Hello, I have an ELK server with the below stack versions:
K: 3.1.2
E: 1.4.3
L: 1.4.2
I have an issue where I cannot view historical logs in
Kibana, this seems to be random as I was able to view the data on that date in
the past.
I have indices at /var/lib/elasticsearch/elasticsearch/nodes/0/indices
right back to 01/09/2015 (logstash-2015.01.09) and all the way down to todays
date, where I can only see the last weeks’ worth of logs.
org.elasticsearch.common.netty.handler.codec.frame.TooLongFrameException:
An HTTP line is larger than 4096 bytes.
I was able to edit the required line in the
elasticsearch.yml but it didn’t resolve it for the other node, this one no
longer receives the above URL issue but receives the below now:
[DEBUG][action.search.type ] [Feron] All shards failed for phase:
[query]
Yeah I have a build that runs the latest versions of all
stack apps, just this one is production right now though. I’m looking through
google trying to find some knowledge so just posting here too to see if an
answer can be given quicker.
My issues relates to a large number of shards not being
allocated, for example:
logstash-2015.06.13 4 p UNASSIGNED
logstash-2015.06.13 4 r UNASSIGNED
logstash-2015.06.14 2 p UNASSIGNED
logstash-2015.06.14 2 r UNASSIGNED
logstash-2015.06.14 0 p UNASSIGNED
logstash-2015.06.14 0 r UNASSIGNED
logstash-2015.06.14 3 p UNASSIGNED
logstash-2015.06.14 3 r UNASSIGNED
not sure exactly why but I’ve been trying to re-allocate
them but I’m running into this issue below:
[NO(shard cannot be allocated on same node
[gMnx09_-TMqDfLJe5NkJWQ] it already exists on).
So I can’t re-assign onto the same node obviously but how do
I change the node?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
