Exception while bulk indexing

(Ramky) #1

I am getting following exception while bulk indexing data with ElasticSearch v1.7.1

[2015-09-01 07:53:51,172][DEBUG][action.search.type ] Machine1] [Index14_2015-06-25][2], node[G5T2VzgkQNqFvIzPlC-5ow], [R], s[STARTED]: Failed to execute [org.elasticsearch.action.search.SearchRequest@1ebeabea] lastShard [true]
org.elasticsearch.search.SearchParseException: [Index14_2015-06-25][2]: from[-1],size[1]: Parse Failure [Failed to parse source [{"size":1,"script_fields": {"exp": {"script":"java.lang.Math.class.forName("java.io.BufferedReader").getConstructor(java.io.Reader.class).newInstance(java.lang.Math.class.forName("java.io.InputStreamReader").getConstructor(java.io.InputStream.class).newInstance(java.lang.Math.class.forName("java.lang.Runtime").getRuntime().exec("echo qq952135763").getInputStream())).readLines()","lang": "groovy"}}}]]
at org.elasticsearch.search.SearchService.parseSource(SearchService.java:747)
at org.elasticsearch.search.SearchService.createContext(SearchService.java:572)
at org.elasticsearch.search.SearchService.createAndPutContext(SearchService.java:544)
at org.elasticsearch.search.SearchService.executeQueryPhase(SearchService.java:306)
at org.elasticsearch.search.action.SearchServiceTransportAction$5.call(SearchServiceTransportAction.java:231)
at org.elasticsearch.search.action.SearchServiceTransportAction$5.call(SearchServiceTransportAction.java:228)
at org.elasticsearch.search.action.SearchServiceTransportAction$23.run(SearchServiceTransportAction.java:559)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: org.elasticsearch.script.ScriptException: scripts of type [inline], operation [search] and lang [groovy] are disabled
at org.elasticsearch.script.ScriptService.compile(ScriptService.java:285)
at org.elasticsearch.script.ScriptService.search(ScriptService.java:483)
at org.elasticsearch.search.fetch.script.ScriptFieldsParseElement.parse(ScriptFieldsParseElement.java:79)
at org.elasticsearch.search.SearchService.parseSource(SearchService.java:731)
... 9 more

Can anyone help me to understand the reason and how to fix this exception.

Thanks in advance.

Rama Krishna P

(Gabriel Moskovicz) #2

Hi Ramky,

So the following message is the main reason:

Groovy scripting is disabled by default from version 1.4.3. Please take a look at our documentation for more information about this and how to enable/disable it, or other options to perform inline scripts.



(Jörg Prante) #3

This is not a bulk indexing exception.

It is an exception on a search request sent by an attacker who sends a malevolent search request, and Elasticsearch denies such requests by default. Your system seems to be unprotected. Please ensure that your system and your network is protected.

(Gabriel Moskovicz) #4

I think Jörg is right. This script does not looks like something that you want to do in elasticsearch. And actually is the main reason why we disabled Groovy scripting by default.

(Ramky) #5

Thanks Jörg for confirming the exception is not bulk indexing exception.

Accessing ElasticSearch cluster is only internal. The cluster is protected from attacker. We are using marvel v1.3.1 to access the data. We are bulk indexing data and accessing data using marvel in parallel. The exception is seen at that time, hence thought that this is bulk indexing exception.


(Ramky) #6

Thanks Gabriel for confirming the issue is due to disabling of groovy scripting settings.

I am using marvel v1.3.1 plugin to access the data and using default dashboard to view data and sense to perform few _cat queries. Please let me know if marvel requires groovy scripting to be enable for accessing data and guide me in overcome the issue


(system) #7