Definitly this is a reset from Elasticsearch itself.
From any other host this request does not work
curl -XGET "http://sdpprdap016.fr.world.socgen:9200/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/_stats/store,docs"
curl: (56) Recv failure: Connection reset by peer
But this request (on the Kibana port actually) from any other host works fine
curl -XGET "http://sdpprdap016.fr.world.socgen:5601/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/_stats/store,docs"
{"statusCode":404,"error":"Not Found","message":"No Found"}
So I do know why the request does not work on any nodes of my production cluster whereas it works with my dev cluster. Configuration is quiete simple and similar between DEV and PROD.
cluster.name: SGME-PROD
node.name: SDPPRDAP014
bootstrap.memory_lock: true
network.host: #IP_SERVER#
discovery.zen.ping.unicast.hosts: ["sdpprdap008.fr.world.socgen","sdpprdap009.fr.world.socgen","sdpprdap010.fr.world.socgen","sdpprdap011.fr.world.socgen","sdpprdap012.fr.world.socgen","sdpprdap013.fr.world.socgen","sdpprdap014.fr.world.socgen","sdpprdap015.fr.world.socgen","sdpprdap016.fr.world.socgen","sdpprdap017.fr.world.socgen","sdpprdap018.fr.world.socgen","sdpprdap019.fr.world.socgen","sdpprdap024.fr.world.socgen","sdpprdap025.fr.world.socgen","sdpprdap026.fr.world.socgen"]
discovery.zen.minimum_master_nodes: 2
gateway.recover_after_data_nodes: 3
gateway.recover_after_time: 3m
gateway.expected_data_nodes: 9
node.master: false
node.data: false
node.ingest: true
It looks like for some reason Elasticsearch protects itself from any too long requests coming from hostname different than some localhost.