ERR Failed to Perform Many Index Operations

jbiggley · November 3, 2015, 11:35pm

We're trying to get filebeat to run on our logstash host to test the ingestion of logs but we keep getting the same error regardless of the config. I've pasted the config file we are using below which results in the error

output.go:287: ERR Failed to perform many index operations in a single API call: PerformRequest fails: Sending the request fails: Post http://localhost:5173/_bulk: EOF

Any ideas?

filebeat:

  prospectors:
    -
      paths:
        - "/var/log/messages"
      type: log
      scan_frequency: 10s
  registry_file: /var/lib/filebeat/registry

  config_dir: /etc/filebeat/prospector_configs



output:


  elasticsearch:
    enabled: false

  logstash:
    enabled: true
    hosts: ["localhost:5173"]

  file:
    enabled: false
    path: "/tmp/filebeat"
    filename: filebeat.log
    rotate_every_kb: 10000

shipper:

warkolm · November 4, 2015, 12:31am

I'd check your ES logs, it may be rejecting things and if so it should mention something about threadpools and queue capacity.

tudor · November 4, 2015, 10:36am

Something is strange here. You config shows that the logstash output is enabled, but the log message indicates that the elasticsearch output is used. I suspect there's something wrong with the YAML file, can you try complete removing the elasticsearch section and see if it helps?

steffens · November 4, 2015, 12:11pm

it even uses the hosts configured in logstash output when trying to connect to elasticsearch.

jbiggley · November 5, 2015, 2:07pm

Thanks @tudor, I made some minor changes to the config. First, I did set up an input on the logstash server using the beats input plugin instead of lumberjack. I also changed the port from the lumberjack default port to 5044.

The input (on the same server) takes the filebeat input and dumps it to a lumberjack output which (as odd as this feels) sends it to a lumberjack input/redis output on the same server for shipping to redis. That feels like an extra step to me, but it works.

filebeat:
prospectors:
-
paths:
- "/var/log/messages"
type: log
scan_frequency: 10s
registry_file: var/lib/filebeat/registry
output:
elasticsearch:
enabled: false
logstash:
enabled: true
hosts: ["localhost:5044"]
shipper:

steffens · November 5, 2015, 3:36pm

huh, so you config goes like this:

filebeat ---(lumberjack v2)---> logstash ----(lumberjack v1)----> logstash ----- (redis API) ----> redis

jbiggley · November 9, 2015, 11:45pm

No lumberjack version 2 is the mix.

Our environment goes filebeat to a logstash-based filebeat input which we then output via to Redis via a Redis output.

If it matters, we then have dual-LS boxes in AWS where we pull from then Redis queue and shove into a 3 server ES cluster.

Topic		Replies	Views
ERR Failed to publish events caused by: EOF Beats filebeat	8	4380	November 22, 2016
Connection Refused Logstash & Filebeat Logstash	7	6169	October 7, 2018
No data moving into elasticsearch Beats filebeat	22	6589	May 16, 2018
Error index management Filebeat to Logstash Logstash	1	449	February 16, 2022
Exiting: Index management requested but the Elasticsearch output is not configured/enabled Beats filebeat	3	8563	December 30, 2021

ERR Failed to Perform Many Index Operations

Related topics