnpBJi6Ysaw] create_mapping", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataMappingService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-08-30T22:25:12.131Z", "log.level": "INFO", "message":"[restaurants/_DBoyUGdTP2nnpBJi6Ysaw] update_mapping [_doc]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataMappingService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-08-30T22:25:12.166Z", "log.level": "INFO", "message":"[restaurants/_DBoyUGdTP2nnpBJi6Ysaw] update_mapping [_doc]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataMappingService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-08-30T22:25:12.202Z", "log.level": "INFO", "message":"[restaurants/_DBoyUGdTP2nnpBJi6Ysaw] update_mapping [_doc]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataMappingService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-08-30T22:25:12.246Z", "log.level": "INFO", "message":"[restaurants/_DBoyUGdTP2nnpBJi6Ysaw] update_mapping [_doc]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataMappingService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-08-30T22:25:12.324Z", "log.level": "INFO", "message":"[restaurants/_DBoyUGdTP2nnpBJi6Ysaw] update_mapping [_doc]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataMappingService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-08-30T22:25:12.367Z", "log.level": "INFO", "message":"[restaurants/_DBoyUGdTP2nnpBJi6Ysaw] update_mapping [_doc]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataMappingService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-08-30T22:25:12.461Z", "log.level": "INFO", "message":"[restaurants/_DBoyUGdTP2nnpBJi6Ysaw] update_mapping [_doc]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataMappingService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}

4

{"@timestamp":"2022-08-31T01:30:00.000Z", "log.level": "INFO", "message":"starting SLM retention snapshot cleanup task", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][trigger_engine_scheduler][T#1]","log.logger":"org.elasticsearch.xpack.slm.SnapshotRetentionTask","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-08-31T01:30:00.001Z", "log.level": "INFO", "message":"there are no repositories to fetch, SLM retention snapshot cleanup task complete", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][trigger_engine_scheduler][T#1]","log.logger":"org.elasticsearch.xpack.slm.SnapshotRetentionTask","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-08-31T01:38:00.000Z", "log.level": "INFO", "message":"triggering scheduled [ML] maintenance tasks", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#2]","log.logger":"org.elasticsearch.xpack.ml.MlDailyMaintenanceService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-08-31T01:38:00.001Z", "log.level": "INFO", "message":"Deleting expired data", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#2]","log.logger":"org.elasticsearch.xpack.ml.action.TransportDeleteExpiredDataAction","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-08-31T01:38:00.002Z", "log.level": "INFO", "message":"Successfully deleted [0] unused stats documents", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#7]","log.logger":"org.elasticsearch.xpack.ml.job.retention.UnusedStatsRemover","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-08-31T01:38:00.003Z", "log.level": "INFO", "message":"Completed deletion of expired ML data", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][ml_utility][T#2]","log.logger":"org.elasticsearch.xpack.ml.action.TransportDeleteExpiredDataAction","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-08-31T01:38:00.003Z", "log.level": "INFO", "message":"Successfully completed [ML] maintenance task: triggerDeleteExpiredDataTask", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][ml_utility][T#2]","log.logger":"org.elasticsearch.xpack.ml.MlDailyMaintenanceService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-01T01:30:00.000Z", "log.level": "INFO", "message":"starting SLM retention snapshot cleanup task", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][trigger_engine_scheduler][T#1]","log.logger":"org.elasticsearch.xpack.slm.SnapshotRetentionTask","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-01T01:30:00.001Z", "log.level": "INFO", "message":"there are no repositories to fetch, SLM retention snapshot cleanup task complete", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][trigger_engine_scheduler][T#1]","log.logger":"org.elasticsearch.xpack.slm.SnapshotRetentionTask","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-01T01:38:00.001Z", "log.level": "INFO", "message":"triggering scheduled [ML] maintenance tasks", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#6]","log.logger":"org.elasticsearch.xpack.ml.MlDailyMaintenanceService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-01T01:38:00.002Z", "log.level": "INFO", "message":"Deleting expired data", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#6]","log.logger":"org.elasticsearch.xpack.ml.action.TransportDeleteExpiredDataAction","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-01T01:38:00.009Z", "log.level": "INFO", "message":"Successfully deleted [0] unused stats documents", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#4]","log.logger":"org.elasticsearch.xpack.ml.job.retention.UnusedStatsRemover","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-01T01:38:00.009Z", "log.level": "INFO", "message":"Completed deletion of expired ML data", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][ml_utility][T#3]","log.logger":"org.elasticsearch.xpack.ml.action.TransportDeleteExpiredDataAction","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-01T01:38:00.010Z", "log.level": "INFO", "message":"Successfully completed [ML] maintenance task: triggerDeleteExpiredDataTask", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][ml_utility][T#3]","log.logger":"org.elasticsearch.xpack.ml.MlDailyMaintenanceService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-01T01:38:14.977Z", "log.level": "INFO", "message":"evicted [0] entries from cache after reloading database [/tmp/elasticsearch-16016688957705358733/geoip-databases/_On0JHF6SsCi8T2qU4FyFQ/GeoLite2-ASN.mmdb]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#7]","log.logger":"org.elasticsearch.ingest.geoip.DatabaseReaderLazyLoader","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-01T01:38:14.978Z", "log.level": "INFO", "message":"successfully loaded geoip database file [GeoLite2-ASN.mmdb]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#7]","log.logger":"org.elasticsearch.ingest.geoip.DatabaseNodeService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-01T01:38:22.995Z", "log.level": "INFO", "message":"evicted [0] entries from cache after reloading database [/tmp/elasticsearch-16016688957705358733/geoip-databases/_On0JHF6SsCi8T2qU4FyFQ/GeoLite2-City.mmdb]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#2]","log.logger":"org.elasticsearch.ingest.geoip.DatabaseReaderLazyLoader","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-01T01:38:22.995Z", "log.level": "INFO", "message":"successfully loaded geoip database file [GeoLite2-City.mmdb]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#2]","log.logger":"org.elasticsearch.ingest.geoip.DatabaseNodeService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-01T01:38:23.379Z", "log.level": "INFO", "message":"evicted [0] entries from cache after reloading database [/tmp/elasticsearch-16016688957705358733/geoip-databases/_On0JHF6SsCi8T2qU4FyFQ/GeoLite2-Country.mmdb]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#3]","log.logger":"org.elasticsearch.ingest.geoip.DatabaseReaderLazyLoader","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-01T01:38:23.379Z", "log.level": "INFO", "message":"successfully loaded geoip database file [GeoLite2-Country.mmdb]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#3]","log.logger":"org.elasticsearch.ingest.geoip.DatabaseNodeService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-01T21:21:19.698Z", "log.level": "INFO", "message":"[restaurant_location_combo] creating index, cause [api], templates [], shards [1]/[1]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataCreateIndexService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-01T21:21:20.399Z", "log.level": "INFO",  "current.health":"GREEN","message":"Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[restaurant_location_combo][0]]]).","previous.health":"YELLOW","reason":"shards started [[restaurant_location_combo][0]]" , "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.routing.allocation.AllocationService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-01T21:21:51.386Z", "log.level": "INFO", "message":"[restaurant_location_combo/7CXaqenQTLO9VjQ90BAi7g] create_mapping", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataMappingService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-01T21:21:51.550Z", "log.level": "INFO", "message":"[restaurant_location_combo/7CXaqenQTLO9VjQ90BAi7g] update_mapping [_doc]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataMappingService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-01T21:21:54.341Z", "log.level": "INFO", "message":"[restaurant_location_combo/7CXaqenQTLO9VjQ90BAi7g] update_mapping [_doc]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataMappingService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-01T21:22:08.329Z", "log.level": "INFO", "message":"[restaurant_location_combo/7CXaqenQTLO9VjQ90BAi7g] update_mapping [_doc]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataMappingService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-01T21:25:06.451Z", "log.level": "INFO", "message":"[restaurant_location_combo/7CXaqenQTLO9VjQ90BAi7g] update_mapping [_doc]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataMappingService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-01T21:55:17.017Z", "log.level": "INFO", "message":"[restaurant_location_combo/7CXaqenQTLO9VjQ90BAi7g] deleting index", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataDeleteIndexService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-01T21:57:05.397Z", "log.level": "INFO", "message":"[restaurant_location_combo] creating index, cause [api], templates [], shards [1]/[1]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataCreateIndexService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-01T21:57:06.076Z", "log.level": "INFO",  "current.health":"GREEN","message":"Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[restaurant_location_combo][0]]]).","previous.health":"YELLOW","reason":"shards started [[restaurant_location_combo][0]]" , "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.routing.allocation.AllocationService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-01T21:57:22.463Z", "log.level": "INFO", "message":"[restaurant_location_combo/pS6ZJrstQsulcd0XXSB1eQ] create_mapping", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataMappingService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-01T21:57:22.547Z", "log.level": "INFO", "message":"[restaurant_location_combo/pS6ZJrstQsulcd0XXSB1eQ] update_mapping [_doc]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataMappingService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}

5

{"@timestamp":"2022-09-01T21:57:25.331Z", "log.level": "INFO", "message":"[restaurant_location_combo/pS6ZJrstQsulcd0XXSB1eQ] update_mapping [_doc]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataMappingService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-01T21:57:38.376Z", "log.level": "INFO", "message":"[restaurant_location_combo/pS6ZJrstQsulcd0XXSB1eQ] update_mapping [_doc]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataMappingService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-01T22:04:00.774Z", "log.level": "INFO", "message":"[restaurant_location_combo/pS6ZJrstQsulcd0XXSB1eQ] update_mapping [_doc]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataMappingService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-01T22:41:03.198Z", "log.level": "INFO", "message":"[restaurant_location_combo/pS6ZJrstQsulcd0XXSB1eQ] deleting index", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataDeleteIndexService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-01T22:46:25.476Z", "log.level": "INFO", "message":"[restaurant_location-combo] creating index, cause [api], templates [], shards [1]/[1]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataCreateIndexService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-01T22:46:26.147Z", "log.level": "INFO",  "current.health":"GREEN","message":"Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[restaurant_location-combo][0]]]).","previous.health":"YELLOW","reason":"shards started [[restaurant_location-combo][0]]" , "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.routing.allocation.AllocationService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-01T22:46:48.119Z", "log.level": "INFO", "message":"[restaurant_location-combo/rkFfhjYZTvua4kwEnbqVnA] create_mapping", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataMappingService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-01T22:46:48.178Z", "log.level": "INFO", "message":"[restaurant_location-combo/rkFfhjYZTvua4kwEnbqVnA] update_mapping [_doc]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataMappingService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-01T22:46:48.252Z", "log.level": "INFO", "message":"[restaurant_location-combo/rkFfhjYZTvua4kwEnbqVnA] update_mapping [_doc]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataMappingService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-01T22:46:48.337Z", "log.level": "INFO", "message":"[restaurant_location-combo/rkFfhjYZTvua4kwEnbqVnA] update_mapping [_doc]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataMappingService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-01T22:46:53.547Z", "log.level": "INFO", "message":"[restaurant_location-combo/rkFfhjYZTvua4kwEnbqVnA] update_mapping [_doc]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataMappingService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-01T22:47:07.000Z", "log.level": "INFO", "message":"[restaurant_location-combo/rkFfhjYZTvua4kwEnbqVnA] update_mapping [_doc]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataMappingService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-01T22:52:27.316Z", "log.level": "INFO", "message":"[restaurant_location-combo/rkFfhjYZTvua4kwEnbqVnA] update_mapping [_doc]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataMappingService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-01T22:59:18.355Z", "log.level": "INFO", "message":"[restaurant_location-combo/rkFfhjYZTvua4kwEnbqVnA] deleting index", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataDeleteIndexService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-01T23:00:28.312Z", "log.level": "INFO", "message":"[restaurant_location_combo] creating index, cause [api], templates [], shards [1]/[1]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataCreateIndexService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-01T23:00:28.995Z", "log.level": "INFO",  "current.health":"GREEN","message":"Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[restaurant_location_combo][0]]]).","previous.health":"YELLOW","reason":"shards started [[restaurant_location_combo][0]]" , "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.routing.allocation.AllocationService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}

6

{"@timestamp":"2022-09-01T23:00:52.925Z", "log.level": "INFO", "message":"[restaurant_location_combo/yxkFp-88TXaTgvxdQMUK-g] create_mapping", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataMappingService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-01T23:00:53.006Z", "log.level": "INFO", "message":"[restaurant_location_combo/yxkFp-88TXaTgvxdQMUK-g] update_mapping [_doc]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataMappingService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-01T23:00:53.069Z", "log.level": "INFO", "message":"[restaurant_location_combo/yxkFp-88TXaTgvxdQMUK-g] update_mapping [_doc]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataMappingService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-01T23:00:53.134Z", "log.level": "INFO", "message":"[restaurant_location_combo/yxkFp-88TXaTgvxdQMUK-g] update_mapping [_doc]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataMappingService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-01T23:00:57.994Z", "log.level": "INFO", "message":"[restaurant_location_combo/yxkFp-88TXaTgvxdQMUK-g] update_mapping [_doc]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataMappingService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-01T23:01:12.425Z", "log.level": "INFO", "message":"[restaurant_location_combo/yxkFp-88TXaTgvxdQMUK-g] update_mapping [_doc]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataMappingService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-01T23:03:54.482Z", "log.level": "INFO", "message":"[restaurant_location_combo/yxkFp-88TXaTgvxdQMUK-g] update_mapping [_doc]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataMappingService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-02T01:30:00.000Z", "log.level": "INFO", "message":"starting SLM retention snapshot cleanup task", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][trigger_engine_scheduler][T#1]","log.logger":"org.elasticsearch.xpack.slm.SnapshotRetentionTask","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-02T01:30:00.001Z", "log.level": "INFO", "message":"there are no repositories to fetch, SLM retention snapshot cleanup task complete", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][trigger_engine_scheduler][T#1]","log.logger":"org.elasticsearch.xpack.slm.SnapshotRetentionTask","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-02T01:38:00.000Z", "log.level": "INFO", "message":"triggering scheduled [ML] maintenance tasks", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#1]","log.logger":"org.elasticsearch.xpack.ml.MlDailyMaintenanceService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-02T01:38:00.001Z", "log.level": "INFO", "message":"Deleting expired data", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#1]","log.logger":"org.elasticsearch.xpack.ml.action.TransportDeleteExpiredDataAction","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-02T01:38:00.006Z", "log.level": "INFO", "message":"Successfully deleted [0] unused stats documents", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#7]","log.logger":"org.elasticsearch.xpack.ml.job.retention.UnusedStatsRemover","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-02T01:38:00.007Z", "log.level": "INFO", "message":"Completed deletion of expired ML data", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][ml_utility][T#2]","log.logger":"org.elasticsearch.xpack.ml.action.TransportDeleteExpiredDataAction","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-02T01:38:00.007Z", "log.level": "INFO", "message":"Successfully completed [ML] maintenance task: triggerDeleteExpiredDataTask", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][ml_utility][T#2]","log.logger":"org.elasticsearch.xpack.ml.MlDailyMaintenanceService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-03T01:30:00.000Z", "log.level": "INFO", "message":"starting SLM retention snapshot cleanup task", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][trigger_engine_scheduler][T#1]","log.logger":"org.elasticsearch.xpack.slm.SnapshotRetentionTask","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-03T01:30:00.000Z", "log.level": "INFO", "message":"there are no repositories to fetch, SLM retention snapshot cleanup task complete", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][trigger_engine_scheduler][T#1]","log.logger":"org.elasticsearch.xpack.slm.SnapshotRetentionTask","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-03T01:38:00.001Z", "log.level": "INFO", "message":"triggering scheduled [ML] maintenance tasks", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#4]","log.logger":"org.elasticsearch.xpack.ml.MlDailyMaintenanceService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-03T01:38:00.002Z", "log.level": "INFO", "message":"Deleting expired data", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#4]","log.logger":"org.elasticsearch.xpack.ml.action.TransportDeleteExpiredDataAction","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-03T01:38:00.003Z", "log.level": "INFO", "message":"Successfully deleted [0] unused stats documents", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#5]","log.logger":"org.elasticsearch.xpack.ml.job.retention.UnusedStatsRemover","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-03T01:38:00.004Z", "log.level": "INFO", "message":"Completed deletion of expired ML data", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][ml_utility][T#2]","log.logger":"org.elasticsearch.xpack.ml.action.TransportDeleteExpiredDataAction","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-03T01:38:00.004Z", "log.level": "INFO", "message":"Successfully completed [ML] maintenance task: triggerDeleteExpiredDataTask", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][ml_utility][T#2]","log.logger":"org.elasticsearch.xpack.ml.MlDailyMaintenanceService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-04T01:30:00.001Z", "log.level": "INFO", "message":"starting SLM retention snapshot cleanup task", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][trigger_engine_scheduler][T#1]","log.logger":"org.elasticsearch.xpack.slm.SnapshotRetentionTask","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-04T01:30:00.002Z", "log.level": "INFO", "message":"there are no repositories to fetch, SLM retention snapshot cleanup task complete", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][trigger_engine_scheduler][T#1]","log.logger":"org.elasticsearch.xpack.slm.SnapshotRetentionTask","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-04T01:38:00.000Z", "log.level": "INFO", "message":"triggering scheduled [ML] maintenance tasks", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#4]","log.logger":"org.elasticsearch.xpack.ml.MlDailyMaintenanceService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-04T01:38:00.001Z", "log.level": "INFO", "message":"Deleting expired data", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#4]","log.logger":"org.elasticsearch.xpack.ml.action.TransportDeleteExpiredDataAction","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-04T01:38:00.007Z", "log.level": "INFO", "message":"Successfully deleted [0] unused stats documents", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#5]","log.logger":"org.elasticsearch.xpack.ml.job.retention.UnusedStatsRemover","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-04T01:38:00.008Z", "log.level": "INFO", "message":"Completed deletion of expired ML data", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][ml_utility][T#3]","log.logger":"org.elasticsearch.xpack.ml.action.TransportDeleteExpiredDataAction","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-04T01:38:00.008Z", "log.level": "INFO", "message":"Successfully completed [ML] maintenance task: triggerDeleteExpiredDataTask", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][ml_utility][T#3]","log.logger":"org.elasticsearch.xpack.ml.MlDailyMaintenanceService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-04T01:38:25.137Z", "log.level": "INFO", "message":"evicted [0] entries from cache after reloading database [/tmp/elasticsearch-16016688957705358733/geoip-databases/_On0JHF6SsCi8T2qU4FyFQ/GeoLite2-ASN.mmdb]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#4]","log.logger":"org.elasticsearch.ingest.geoip.DatabaseReaderLazyLoader","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-04T01:38:25.137Z", "log.level": "INFO", "message":"successfully loaded geoip database file [GeoLite2-ASN.mmdb]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#4]","log.logger":"org.elasticsearch.ingest.geoip.DatabaseNodeService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-04T01:38:31.391Z", "log.level": "INFO", "message":"evicted [0] entries from cache after reloading database [/tmp/elasticsearch-16016688957705358733/geoip-databases/_On0JHF6SsCi8T2qU4FyFQ/GeoLite2-City.mmdb]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#7]","log.logger":"org.elasticsearch.ingest.geoip.DatabaseReaderLazyLoader","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-04T01:38:31.391Z", "log.level": "INFO", "message":"successfully loaded geoip database file [GeoLite2-City.mmdb]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#7]","log.logger":"org.elasticsearch.ingest.geoip.DatabaseNodeService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-04T01:38:31.874Z", "log.level": "INFO", "message":"evicted [0] entries from cache after reloading database [/tmp/elasticsearch-16016688957705358733/geoip-databases/_On0JHF6SsCi8T2qU4FyFQ/GeoLite2-Country.mmdb]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#1]","log.logger":"org.elasticsearch.ingest.geoip.DatabaseReaderLazyLoader","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}

7

{"@timestamp":"2022-09-04T01:38:31.391Z", "log.level": "INFO", "message":"evicted [0] entries from cache after reloading database [/tmp/elasticsearch-16016688957705358733/geoip-databases/_On0JHF6SsCi8T2qU4FyFQ/GeoLite2-City.mmdb]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#7]","log.logger":"org.elasticsearch.ingest.geoip.DatabaseReaderLazyLoader","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-04T01:38:31.391Z", "log.level": "INFO", "message":"successfully loaded geoip database file [GeoLite2-City.mmdb]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#7]","log.logger":"org.elasticsearch.ingest.geoip.DatabaseNodeService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-04T01:38:31.874Z", "log.level": "INFO", "message":"evicted [0] entries from cache after reloading database [/tmp/elasticsearch-16016688957705358733/geoip-databases/_On0JHF6SsCi8T2qU4FyFQ/GeoLite2-Country.mmdb]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#1]","log.logger":"org.elasticsearch.ingest.geoip.DatabaseReaderLazyLoader","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{
    "@timestamp": "2022-09-04T01:38:31.875Z",
    "log.level": "INFO",
    "message": "successfully loaded geoip database file [GeoLite2-Country.mmdb]",
    "ecs.version": "1.2.0",
    "service.name": "ES_ECS",
    "event.dataset": "elasticsearch.server",
    "process.thread.name": "elasticsearch[es02][generic][T#1]",
    "log.logger": "org.elasticsearch.ingest.geoip.DatabaseNodeService",
    "elasticsearch.cluster.uuid": "lL9JIvXISd2QDpkbjdyMRQ",
    "elasticsearch.node.id": "_On0JHF6SsCi8T2qU4FyFQ",
    "elasticsearch.node.name": "es02",
    "elasticsearch.cluster.name": "docker-cluster"
}
{
    "@timestamp": "2022-09-05T01:30:00.000Z",
    "log.level": "INFO",
    "message": "starting SLM retention snapshot cleanup task",
    "ecs.version": "1.2.0",
    "service.name": "ES_ECS",
    "event.dataset": "elasticsearch.server",
    "process.thread.name": "elasticsearch[es02][trigger_engine_scheduler][T#1]",
    "log.logger": "org.elasticsearch.xpack.slm.SnapshotRetentionTask",
    "elasticsearch.cluster.uuid": "lL9JIvXISd2QDpkbjdyMRQ",
    "elasticsearch.node.id": "_On0JHF6SsCi8T2qU4FyFQ",
    "elasticsearch.node.name": "es02",
    "elasticsearch.cluster.name": "docker-cluster"
}
{
    "@timestamp": "2022-09-05T01:30:00.001Z",
    "log.level": "INFO",
    "message": "there are no repositories to fetch, SLM retention snapshot cleanup task complete",
    "ecs.version": "1.2.0",
    "service.name": "ES_ECS",
    "event.dataset": "elasticsearch.server",
    "process.thread.name": "elasticsearch[es02][trigger_engine_scheduler][T#1]",
    "log.logger": "org.elasticsearch.xpack.slm.SnapshotRetentionTask",
    "elasticsearch.cluster.uuid": "lL9JIvXISd2QDpkbjdyMRQ",
    "elasticsearch.node.id": "_On0JHF6SsCi8T2qU4FyFQ",
    "elasticsearch.node.name": "es02",
    "elasticsearch.cluster.name": "docker-cluster"
}
{
    "@timestamp": "2022-09-05T01:38:00.001Z",
    "log.level": "INFO",
    "message": "triggering scheduled [ML] maintenance tasks",
    "ecs.version": "1.2.0",
    "service.name": "ES_ECS",
    "event.dataset": "elasticsearch.server",
    "process.thread.name": "elasticsearch[es02][generic][T#6]",
    "log.logger": "org.elasticsearch.xpack.ml.MlDailyMaintenanceService",
    "elasticsearch.cluster.uuid": "lL9JIvXISd2QDpkbjdyMRQ",
    "elasticsearch.node.id": "_On0JHF6SsCi8T2qU4FyFQ",
    "elasticsearch.node.name": "es02",
    "elasticsearch.cluster.name": "docker-cluster"
}
{
    "@timestamp": "2022-09-05T01:38:00.001Z",
    "log.level": "INFO",
    "message": "Deleting expired data",
    "ecs.version": "1.2.0",
    "service.name": "ES_ECS",
    "event.dataset": "elasticsearch.server",
    "process.thread.name": "elasticsearch[es02][generic][T#6]",
    "log.logger": "org.elasticsearch.xpack.ml.action.TransportDeleteExpiredDataAction",
    "elasticsearch.cluster.uuid": "lL9JIvXISd2QDpkbjdyMRQ",
    "elasticsearch.node.id": "_On0JHF6SsCi8T2qU4FyFQ",
    "elasticsearch.node.name": "es02",
    "elasticsearch.cluster.name": "docker-cluster"
}
{
    "@timestamp": "2022-09-05T01:38:00.011Z",
    "log.level": "INFO",
    "message": "Successfully deleted [0] unused stats documents",
    "ecs.version": "1.2.0",
    "service.name": "ES_ECS",
    "event.dataset": "elasticsearch.server",
    "process.thread.name": "elasticsearch[es02][generic][T#2]",
    "log.logger": "org.elasticsearch.xpack.ml.job.retention.UnusedStatsRemover",
    "elasticsearch.cluster.uuid": "lL9JIvXISd2QDpkbjdyMRQ",
    "elasticsearch.node.id": "_On0JHF6SsCi8T2qU4FyFQ",
    "elasticsearch.node.name": "es02",
    "elasticsearch.cluster.name": "docker-cluster"
}
{
    "@timestamp": "2022-09-05T01:38:00.012Z",
    "log.level": "INFO",
    "message": "Completed deletion of expired ML data",
    "ecs.version": "1.2.0",
    "service.name": "ES_ECS",
    "event.dataset": "elasticsearch.server",
    "process.thread.name": "elasticsearch[es02][ml_utility][T#1]",
    "log.logger": "org.elasticsearch.xpack.ml.action.TransportDeleteExpiredDataAction",
    "elasticsearch.cluster.uuid": "lL9JIvXISd2QDpkbjdyMRQ",
    "elasticsearch.node.id": "_On0JHF6SsCi8T2qU4FyFQ",
    "elasticsearch.node.name": "es02",
    "elasticsearch.cluster.name": "docker-cluster"
}
{
    "@timestamp": "2022-09-05T01:38:00.012Z",
    "log.level": "INFO",
    "message": "Successfully completed [ML] maintenance task: triggerDeleteExpiredDataTask",
    "ecs.version": "1.2.0",
    "service.name": "ES_ECS",
    "event.dataset": "elasticsearch.server",
    "process.thread.name": "elasticsearch[es02][ml_utility][T#1]",
    "log.logger": "org.elasticsearch.xpack.ml.MlDailyMaintenanceService",
    "elasticsearch.cluster.uuid": "lL9JIvXISd2QDpkbjdyMRQ",
    "elasticsearch.node.id": "_On0JHF6SsCi8T2qU4FyFQ",
    "elasticsearch.node.name": "es02",
    "elasticsearch.cluster.name": "docker-cluster"
}
{
    "@timestamp": "2022-09-06T01:30:00.007Z",
    "log.level": "INFO",
    "message": "starting SLM retention snapshot cleanup task",
    "ecs.version": "1.2.0",
    "service.name": "ES_ECS",
    "event.dataset": "elasticsearch.server",
    "process.thread.name": "elasticsearch[es02][trigger_engine_scheduler][T#1]",
    "log.logger": "org.elasticsearch.xpack.slm.SnapshotRetentionTask",
    "elasticsearch.cluster.uuid": "lL9JIvXISd2QDpkbjdyMRQ",
    "elasticsearch.node.id": "_On0JHF6SsCi8T2qU4FyFQ",
    "elasticsearch.node.name": "es02",
    "elasticsearch.cluster.name": "docker-cluster"
}
{
    "@timestamp": "2022-09-06T01:30:00.008Z",
    "log.level": "INFO",
    "message": "there are no repositories to fetch, SLM retention snapshot cleanup task complete",
    "ecs.version": "1.2.0",
    "service.name": "ES_ECS",
    "event.dataset": "elasticsearch.server",
    "process.thread.name": "elasticsearch[es02][trigger_engine_scheduler][T#1]",
    "log.logger": "org.elasticsearch.xpack.slm.SnapshotRetentionTask",
    "elasticsearch.cluster.uuid": "lL9JIvXISd2QDpkbjdyMRQ",
    "elasticsearch.node.id": "_On0JHF6SsCi8T2qU4FyFQ",
    "elasticsearch.node.name": "es02",
    "elasticsearch.cluster.name": "docker-cluster"
}
{
    "@timestamp": "2022-09-06T01:38:00.000Z",
    "log.level": "INFO",
    "message": "triggering scheduled [ML] maintenance tasks",
    "ecs.version": "1.2.0",
    "service.name": "ES_ECS",
    "event.dataset": "elasticsearch.server",
    "process.thread.name": "elasticsearch[es02][generic][T#3]",
    "log.logger": "org.elasticsearch.xpack.ml.MlDailyMaintenanceService",
    "elasticsearch.cluster.uuid": "lL9JIvXISd2QDpkbjdyMRQ",
    "elasticsearch.node.id": "_On0JHF6SsCi8T2qU4FyFQ",
    "elasticsearch.node.name": "es02",
    "elasticsearch.cluster.name": "docker-cluster"
}
{
    "@timestamp": "2022-09-06T01:38:00.001Z",
    "log.level": "INFO",
    "message": "Deleting expired data",
    "ecs.version": "1.2.0",
    "service.name": "ES_ECS",
    "event.dataset": "elasticsearch.server",
    "process.thread.name": "elasticsearch[es02][generic][T#3]",
    "log.logger": "org.elasticsearch.xpack.ml.action.TransportDeleteExpiredDataAction",
    "elasticsearch.cluster.uuid": "lL9JIvXISd2QDpkbjdyMRQ",
    "elasticsearch.node.id": "_On0JHF6SsCi8T2qU4FyFQ",
    "elasticsearch.node.name": "es02",
    "elasticsearch.cluster.name": "docker-cluster"
}
{
    "@timestamp": "2022-09-06T01:38:00.003Z",
    "log.level": "INFO",
    "message": "Successfully deleted [0] unused stats documents",
    "ecs.version": "1.2.0",
    "service.name": "ES_ECS",
    "event.dataset": "elasticsearch.server",
    "process.thread.name": "elasticsearch[es02][generic][T#1]",
    "log.logger": "org.elasticsearch.xpack.ml.job.retention.UnusedStatsRemover",
    "elasticsearch.cluster.uuid": "lL9JIvXISd2QDpkbjdyMRQ",
    "elasticsearch.node.id": "_On0JHF6SsCi8T2qU4FyFQ",
    "elasticsearch.node.name": "es02",
    "elasticsearch.cluster.name": "docker-cluster"
}
{
    "@timestamp": "2022-09-06T01:38:00.005Z",
    "log.level": "INFO",
    "message": "Completed deletion of expired ML data",
    "ecs.version": "1.2.0",
    "service.name": "ES_ECS",
    "event.dataset": "elasticsearch.server",
    "process.thread.name": "elasticsearch[es02][ml_utility][T#1]",
    "log.logger": "org.elasticsearch.xpack.ml.action.TransportDeleteExpiredDataAction",
    "elasticsearch.cluster.uuid": "lL9JIvXISd2QDpkbjdyMRQ",
    "elasticsearch.node.id": "_On0JHF6SsCi8T2qU4FyFQ",
    "elasticsearch.node.name": "es02",
    "elasticsearch.cluster.name": "docker-cluster"
}
{
    "@timestamp": "2022-09-06T01:38:00.005Z",
    "log.level": "INFO",
    "message": "Successfully completed [ML] maintenance task: triggerDeleteExpiredDataTask",
    "ecs.version": "1.2.0",
    "service.name": "ES_ECS",
    "event.dataset": "elasticsearch.server",
    "process.thread.name": "elasticsearch[es02][ml_utility][T#1]",
    "log.logger": "org.elasticsearch.xpack.ml.MlDailyMaintenanceService",
    "elasticsearch.cluster.uuid": "lL9JIvXISd2QDpkbjdyMRQ",
    "elasticsearch.node.id": "_On0JHF6SsCi8T2qU4FyFQ",
    "elasticsearch.node.name": "es02",
    "elasticsearch.cluster.name": "docker-cluster"
}
{
    "@timestamp": "2022-09-06T23:19:56.076Z",
    "log.level": "INFO",
    "message": "[restaurant_location/lena78-3S7mgxbsqrfSnxw] deleting index",
    "ecs.version": "1.2.0",
    "service.name": "ES_ECS",
    "event.dataset": "elasticsearch.server",
    "process.thread.name": "elasticsearch[es02][masterService#updateTask][T#1]",
    "log.logger": "org.elasticsearch.cluster.metadata.MetadataDeleteIndexService",
    "elasticsearch.cluster.uuid": "lL9JIvXISd2QDpkbjdyMRQ",
    "elasticsearch.node.id": "_On0JHF6SsCi8T2qU4FyFQ",
    "elasticsearch.node.name": "es02",
    "elasticsearch.cluster.name": "docker-cluster"
}
{
    "@timestamp": "2022-09-07T00:06:03.869Z",
    "log.level": "INFO",
    "message": "[restaurant_location] creating index, cause [api], templates [], shards [1]/[1]",
    "ecs.version": "1.2.0",
    "service.name": "ES_ECS",
    "event.dataset": "elasticsearch.server",
    "process.thread.name": "elasticsearch[es02][masterService#updateTask][T#1]",
    "log.logger": "org.elasticsearch.cluster.metadata.MetadataCreateIndexService",
    "elasticsearch.cluster.uuid": "lL9JIvXISd2QDpkbjdyMRQ",
    "elasticsearch.node.id": "_On0JHF6SsCi8T2qU4FyFQ",
    "elasticsearch.node.name": "es02",
    "elasticsearch.cluster.name": "docker-cluster"
}
{
    "@timestamp": "2022-09-07T00:06:04.074Z",
    "log.level": "INFO",
    "current.health": "GREEN",
    "message": "Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[restaurant_location][0]]]).",
    "previous.health": "YELLOW",
    "reason": "shards started [[restaurant_location][0]]",
    "ecs.version": "1.2.0",
    "service.name": "ES_ECS",
    "event.dataset": "elasticsearch.server",
    "process.thread.name": "elasticsearch[es02][masterService#updateTask][T#1]",
    "log.logger": "org.elasticsearch.cluster.routing.allocation.AllocationService",
    "elasticsearch.cluster.uuid": "lL9JIvXISd2QDpkbjdyMRQ",
    "elasticsearch.node.id": "_On0JHF6SsCi8T2qU4FyFQ",
    "elasticsearch.node.name": "es02",
    "elasticsearch.cluster.name": "docker-cluster"
}
{
    "@timestamp": "2022-09-07T00:07:50.954Z",

8

 "log.level": "INFO",
    "message": "[restaurant_location/cQuHs6RHSxqULZtzHDt7Aw] create_mapping", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataMappingService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T00:07:51.015Z", "log.level": "INFO", "message":"[restaurant_location/cQuHs6RHSxqULZtzHDt7Aw] update_mapping [_doc]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataMappingService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T00:07:51.066Z", "log.level": "INFO", "message":"[restaurant_location/cQuHs6RHSxqULZtzHDt7Aw] update_mapping [_doc]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataMappingService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T00:07:51.110Z", "log.level": "INFO", "message":"[restaurant_location/cQuHs6RHSxqULZtzHDt7Aw] update_mapping [_doc]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataMappingService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T00:07:51.222Z", "log.level": "INFO", "message":"[restaurant_location/cQuHs6RHSxqULZtzHDt7Aw] update_mapping [_doc]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataMappingService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T00:07:51.372Z", "log.level": "INFO", "message":"[restaurant_location/cQuHs6RHSxqULZtzHDt7Aw] update_mapping [_doc]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataMappingService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T00:07:51.769Z", "log.level": "INFO", "message":"[restaurant_location/cQuHs6RHSxqULZtzHDt7Aw] update_mapping [_doc]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataMappingService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T01:30:00.000Z", "log.level": "INFO", "message":"starting SLM retention snapshot cleanup task", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][trigger_engine_scheduler][T#1]","log.logger":"org.elasticsearch.xpack.slm.SnapshotRetentionTask","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T01:30:00.000Z", "log.level": "INFO", "message":"there are no repositories to fetch, SLM retention snapshot cleanup task complete", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][trigger_engine_scheduler][T#1]","log.logger":"org.elasticsearch.xpack.slm.SnapshotRetentionTask","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T01:38:00.001Z", "log.level": "INFO", "message":"triggering scheduled [ML] maintenance tasks", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#3]","log.logger":"org.elasticsearch.xpack.ml.MlDailyMaintenanceService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T01:38:00.002Z", "log.level": "INFO", "message":"Deleting expired data", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#3]","log.logger":"org.elasticsearch.xpack.ml.action.TransportDeleteExpiredDataAction","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}

9

{"@timestamp":"2022-09-07T01:38:00.004Z", "log.level": "INFO", "message":"Successfully deleted [0] unused stats documents", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#2]","log.logger":"org.elasticsearch.xpack.ml.job.retention.UnusedStatsRemover","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T01:38:00.005Z", "log.level": "INFO", "message":"Completed deletion of expired ML data", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][ml_utility][T#3]","log.logger":"org.elasticsearch.xpack.ml.action.TransportDeleteExpiredDataAction","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T01:38:00.005Z", "log.level": "INFO", "message":"Successfully completed [ML] maintenance task: triggerDeleteExpiredDataTask", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][ml_utility][T#3]","log.logger":"org.elasticsearch.xpack.ml.MlDailyMaintenanceService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T01:38:33.460Z", "log.level": "INFO", "message":"evicted [0] entries from cache after reloading database [/tmp/elasticsearch-16016688957705358733/geoip-databases/_On0JHF6SsCi8T2qU4FyFQ/GeoLite2-ASN.mmdb]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#2]","log.logger":"org.elasticsearch.ingest.geoip.DatabaseReaderLazyLoader","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T01:38:33.460Z", "log.level": "INFO", "message":"successfully loaded geoip database file [GeoLite2-ASN.mmdb]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#2]","log.logger":"org.elasticsearch.ingest.geoip.DatabaseNodeService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T01:38:42.430Z", "log.level": "INFO", "message":"evicted [0] entries from cache after reloading database [/tmp/elasticsearch-16016688957705358733/geoip-databases/_On0JHF6SsCi8T2qU4FyFQ/GeoLite2-Country.mmdb]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#3]","log.logger":"org.elasticsearch.ingest.geoip.DatabaseReaderLazyLoader","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T01:38:42.430Z", "log.level": "INFO", "message":"successfully loaded geoip database file [GeoLite2-Country.mmdb]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#3]","log.logger":"org.elasticsearch.ingest.geoip.DatabaseNodeService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T01:38:44.931Z", "log.level": "INFO", "message":"evicted [0] entries from cache after reloading database [/tmp/elasticsearch-16016688957705358733/geoip-databases/_On0JHF6SsCi8T2qU4FyFQ/GeoLite2-City.mmdb]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#4]","log.logger":"org.elasticsearch.ingest.geoip.DatabaseReaderLazyLoader","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T01:38:44.932Z", "log.level": "INFO", "message":"successfully loaded geoip database file [GeoLite2-City.mmdb]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#4]","log.logger":"org.elasticsearch.ingest.geoip.DatabaseNodeService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:21:46.540Z", "log.level": "INFO", "message":"[restaurant_location/cQuHs6RHSxqULZtzHDt7Aw] update_mapping [_doc]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataMappingService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:26:25.772Z", "log.level": "INFO", "message":"transport connection to [{es01}{IKg4rU8uR9WW9D6yPqfEZQ}{zsLfR_mvRTuFDtvFwq6Ddg}{es01}{172.19.0.3}{172.19.0.3:9300}{cdfhilmrstw}] closed by remote", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][transport_worker][T#2]","log.logger":"org.elasticsearch.transport.ClusterConnectionManager","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:26:25.782Z", "log.level": "INFO",  "current.health":"YELLOW","message":"Cluster health status changed from [GREEN] to [YELLOW] (reason: [{es01}{IKg4rU8uR9WW9D6yPqfEZQ}{zsLfR_mvRTuFDtvFwq6Ddg}{es01}{172.19.0.3}{172.19.0.3:9300}{cdfhilmrstw} reason: disconnected]).","previous.health":"GREEN","reason":"{es01}{IKg4rU8uR9WW9D6yPqfEZQ}{zsLfR_mvRTuFDtvFwq6Ddg}{es01}{172.19.0.3}{172.19.0.3:9300}{cdfhilmrstw} reason: disconnected" , "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.routing.allocation.AllocationService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:26:25.802Z", "log.level": "INFO", "message":"node-left[{es01}{IKg4rU8uR9WW9D6yPqfEZQ}{zsLfR_mvRTuFDtvFwq6Ddg}{es01}{172.19.0.3}{172.19.0.3:9300}{cdfhilmrstw} reason: disconnected], term: 20, version: 1172, delta: removed {{es01}{IKg4rU8uR9WW9D6yPqfEZQ}{zsLfR_mvRTuFDtvFwq6Ddg}{es01}{172.19.0.3}{172.19.0.3:9300}{cdfhilmrstw}}", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.service.MasterService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:26:25.906Z", "log.level": "INFO", "message":"removed {{es01}{IKg4rU8uR9WW9D6yPqfEZQ}{zsLfR_mvRTuFDtvFwq6Ddg}{es01}{172.19.0.3}{172.19.0.3:9300}{cdfhilmrstw}}, term: 20, version: 1172, reason: Publication{term=20, version=1172}", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][clusterApplierService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.service.ClusterApplierService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:26:25.950Z", "log.level": "INFO", "message":"scheduling reroute for delayed shards in [59.8s] (15 delayed shards)", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][clusterApplierService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.routing.DelayedAllocationService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:26:25.956Z", "log.level": "INFO", "message":"primary-replica resync completed with 0 operations", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#6]","log.logger":"org.elasticsearch.index.shard.IndexShard","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster","tags":[" [.kibana-event-log-8.3.2-000002][0]"]}
{"@timestamp":"2022-09-07T17:26:25.961Z", "log.level": "INFO", "message":"primary-replica resync completed with 0 operations", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#3]","log.logger":"org.elasticsearch.index.shard.IndexShard","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster","tags":[" [.apm-custom-link][0]"]}
{"@timestamp":"2022-09-07T17:26:25.973Z", "log.level": "INFO", "message":"primary-replica resync completed with 0 operations", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#6]","log.logger":"org.elasticsearch.index.shard.IndexShard","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster","tags":[" [restaurant_items][0]"]}
{"@timestamp":"2022-09-07T17:27:26.004Z", "log.level": "WARN", "message":"[.security-7][0] marking unavailable shards as stale: [iX31xcNqRSWD9UQRj0KbxA]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.routing.allocation.AllocationService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:27:26.086Z", "log.level": "WARN", "message":"[.kibana_task_manager_8.3.2_001][0] marking unavailable shards as stale: [oSWzHXHEQbWSh6bxZ7bf2g]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.routing.allocation.AllocationService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:27:26.335Z", "log.level": "WARN", "message":"[.apm-custom-link][0] marking unavailable shards as stale: [nBUe7MqYQGiNRDOWF4xDyw]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.routing.allocation.AllocationService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:27:26.385Z", "log.level": "WARN", "message":"[.async-search][0] marking unavailable shards as stale: [6uBmF5DGQTGCR1ZRD2Jj6w]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.routing.allocation.AllocationService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:27:26.445Z", "log.level": "WARN", "message":"[.tasks][0] marking unavailable shards as stale: [58f1y6RrSNOL3SccPyeyyQ]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.routing.allocation.AllocationService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:27:26.767Z", "log.level": "WARN", "message":"[restaurants][0] marking unavailable shards as stale: [0s-uHGuxSq2yDSbR_VEu8w]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.routing.allocation.AllocationService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:27:26.937Z", "log.level": "WARN", "message":"[.ds-.logs-deprecation.elasticsearch-default-2022.08.12-000002][0] marking unavailable shards as stale: [6woD3_CvRAqD8UKk6R9wzQ]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.routing.allocation.AllocationService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:27:27.278Z", "log.level": "WARN", "message":"[.kibana-event-log-8.3.2-000002][0] marking unavailable shards as stale: [vfw_hUhLRhWXVSviWg7lfA]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.routing.allocation.AllocationService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:27:28.657Z", "log.level": "WARN", "message":"[smfood-recipe-combo][0] marking unavailable shards as stale: [-XYM89GVS_yzcnpdncNGyQ]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.routing.allocation.AllocationService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:27:28.711Z", "log.level": "WARN", "message":"[smfood][0] marking unavailable shards as stale: [5J_Tpy1pQU6Upfacp4C8ZA]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.routing.allocation.AllocationService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:27:29.529Z", "log.level": "WARN", "message":"[.ds-.logs-deprecation.elasticsearch-default-2022.07.13-000001][0] marking unavailable shards as stale: [AhokeX6RTCKENYN2-qT6NQ]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.routing.allocation.AllocationService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:27:30.267Z", "log.level": "WARN", "message":"[.kibana-event-log-8.3.2-000001][0] marking unavailable shards as stale: [r-ZZmzgKR4SLnVZOEX4Zhg]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.routing.allocation.AllocationService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:27:33.246Z", "log.level": "WARN", "message":"[restaurant_location][0] marking unavailable shards as stale: [85FegeDxT5aLuTt7gR8CAA]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.routing.allocation.AllocationService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:27:34.940Z", "log.level": "WARN", "message":"[restaurant_items][0] marking unavailable shards as stale: [BQ6m973VSHmjz2z3eCp3-w]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.routing.allocation.AllocationService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:27:43.962Z", "log.level": "WARN", "message":"[cpg][0] marking unavailable shards as stale: [y6jmNn6aSEKQmYyHehWybA]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.routing.allocation.AllocationService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}

ERROR: Elasticsearch exited unexpectedly
{"@timestamp":"2022-09-07T17:45:23.959Z", "log.level": "INFO", "message":"version[8.3.2], pid[69], build[docker/8b0b1f23fbebecc3c88e4464319dea8989f374fd/2022-07-06T15:15:15.901688194Z], OS[Linux/5.15.0-1015-aws/amd64], JVM[Oracle Corporation/OpenJDK 64-Bit Server VM/18.0.1.1/18.0.1.1+2-6]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.node.Node","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:23.966Z", "log.level": "INFO", "message":"JVM home [/usr/share/elasticsearch/jdk], using bundled JDK [true]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.node.Node","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:23.966Z", "log.level": "INFO", "message":"JVM arguments [-Des.networkaddress.cache.ttl=60, -Des.networkaddress.cache.negative.ttl=10, -Djava.security.manager=allow, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Dlog4j2.formatMsgNoLookups=true, -Djava.locale.providers=SPI,COMPAT, --add-opens=java.base/java.io=ALL-UNNAMED, -Des.cgroups.hierarchy.override=/, -XX:+UseG1GC, -Djava.io.tmpdir=/tmp/elasticsearch-4420053102357536111, -XX:+HeapDumpOnOutOfMemoryError, -XX:+ExitOnOutOfMemoryError, -XX:HeapDumpPath=data, -XX:ErrorFile=logs/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=logs/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Xms512m, -Xmx512m, -XX:MaxDirectMemorySize=268435456, -XX:G1HeapRegionSize=4m, -XX:InitiatingHeapOccupancyPercent=30, -XX:G1ReservePercent=15, -Des.distribution.type=docker, --module-path=/usr/share/elasticsearch/lib, -Djdk.module.main=org.elasticsearch.server]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.node.Node","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:26.831Z", "log.level": "INFO", "message":"Package versions: jackson-annotations=2.13.2, jackson-core=2.13.2, jackson-databind=2.13.2.2, jackson-dataformat-xml=2.13.2, jackson-datatype-jsr310=2.13.2, azure-core=1.27.0, Troubleshooting version conflicts: https://aka.ms/azsdk/java/dependency/troubleshoot", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"com.azure.core.implementation.jackson.JacksonVersion","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:28.659Z", "log.level": "INFO", "message":"loaded module [aggs-matrix-stats]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}

10

{"@timestamp":"2022-09-07T17:45:28.660Z", "log.level": "INFO", "message":"loaded module [analysis-common]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:28.660Z", "log.level": "INFO", "message":"loaded module [constant-keyword]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:28.660Z", "log.level": "INFO", "message":"loaded module [data-streams]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:28.661Z", "log.level": "INFO", "message":"loaded module [frozen-indices]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:28.661Z", "log.level": "INFO", "message":"loaded module [ingest-common]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:28.667Z", "log.level": "INFO", "message":"loaded module [ingest-geoip]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:28.668Z", "log.level": "INFO", "message":"loaded module [ingest-user-agent]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:28.668Z", "log.level": "INFO", "message":"loaded module [kibana]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:28.669Z", "log.level": "INFO", "message":"loaded module [lang-expression]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:28.670Z", "log.level": "INFO", "message":"loaded module [lang-mustache]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:28.670Z", "log.level": "INFO", "message":"loaded module [lang-painless]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:28.670Z", "log.level": "INFO", "message":"loaded module [legacy-geo]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:28.670Z", "log.level": "INFO", "message":"loaded module [mapper-extras]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:28.670Z", "log.level": "INFO", "message":"loaded module [mapper-version]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:28.671Z", "log.level": "INFO", "message":"loaded module [old-lucene-versions]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:28.671Z", "log.level": "INFO", "message":"loaded module [parent-join]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:28.671Z", "log.level": "INFO", "message":"loaded module [percolator]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:28.671Z", "log.level": "INFO", "message":"loaded module [rank-eval]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:28.671Z", "log.level": "INFO", "message":"loaded module [reindex]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:28.671Z", "log.level": "INFO", "message":"loaded module [repositories-metering-api]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:28.672Z", "log.level": "INFO", "message":"loaded module [repository-azure]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:28.672Z", "log.level": "INFO", "message":"loaded module [repository-encrypted]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}

11

{"@timestamp":"2022-09-07T17:45:28.672Z", "log.level": "INFO", "message":"loaded module [repository-gcs]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:28.672Z", "log.level": "INFO", "message":"loaded module [repository-s3]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:28.672Z", "log.level": "INFO", "message":"loaded module [repository-url]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:28.672Z", "log.level": "INFO", "message":"loaded module [runtime-fields-common]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:28.672Z", "log.level": "INFO", "message":"loaded module [search-business-rules]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:28.673Z", "log.level": "INFO", "message":"loaded module [searchable-snapshots]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:28.673Z", "log.level": "INFO", "message":"loaded module [snapshot-based-recoveries]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:28.673Z", "log.level": "INFO", "message":"loaded module [snapshot-repo-test-kit]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:28.674Z", "log.level": "INFO", "message":"loaded module [spatial]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:28.674Z", "log.level": "INFO", "message":"loaded module [transform]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:28.674Z", "log.level": "INFO", "message":"loaded module [transport-netty4]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:28.674Z", "log.level": "INFO", "message":"loaded module [unsigned-long]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:28.674Z", "log.level": "INFO", "message":"loaded module [vector-tile]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:28.675Z", "log.level": "INFO", "message":"loaded module [vectors]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:28.675Z", "log.level": "INFO", "message":"loaded module [wildcard]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:28.675Z", "log.level": "INFO", "message":"loaded module [x-pack-aggregate-metric]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:28.675Z", "log.level": "INFO", "message":"loaded module [x-pack-analytics]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:28.676Z", "log.level": "INFO", "message":"loaded module [x-pack-async]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:28.676Z", "log.level": "INFO", "message":"loaded module [x-pack-async-search]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:28.676Z", "log.level": "INFO", "message":"loaded module [x-pack-autoscaling]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:28.676Z", "log.level": "INFO", "message":"loaded module [x-pack-ccr]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:28.676Z", "log.level": "INFO", "message":"loaded module [x-pack-core]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:28.677Z", "log.level": "INFO", "message":"loaded module [x-pack-deprecation]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:28.677Z", "log.level": "INFO", "message":"loaded module [x-pack-enrich]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:28.677Z", "log.level": "INFO", "message":"loaded module [x-pack-eql]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:28.677Z", "log.level": "INFO", "message":"loaded module [x-pack-fleet]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:28.678Z", "log.level": "INFO", "message":"loaded module [x-pack-graph]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:28.678Z", "log.level": "INFO", "message":"loaded module [x-pack-identity-provider]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:28.678Z", "log.level": "INFO", "message":"loaded module [x-pack-ilm]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:28.679Z", "log.level": "INFO", "message":"loaded module [x-pack-logstash]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:28.679Z", "log.level": "INFO", "message":"loaded module [x-pack-ml]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:28.679Z", "log.level": "INFO", "message":"loaded module [x-pack-monitoring]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:28.679Z", "log.level": "INFO", "message":"loaded module [x-pack-ql]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:28.679Z", "log.level": "INFO", "message":"loaded module [x-pack-rollup]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:28.679Z", "log.level": "INFO", "message":"loaded module [x-pack-security]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:28.680Z", "log.level": "INFO", "message":"loaded module [x-pack-shutdown]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:28.681Z", "log.level": "INFO", "message":"loaded module [x-pack-sql]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:28.682Z", "log.level": "INFO", "message":"loaded module [x-pack-stack]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:28.683Z", "log.level": "INFO", "message":"loaded module [x-pack-text-structure]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:28.683Z", "log.level": "INFO", "message":"loaded module [x-pack-voting-only-node]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:28.683Z", "log.level": "INFO", "message":"loaded module [x-pack-watcher]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:28.683Z", "log.level": "INFO", "message":"no plugins loaded", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:32.475Z", "log.level": "INFO", "message":"using [1] data paths, mounts [[/usr/share/elasticsearch/data (/dev/root)]], net usable_space [16.2gb], net total_space [28.8gb], types [ext4]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.env.NodeEnvironment","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:32.476Z", "log.level": "INFO", "message":"heap size [512mb], compressed ordinary object pointers [true]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.env.NodeEnvironment","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:32.616Z", "log.level": "INFO", "message":"node name [es02], node ID [_On0JHF6SsCi8T2qU4FyFQ], cluster name [docker-cluster], roles [data, remote_cluster_client, master, data_warm, data_content, transform, data_hot, ml, data_frozen, ingest, data_cold]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.node.Node","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:36.787Z", "log.level": "INFO", "message":"Security is disabled", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.xpack.security.Security","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:36.906Z", "log.level": "INFO", "message":"[controller/95] [Main.cc@123] controller (64 bit): Version 8.3.2 (Build c86b7174f20c42) Copyright (c) 2022 Elasticsearch BV", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"ml-cpp-log-tail-thread","log.logger":"org.elasticsearch.xpack.ml.process.logging.CppLogMessageHandler","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:37.481Z", "log.level": "INFO", "message":"creating NettyAllocator with the following configs: [name=unpooled, suggested_max_allocation_size=1mb, factors={es.unsafe.use_unpooled_allocator=null, g1gc_enabled=true, g1gc_region_size=4mb, heap_size=512mb}]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.transport.netty4.NettyAllocator","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:37.513Z", "log.level": "INFO", "message":"using rate limit [40mb] with [default=40mb, read=0b, write=0b, max=0b]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.indices.recovery.RecoverySettings","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:37.568Z", "log.level": "INFO", "message":"using discovery type [multi-node] and seed hosts providers [settings]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.discovery.DiscoveryModule","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:39.253Z", "log.level": "INFO", "message":"initialized", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.node.Node","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:39.254Z", "log.level": "INFO", "message":"starting ...", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.node.Node","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:39.279Z", "log.level": "INFO", "message":"persistent cache index loaded", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.xpack.searchablesnapshots.cache.full.PersistentCache","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:39.280Z", "log.level": "INFO", "message":"deprecation component started", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.xpack.deprecation.logging.DeprecationIndexingComponent","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:39.412Z", "log.level": "INFO", "message":"publish_address {172.19.0.4:9300}, bound_addresses {0.0.0.0:9300}", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.transport.TransportService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:40.302Z", "log.level": "INFO", "message":"bound or publishing to a non-loopback address, enforcing bootstrap checks", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.bootstrap.BootstrapChecks","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:40.306Z", "log.level": "WARN", "message":"this node is locked into cluster UUID [lL9JIvXISd2QDpkbjdyMRQ] but [cluster.initial_master_nodes] is set to [es01, es02, es03]; remove this setting to avoid possible data loss caused by subsequent cluster bootstrap attempts", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.cluster.coordination.ClusterBootstrapService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:40.328Z", "log.level": "WARN", "message":"failed to resolve host [\"172.31.61.162\"]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#1]","log.logger":"org.elasticsearch.discovery.SeedHostsResolver","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster","error.type":"java.net.UnknownHostException","error.message":"\"172.31.61.162\"","error.stack_trace":"java.net.UnknownHostException: \"172.31.61.162\"\n\tat java.base/java.net.InetAddress$CachedAddresses.get(InetAddress.java:948)\n\tat java.base/java.net.InetAddress.getAllByName0(InetAddress.java:1628)\n\tat java.base/java.net.InetAddress.getAllByName(InetAddress.java:1494)\n\tat org.elasticsearch.server@8.3.2/org.elasticsearch.transport.TcpTransport.parse(TcpTransport.java:634)\n\tat org.elasticsearch.server@8.3.2/org.elasticsearch.transport.TcpTransport.addressesFromString(TcpTransport.java:576)\n\tat org.elasticsearch.server@8.3.2/org.elasticsearch.transport.TransportService.addressesFromString(TransportService.java:973)\n\tat org.elasticsearch.server@8.3.2/org.elasticsearch.discovery.SeedHostsResolver.lambda$resolveHosts$0(SeedHostsResolver.java:92)\n\tat java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)\n\tat org.elasticsearch.server@8.3.2/org.elasticsearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:710)\n\tat java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)\n\tat java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)\n\tat java.base/java.lang.Thread.run(Thread.java:833)\n"}
{"@timestamp":"2022-09-07T17:45:40.478Z", "log.level": "INFO", "message":"elected-as-master ([2] nodes joined)[_FINISH_ELECTION_, {es02}{_On0JHF6SsCi8T2qU4FyFQ}{Q8V-zIkHSdW5S3WmpwXSTA}{es02}{172.19.0.4}{172.19.0.4:9300}{cdfhilmrstw} completing election, {es03}{ebE6GizGQ6-b-JU0iKtk0w}{Tud6RiewTI-qRTUUHyEbyg}{es03}{172.19.0.5}{172.19.0.5:9300}{cdfhilmrstw} completing election], term: 21, version: 1212, delta: master node changed {previous [], current [{es02}{_On0JHF6SsCi8T2qU4FyFQ}{Q8V-zIkHSdW5S3WmpwXSTA}{es02}{172.19.0.4}{172.19.0.4:9300}{cdfhilmrstw}]}, added {{es03}{ebE6GizGQ6-b-JU0iKtk0w}{Tud6RiewTI-qRTUUHyEbyg}{es03}{172.19.0.5}{172.19.0.5:9300}{cdfhilmrstw}}", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.service.MasterService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:40.641Z", "log.level": "INFO", "message":"master node changed {previous [], current [{es02}{_On0JHF6SsCi8T2qU4FyFQ}{Q8V-zIkHSdW5S3WmpwXSTA}{es02}{172.19.0.4}{172.19.0.4:9300}{cdfhilmrstw}]}, added {{es03}{ebE6GizGQ6-b-JU0iKtk0w}{Tud6RiewTI-qRTUUHyEbyg}{es03}{172.19.0.5}{172.19.0.5:9300}{cdfhilmrstw}}, term: 21, version: 1212, reason: Publication{term=21, version=1212}", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][clusterApplierService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.service.ClusterApplierService","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:40.674Z", "log.level": "INFO", "message":"skipping monitor as a check is already in progress", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#2]","log.logger":"org.elasticsearch.cluster.routing.allocation.DiskThresholdMonitor","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:40.692Z", "log.level": "INFO", "message":"publish_address {172.19.0.4:9200}, bound_addresses {0.0.0.0:9200}", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.http.AbstractHttpServerTransport","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:40.693Z", "log.level": "INFO", "message":"started {es02}{_On0JHF6SsCi8T2qU4FyFQ}{Q8V-zIkHSdW5S3WmpwXSTA}{es02}{172.19.0.4}{172.19.0.4:9300}{cdfhilmrstw}{ml.max_jvm_size=536870912, xpack.installed=true, ml.machine_memory=1073741824}", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.node.Node","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:41.007Z", "log.level": "WARN", "message":"Creating processor [set_security_user] (tag [null]) on field [_security] but authentication is not currently enabled on this cluster  - this processor is likely to fail at runtime if it is used", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][clusterApplierService#updateTask][T#1]","log.logger":"org.elasticsearch.xpack.security.ingest.SetSecurityUserProcessor","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:41.413Z", "log.level": "INFO", "message":"license [c6a4aac7-8924-4f0b-8f68-6e611997ae23] mode [basic] - valid", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][clusterApplierService#updateTask][T#1]","log.logger":"org.elasticsearch.license.LicenseService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:41.418Z", "log.level": "INFO", "message":"recovered [23] indices into cluster_state", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.gateway.GatewayService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:41.527Z", "log.level":"ERROR", "message":"exception during geoip databases update", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#2]","log.logger":"org.elasticsearch.ingest.geoip.GeoIpDownloader","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster","error.type":"org.elasticsearch.ElasticsearchException","error.message":"not all primary shards of [.geoip_databases] index are active","error.stack_trace":"org.elasticsearch.ElasticsearchException: not all primary shards of [.geoip_databases] index are active\n\tat org.elasticsearch.ingest.geoip.GeoIpDownloader.updateDatabases(GeoIpDownloader.java:134)\n\tat org.elasticsearch.ingest.geoip.GeoIpDownloader.runDownloader(GeoIpDownloader.java:274)\n\tat org.elasticsearch.ingest.geoip.GeoIpDownloaderTaskExecutor.nodeOperation(GeoIpDownloaderTaskExecutor.java:102)\n\tat org.elasticsearch.ingest.geoip.GeoIpDownloaderTaskExecutor.nodeOperation(GeoIpDownloaderTaskExecutor.java:48)\n\tat org.elasticsearch.server@8.3.2/org.elasticsearch.persistent.NodePersistentTasksExecutor$1.doRun(NodePersistentTasksExecutor.java:42)\n\tat org.elasticsearch.server@8.3.2/org.elasticsearch.common.util.concurrent.ThreadContext$ContextPreservingAbstractRunnable.doRun(ThreadContext.java:769)\n\tat org.elasticsearch.server@8.3.2/org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:26)\n\tat java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)\n\tat java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)\n\tat java.base/java.lang.Thread.run(Thread.java:833)\n"}
{"@timestamp":"2022-09-07T17:45:43.222Z", "log.level": "INFO", "message":"successfully loaded geoip database file [GeoLite2-Country.mmdb]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#2]","log.logger":"org.elasticsearch.ingest.geoip.DatabaseNodeService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:43.232Z", "log.level": "INFO",  "current.health":"YELLOW","message":"Cluster health status changed from [RED] to [YELLOW] (reason: [shards started [[smfood][0], [kibana_sample_data_ecommerce][0]]]).","previous.health":"RED","reason":"shards started [[smfood][0], [kibana_sample_data_ecommerce][0]]" , "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.routing.allocation.AllocationService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:43.417Z", "log.level": "INFO", "message":"successfully loaded geoip database file [GeoLite2-ASN.mmdb]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#1]","log.logger":"org.elasticsearch.ingest.geoip.DatabaseNodeService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:44.159Z", "log.level": "INFO", "message":"node-join[{es01}{IKg4rU8uR9WW9D6yPqfEZQ}{D6zAO1ewQpevpQT9Woaq4A}{es01}{172.19.0.3}{172.19.0.3:9300}{cdfhilmrstw} joining], term: 21, version: 1235, delta: added {{es01}{IKg4rU8uR9WW9D6yPqfEZQ}{D6zAO1ewQpevpQT9Woaq4A}{es01}{172.19.0.3}{172.19.0.3:9300}{cdfhilmrstw}}", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.service.MasterService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:44.857Z", "log.level": "INFO", "message":"added {{es01}{IKg4rU8uR9WW9D6yPqfEZQ}{D6zAO1ewQpevpQT9Woaq4A}{es01}{172.19.0.3}{172.19.0.3:9300}{cdfhilmrstw}}, term: 21, version: 1235, reason: Publication{term=21, version=1235}", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][clusterApplierService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.service.ClusterApplierService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:45:45.220Z", "log.level": "INFO", "message":"successfully loaded geoip database file [GeoLite2-City.mmdb]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][generic][T#3]","log.logger":"org.elasticsearch.ingest.geoip.DatabaseNodeService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T17:46:08.543Z", "log.level": "INFO",  "current.health":"GREEN","message":"Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[restaurant_location][0]]]).","previous.health":"YELLOW","reason":"shards started [[restaurant_location][0]]" , "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.routing.allocation.AllocationService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
{"@timestamp":"2022-09-07T21:11:23.114Z", "log.level": "INFO", "message":"[restaurant_location_combo/yxkFp-88TXaTgvxdQMUK-g] deleting index", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[es02][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataDeleteIndexService","elasticsearch.cluster.uuid":"lL9JIvXISd2QDpkbjdyMRQ","elasticsearch.node.id":"_On0JHF6SsCi8T2qU4FyFQ","elasticsearch.node.name":"es02","elasticsearch.cluster.name":"docker-cluster"}
root@docker-cluster:/home/ubuntu/ELK#

here is all the log for es
I should mention that it is deployed on docker production on ec2:

1e6908aa941e   docker.elastic.co/elasticsearch/elasticsearch:8.3.2   "/bin/tini -- /usr/l…"   7 weeks ago   Up 7 weeks (unhealthy)    9200/tcp, 9300/tcp                                    elk_es03_1
c666fe1bf58f   docker.elastic.co/elasticsearch/elasticsearch:8.3.2   "/bin/tini -- /usr/l…"   7 weeks ago   Up 23 hours (unhealthy)   9200/tcp, 9300/tcp                                    elk_es02_1
6032fbeb6e22   docker.elastic.co/elasticsearch/elasticsearch:8.3.2   "/bin/tini -- /usr/l…"   7 weeks ago   Up 23 hours (unhealthy)   0.0.0.0:9200->9200/tcp, :::9200->9200/tcp, 9300/tcp   elk_es01_1
8e6939939440   docker.elastic.co/elasticsearch/elasticsearch:8.3.2   "/bin/tini -- /usr/l…"   7 weeks ago   Up 7 weeks (healthy)      9200/tcp, 9300/tcp                                    elk_setup_1

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.