[INFO ] 2019-04-19 14:44:01.440 [[apachelogs]>worker10] elasticsearch - retrying failed action with response code: 429 ({"type"=>"es_rejected_execution_exception", "reason"=>"rejected execution of processing of [17928][indices:data/write/bulk[s][p]]: request: BulkShardRequest [[logstash_apchelogs][3]] containing [27] requests, target allocation id: ZPiFvyGQQQKeZko_10H5gQ, primary term: 1 on EsThreadPoolExecutor[name = uv8cruY/write, queue capacity = 200, org.elasticsearch.common.util.concurrent.EsThreadPoolExecutor@39ff1121[Running, pool size = 12, active threads = 12, queued tasks = 200, completed tasks = 16039]]"})
This indicates that you are seeing bulk rejections, likely because your cluster is overloaded. How many indices and shards do you have in the cluster? How many of these are you actively indexing into? What is the size of the cluster? Which version are you running?
i am using elk 6.6.2...I am injecting different logs from different locations although indices are created..can you tell me how to check the number of indices and shards in cluster???
You can use the cluster health API to get a total count. How are you naming your indices? What type of hardware is your cluster running on?
I am using grok to name the indices
How many indices are you creating? I suspect this may be due to you indexing into a lot of small indices and shards. Can you please provide the cluster health output?
If you are dynamically creating index names there is a good chance you should read this blog post.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.