Hi,
I am using Kibana version 4.6.3. ES version 2.4.3
I have a twitter index and another index called logdev for a different application. Each of the logdev indices have 63.5Mi data each day starting 12.15.2016 to 12.27.2016. I created a dashboard with the logdev indices and when i try to load the dashboard from date 12.15.2016 to 12.27.2016 i get "Request Timeout after 30000ms".
After a couple of minutes it changed into a Kibana Status error "RED".. (see below pic)
I would check the log files to see what the errors actually are. But I always thought this RED state occurred when the elastic search cluster is red. (At least that is always what happens to me)
Fist step it to know what the problem actually is then we can go further.
I am still seeing the same error. I tried increasing the heap size from 1g to 6g..I tried adding another node to the cluster but still the visualization failing on long period searches...Please help!
I set bootsrap.memory_lock to true and increased heap to 6g..and now I am seeing this when i try to search 1 week data..it's not even a lot of data..why is dashbaord visualization failing?
ok, so your having a problem when actually searching . Why don't you describe to us the environment you have,
IE, how many servers (cpu, mem and disk space)
How many master,data and client nodes
Size of each index and how many shards.
If you can search for small amount of time, then cant search for a week then its probably the size and/or configuration of what you have.
You query is timing out, you could also up the timeout of kibana.ini to allow longer then 30 seconds. But most likely can fix it by fixing your environment.
On the discover tab, the data loads up fine without any Timeout errors. However, when I try to load up all the data in the Dashboard tab, I get Timeout after 30000 ms.
Currently, I have ELK stack running in 1 remote server.
Server info:
Architecture: x86_64
Total Used Free
Mem: 3924392 2433660 1490732
Size of each index: 130MB
number of indices: 9
ELk Stack constist of 1 cluster 1 node.
Shards: 5
Things I tried:
i tried adding an additional node...Didn't help
i tried increasing the heap size 6g and locking the memory with boostrap.memory_lock:true -- didn't help
This is going to come down to the performance of your system not so much the Elasticsearch tuning, by default I find it will use every piece of resource a system has
So your search about 1GB of data on one node, yah that is going to be really slow,
So you have a 4GB sytem and a heap of 6GB yah your going to swap which will slow down your system badly
What is the speed of your Hard Drives (5k 7K 15K? SSD ) or is this in amazon?
So first reduce the size of your HEAP to say 2GB and spawn up 2 or three more ES nodes.
You want to have Spare unused memory for Caching with will increase your Search spreads as it will cache the Index data in to memory
The multiple nodes will give you more CPU's to search each shard, and if you have really slow disks 7k or less it will speed up your operations.
After that, if the speed is still slow, you can go back to my first suggesting and change the Timeout value in the kibana.yml from 30 seconds to 300 seconds or your preference.
Also to try to find out how slow your query's are try running a CURL request of your search instead of going though kibana, this will tell you truelly how slow/fast the query is as ELK will not timeout as fast
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
