Index_not_found_exception

e-ferrari · January 10, 2024, 11:39am

Hi,
i'm following Parsing Logs with Logstash | Logstash Reference [8.11] | Elastic. When i try, as mentioned in the text
curl -k -u elastic:xxxxxxxxxxxxxxxxxxxxx -XGET 'https://localhost:9200/2024.01.10/_search?pretty&q=response=200'
i get:

  "error" : {
    "root_cause" : [
      {
        "type" : "index_not_found_exception",
        "reason" : "no such index [2024.01.10]",
        "resource.type" : "index_or_alias",
        "resource.id" : "2024.01.10",
        "index_uuid" : "_na_",
        "index" : "2024.01.10"
      }
    ],
    "type" : "index_not_found_exception",
    "reason" : "no such index [2024.01.10]",
    "resource.type" : "index_or_alias",
    "resource.id" : "2024.01.10",
    "index_uuid" : "_na_",
    "index" : "2024.01.10"
  },
  "status" : 404
}

The text proposes to do:
curl -k -u elastic:xxxxxxxxxxx -XGET 'https://localhost:9200/_cat/indices?v'
i get:
health status index uuid pri rep docs.count docs.deleted store.size pri.store.size dataset.size
The text says to exchange the date with an index:
curl -k -u elastic:1Q2aBUJBCH3x55M4qFOv -XGET 'https://localhost:9200/rep/_search?pretty&q=response=200'
I get again
"index_not_found_exception''
I tried several indexes, all the same error.
Elasticsearch seems to run:

curl -k -u elastic:xxxxxxxxx https://localhost:9200
{
  "name" : "vm53200-8.scidom.de",
  "cluster_name" : "mcd-elk",
  "cluster_uuid" : "tpOenRA_Qjm035-P-5fuAQ",
  "version" : {
    "number" : "8.11.3",
    "build_flavor" : "default",
    "build_type" : "deb",
    "build_hash" : "64cf052f3b56b1fd4449f5454cb88aca7e739d9a",
    "build_date" : "2023-12-08T11:33:53.634979452Z",
    "build_snapshot" : false,
    "lucene_version" : "9.8.0",
    "minimum_wire_compatibility_version" : "7.17.0",
    "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "You Know, for Search"
}

Thanks.

Bernd

dadoonet · January 10, 2024, 12:36pm

This indicates that you don't have any index in Elasticsearch. So no document has been sent to Elasticsearch.

e-ferrari · January 11, 2024, 4:57pm

Hi,
i realized that i also have to start filebeat and logstash as mentioned in the tutorial, otherwise i don't get data.
And of course i have to login to elasticsearch.
Now i see an index:

curl -k -u elastic:xxxxxxxxxx -XGET 'https://localhost:9200/_cat/indices?v'
health status index                                      uuid                   pri rep docs.count docs.deleted store.size pri.store.size dataset.size
yellow open   .ds-logs-generic-default-2024.01.10-000001 tbsYpmQ2RSaftkefxVjUyQ   1   1        289            0    543.3kb        543.3kb      543.3kb

And when i choose this index i get data:

root@elasticsearch:/home/bernd# curl -k -u elastic:xxxxxxxxxx -XGET 'https://localhost:9200/.ds-logs-generic-default-2024.01.10-000001/_search?pretty&q=response=200'
{
  "took" : 14,
  "timed_out" : false,
  "_shards" : {
    "total" : 1,
    "successful" : 1,
    "skipped" : 0,
    "failed" : 0
  },
  "hits" : {
    "total" : {
      "value" : 285,
      "relation" : "eq"
    },
    "max_score" : 2.0,
    "hits" : [
      {
        "_index" : ".ds-logs-generic-default-2024.01.10-000001",
        "_id" : "IC489YwBJaQtnItRLECK",
        "_score" : 2.0,
        "_source" : {
          "agent" : {
            "name" : "suricata",
            "id" : "b85521e1-074b-4fba-9c52-3139e9b827c8",
            "ephemeral_id" : "ea113279-886f-4500-8688-3f74c482f08b",
            "type" : "filebeat",
            "version" : "8.11.3"
          },
 ...

Bernd

system · February 8, 2024, 4:58pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.