How to detect and log 400 bad requests?

gcsabbagh · January 10, 2019, 3:53pm

Hello,

My apologies if asked before but I've been scouting the forums and the docs for hours trying to figure this out..

My setup:

Fluentd daemonset on Kubernetes collecting logs from containers and sending them to AWS Elasticsearch service by bulk API

Problem:

Sometimes apps write malformed logs, resulting in 400 bad requests (mapping conflicts). I have logs for fluentd but it only contains the response, so I can only see the error and the index name.

Is it possible to log request body+error on 400 errors in Elasticsearch? Payload will help me immensely figure out what apps are misbehaving

Christian_Dahlqvist · January 13, 2019, 12:21pm

As far as I know it is not possible. To support this type of analysis, Logstash introduced a dead-letter queue to which incorrect entries can be written and later analysed. Here it is however the client that matches event with response and takes action.

system · February 10, 2019, 12:21pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How can I log 400 Bad Request when creating documents Elasticsearch	3	480	September 14, 2021
Dump an error event: error_class=Fluent::Plugin::ElasticsearchErrorHandler::ElasticsearchError error="400 Elasticsearch	1	2235	December 14, 2018
ElasticsearchError error="400 - Rejected by Elasticsearch Elasticsearch	2	4312	April 8, 2020
Many http error 429s in Logstash Logstash	4	306	July 11, 2018
error_class=Fluent::Plugin::ElasticsearchErrorHandler::ElasticsearchError error="400 - Rejected by Elasticsearch Elasticsearch docker	1	2644	December 29, 2022

How to detect and log 400 bad requests?

Related topics