Failed to flush export bulks, Caused by: 413 Request Entity Too Large

vikasp · June 6, 2023, 5:29am

I have elasticsearch monitoring enabled via setting:
xpack.monitoring.collection.enabled: true, and logstash and kibana, or any other beats sends their monitoring data to the elastic cluster which forwards/exports all the cluster monitoring data to monitoring cluster.

I see the below error in main elasticsearch cluster that sends its monitoring data to a different monitoring cluster:

{"type": "server", "timestamp": "2023-06-06T05:14:21,943Z", "level": "WARN", "component": "o.e.x.m.MonitoringService", "cluster.name": "apm-elastic-lz-02", "node.name": "elasticsearch-master-1", "message": "monitoring execution failed", "cluster.uuid": "4P4zni1TSWi3AgqSI8vK9w", "node.id": "B85_2RvSScSUqVHKm-BJJA" ,
"stacktrace": ["org.elasticsearch.xpack.monitoring.exporter.ExportException: failed to flush export bulks",
"at org.elasticsearch.xpack.monitoring.exporter.ExportBulk$Compound.lambda$doFlush$0(ExportBulk.java:110) [x-pack-monitoring-7.17.1.jar:7.17.1]",
"at org.elasticsearch.xpack.monitoring.exporter.http.HttpExportBulk$1.onFailure(HttpExportBulk.java:148) [x-pack-monitoring-7.17.1.jar:7.17.1]",
"Caused by: org.elasticsearch.client.ResponseException: method [POST], host [http://coord.elastic-em.domain.com:80], URI [/_bulk?pipeline=xpack_monitoring_7&filter_path=errors%2Citems.*.error], status line [HTTP/1.1 413 Request Entity Too Large]",
"stacktrace": ["org.elasticsearch.client.ResponseException: method [POST], host [http://coord.elastic-em.domain.com:80], URI [/_bulk?pipeline=xpack_monitoring_7&filter_path=errors%2Citems.*.error], status line [HTTP/1.1 413 Request Entity Too Large]",

Also, Elasticsearch is deployed in an EKS cluster in X account that sends the monitoring data to different monitoring cluster deployed in Y AWS account's EKS cluster.
Route53 endpoint -> nginx ingress controller (loadbalancer) -> coord pods.

I have modified the below setting in nginx
large-client-header-buffers: 4 128k. This didnt work.

I see that the error says the request is too large. From my readings, the default max content length is 100mb. -> not exactly sure what this means.

Any suggestions are appreciated.

warkolm · June 7, 2023, 11:09pm

How often does this happen?

vikasp · June 8, 2023, 1:43pm

its happening continuosly, no monitoring data for this cluster getting into the monitoring cluster.
while other clusters which are much bigger in size are able to send their monitoring data.

warkolm · June 8, 2023, 10:26pm

What is the output from the _cluster/stats?pretty&human API?

system · July 6, 2023, 10:26pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Xpack.monitoring ExportException: failed to flush export bulks Elasticsearch elastic-stack-monitoring	2	6432	April 24, 2019
org.elasticsearch.xpack.monitoring.exporter.ExportException: failed to flush export bulks Elasticsearch	2	129	May 24, 2024
Exception when exporting documents org.elasticsearch.xpack.monitoring.exporter.ExportException: failed to flush export bulks Elasticsearch	1	3166	December 19, 2016
Failed to flush export bulks / bulk [my_local] reports failures when exporting documents Elasticsearch	1	5783	January 28, 2019
Cluster setup and monitoring with xpack in kibana - ELK 5.0 Elasticsearch	4	1783	February 28, 2017

Failed to flush export bulks, Caused by: 413 Request Entity Too Large

Related Topics