Error with Elastic and Moloch

Hi all, i am get this error with this 

{"error":{"root_cause":[{"type":"remote_transport_exception","reason":"[node-data][][indices:data/write/bulk[s][p]]"}],"type":"es_rejected_execution_exception","reason":"rejected execution of processing of [5494986][indices:data/write/bulk[s][p]]: request: BulkShardRequest [[stats_v4][0]] containing [index {[stats][stat][snp-attt-nsm1], source[{\"ver\": \"2.1.2\", \"nodeName\": \"snp-attt-nsm1\", \"hostname\": \"snp-attt-nsm1\", \"interval\": 1, \"currentTime\": 1584580486, \"usedSpaceM\": 8619526, \"freeSpaceM\": 1084488, \"freeSpaceP\": 9.99, \"monitoring\": 62471, \"memory\": 4027518976, \"memoryP\": 11.94, \"cpu\": 4183, \"diskQueue\": 0, \"esQueue\": 318, \"packetQueue\": 242, \"fragsQueue\": 0, \"frags\": 10000, \"needSave\": 0, \"closeQueue\": 58, \"totalPackets\": 727136644012, \"totalK\": 435996728517, \"totalSessions\": 2008005217, \"totalDropped\": 77485859797, \"tcpSessions\": 48646, \"udpSessions\": 13430, \"icmpSessions\": 337, \"sctpSessions\": 0, \"espSessions\": 0, \"deltaPackets\": 182827, \"deltaBytes\": 104312598, \"deltaWrittenBytes\": 83885397, \"deltaUnwrittenBytes\": 0, \"deltaSessions\": 760, \"deltaSessionBytes\": 2386172, \"deltaDropped\": 181, \"deltaFragsDropped\": 157, \"deltaOverloadDropped\": 0, \"deltaESDropped\": 0, \"esHealthMS\": 4954, \"deltaMS\": 2003}]}], target allocation id: MZXNcVpPTg6ryax8ljZ2jg, primary term: 7 on EsThreadPoolExecutor[name = node-data/write, queue capacity = 200, org.elasticsearch.common.util.concurrent.EsThreadPoolExecutor@3f33a386[Running, pool size = 12, active threads = 12, queued tasks = 200, completed tasks = 3977044]]"},"status":429}

$VAR1 = bless( {
                 '_protocol' => 'HTTP/1.1',
                 '_content' => '{"error":{"root_cause":[{"type":"illegal_argument_exception","reason":"Can\'t merge because of conflicts: [Cannot update enabled setting for [_source]]"}],"type":"illegal_argument_exception","reason":"Can\'t merge because of conflicts: [Cannot update enabled setting for [_source]]"},"status":400}',
                 '_rc' => '400',
                 '_request' => bless( {
                                        '_content' => '
  "sequence": {
    "_source" : { "enabled": "false" },
    "enabled" : "false"
                                        '_uri_canonical' => bless( do{\(my $o = 'http://moloch:ATTT123@')}, 'URI::http' ),
                                        '_uri' => $VAR1->{'_request'}{'_uri_canonical'},
                                        '_method' => 'PUT',
                                        '_headers' => bless( {
                                                               'user-agent' => 'libwww-perl/6.31',
                                                               'content-type' => 'application/json',
                                                               'content-length' => 88
                                                             }, 'HTTP::Headers' )
                                      }, 'HTTP::Request' ),
                 '_headers' => bless( {
                                        'warning' => '299 Elasticsearch-7.1.0-606a173 "[types removal] Using include_type_name in put mapping requests is deprecated. The parameter will be removed in the next major version."',
                                        'client-peer' => '',
                                        '::std_case' => {
                                                          'client-peer' => 'Client-Peer',
                                                          'client-response-num' => 'Client-Response-Num',
                                                          'client-date' => 'Client-Date'
                                        'content-type' => 'application/json; charset=UTF-8',
                                        'content-length' => '295',
                                        'client-response-num' => 56,
                                        'client-date' => 'Thu, 19 Mar 2020 09:47:04 GMT'
                                      }, 'HTTP::Headers' ),
                 '_msg' => 'Bad Request'
               }, 'HTTP::Response' );
Couldn't PUT  the http status code is 400 are you sure elasticsearch is running/reachable?
**{"error":{"root_cause":[{"type":"illegal_argument_exception","reason":"Can't merge because of conflicts: [Cannot update enabled setting for [_source]]"}],"type":"illegal_argument_exception","reason":"Can't merge because of conflicts: [Cannot update enabled setting for [_source]]"},"status":400} at /data/moloch/db/ line 324.**

Any one please help me!
It's emergency to our system

I don't have knowledge about Moloch but looking at logs it seems you are trying to disable source of an existing index. This action is not allowed once the index has already been created. This has to be specified during index creation.

1 Like

Please don't post images of text as they are hard to read, may not display correctly for everyone, and are not searchable.

Instead, paste the text and format it with </> icon or pairs of triple backticks (```), and check the preview window to make sure it's properly formatted before posting it. This makes it more likely that your question will receive a useful answer.

It would be great if you could update your post to solve this.

Yeah sorry for this. I have Edit and hope that you can help me

Please format your code, logs or configuration files using </> icon as explained in this guide and not the citation button. It will make your post more readable.

Or use markdown style like:


This is the icon to use if you are not using markdown format:

There's a live preview panel for exactly this reasons.

Lots of people read these forums, and many of them will simply skip over a post that is difficult to read, because it's just too large an investment of their time to try and follow a wall of badly formatted text.
If your goal is to get an answer to your questions, it's in your interest to make it as easy to read and understand as possible.
Please update your post.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.