Logstash bulk request to ElasticSearch error - may be due to old indexes

DenSeb · May 17, 2022, 12:26pm

If you get these errors in LogStash :
Attempted to send a bulk request to elasticsearch' but Elasticsearch appears to be unreachable or down! {:error_message=>"Elasticsearch Unreachable: [http://localhost:9200/][Manticore::SocketTimeout] Read timed out", :class=>"LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError", :will_retry_in_seconds=>2}
Followed by:
Restored connection to ES instance {:url=>"http://localhost:9200/"
It may be due LogStash trying to send old data to ES but the index is missing or closed. Check whether you have timestamp based index settings.
We had this issue and managed to resolve it by filtering out old messages using ruby filter plugin.

ruby {
  init => "require 'time'"
  code => 'if LogStash::Timestamp.new(event.get("@timestamp")+432000) < ( LogStash::Timestamp.now)
    event.cancel
  end'
}

system · June 14, 2022, 12:26pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Elasticsearch - Attempted to send a bulk request to elasticsearch' but Elasticsearch appears to be unreachable or down! Logstash	1	826	February 10, 2022
Elasticsearch Timeout issue (Attempted to send a bulk request to elasticsearch) Elasticsearch	2	3098	May 7, 2020
Getting error in logstash Logstash	4	218	June 27, 2023
[ERROR][logstashoutputselasticsearch] Attempted to send a bulk request to elasticsearch but Elasticsearch appears to be unreachable or down Logstash	1	609	January 1, 2021
Attempted to send a bulk request to elasticsearch, but no there are no living connections in the connection pool Logstash	3	2464	August 12, 2021

Logstash bulk request to ElasticSearch error - may be due to old indexes

Related topics