Logstash outputs elasticsearch: Marking url as dead

anton-xqz · July 2, 2018, 12:18pm

Hello,

We are running ELK cluster on ec2 instance.
Elasticsearch cluster in docker on ec2 instances in 3 regions. 33 nodes at total (i3.2xlarge for hot nodes and m5.4xlarge for warm nodes, 25TB data at total, ~2TB data each day)
2 hours ago we started to get connection error on logstash side. Logstash can't send data to elasticsearch via port 9200.
No ssl used. Logstash instances sends data to elasticsearch nodes only in same region.
Logstash instance lose connectivity, but we are able to perform telnet check successfully (telnet s1infra-esnode-us-1.s1.guru 9200)
There is no any error on side of elasticsearch application + no errors in syslog.
All ELK stack is running in docker.

Logstash version 6.2.4
Ubuntu: 16.04

output {
if [anchor] == "operations_log" {
elasticsearch {
id => "operations_output01"
hosts => {{ elasticsearch_output_hosts }}
user => {{ elasticsearch_output_user }}
password => {{ elasticsearch_output_password }}
index => "write_s1-operations-%{+YYYY.MM}"
document_id => "%{log_id}"
manage_template => false
}
}
else if [anchor] == "aws_billing" {
elasticsearch {
id => "operations_output02"
hosts => {{ elasticsearch_output_hosts }}
user => {{ elasticsearch_output_user }}
password => {{ elasticsearch_output_password }}
index => "aws_billing-%{+YYYY.MM}"
document_id => "%{fingerprint}"
manage_template => false
}
}
else {
elasticsearch {
id => "logstash_output01"
index => "write_s1-logstash-%{+YYYY.MM.dd}"
hosts => {{ elasticsearch_output_hosts }}
user => {{ elasticsearch_output_user }}
password => {{ elasticsearch_output_password }}
manage_template => false
}
}
}

Errors:

[2018-07-02T11:44:28,020][WARN ][logstash.outputs.elasticsearch] Marking url as dead. Last error: [LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError] Elasticsearch Unreachable: [http://logstash:xxxxxx@s1infra-esnode-eu-1.s1.guru:9200/][Manticore::SocketTimeout] Read timed out {:url=>http://logstash:xxxxxx@s1infra-esnode-eu-1.s1.guru:9200/, :error_message=>"Elasticsearch Unreachable: [http://logstash:xxxxxx@s1infra-esnode-eu-1.s1.guru:9200/][Manticore::SocketTimeout] Read timed out", :error_class=>"LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError"}
[2018-07-02T11:44:28,020][ERROR][logstash.outputs.elasticsearch] Attempted to send a bulk request to elasticsearch' but Elasticsearch appears to be unreachable or down! {:error_message=>"Elasticsearch Unreachable: [http://logstash:xxxxxx@s1infra-esnode-eu-1.s1.guru:9200/][Manticore::SocketTimeout] Read timed out", :class=>"LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError", :will_retry_in_seconds=>2}
[2018-07-02T11:44:30,409][WARN ][logstash.outputs.elasticsearch] Marking url as dead. Last error: [LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError] Elasticsearch Unreachable: [http://logstash:xxxxxx@s1infra-esnode-eu-6.s1.guru:9200/][Manticore::SocketTimeout] Read timed out {:url=>http://logstash:xxxxxx@s1infra-esnode-eu-6.s1.guru:9200/, :error_message=>"Elasticsearch Unreachable: [http://logstash:xxxxxx@s1infra-esnode-eu-6.s1.guru:9200/][Manticore::SocketTimeout] Read timed out", :error_class=>"LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError"}
[2018-07-02T11:44:30,409][ERROR][logstash.outputs.elasticsearch] Attempted to send a bulk request to elasticsearch' but Elasticsearch appears to be unreachable or down! {:error_message=>"Elasticsearch Unreachable: [http://logstash:xxxxxx@s1infra-esnode-eu-6.s1.guru:9200/][Manticore::SocketTimeout] Read timed out", :class=>"LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError", :will_retry_in_seconds=>2}
[2018-07-02T11:44:32,355][INFO ][logstash.outputs.elasticsearch] Running health check to see if an Elasticsearch connection is working {:healthcheck_url=>http://logstash:xxxxxx@s1infra-esnode-eu-1.s1.guru:9200/, :path=>"/"}
[2018-07-02T11:44:32,357][WARN ][logstash.outputs.elasticsearch] Restored connection to ES instance {:url=>"http://logstash:xxxxxx@s1infra-esnode-eu-1.s1.guru:9200/"}
[2018-07-02T11:44:32,358][INFO ][logstash.outputs.elasticsearch] Running health check to see if an Elasticsearch connection is working {:healthcheck_url=>http://logstash:xxxxxx@s1infra-esnode-eu-6.s1.guru:9200/, :path=>"/"}
[2018-07-02T11:44:32,360][WARN ][logstash.outputs.elasticsearch] Restored connection to ES instance {:url=>"http://logstash:xxxxxx@s1infra-esnode-eu-6.s1.guru:9200/"}
[2018-07-02T11:44:33,499][WARN ][logstash.outputs.elasticsearch] Marking url as dead. Last error: [LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError] Elasticsearch Unreachable: [http://logstash:xxxxxx@s1infra-esnode-eu-1.s1.guru:9200/][Manticore::SocketTimeout] Read timed out {:url=>http://logstash:xxxxxx@s1infra-esnode-eu-1.s1.guru:9200/, :error_message=>"Elasticsearch Unreachable: [http://logstash:xxxxxx@s1infra-esnode-eu-1.s1.guru:9200/][Manticore::SocketTimeout] Read timed out", :error_class=>"LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError"}
[2018-07-02T11:44:33,499][ERROR][logstash.outputs.elasticsearch] Attempted to send a bulk request to elasticsearch' but Elasticsearch appears to be unreachable or down! {:error_message=>"Elasticsearch Unreachable: [http://logstash:xxxxxx@s1infra-esnode-eu-1.s1.guru:9200/][Manticore::SocketTimeout] Read timed out", :class=>"LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError", :will_retry_in_seconds=>2}

All "limits" checked.
No IO disk issues found.
Do some one has idea where ti debug?

anton-xqz · July 4, 2018, 6:36pm

Logstash.yml:

xpack.monitoring.enabled: true
xpack.monitoring.elasticsearch:
url: {{ xpack_monitoring_es_url }}
username: {{ xpack_monitoring_es_username }}
password: {{ xpack_monitoring_es_password }}
path.data: /usr/share/logstash/data
path.config: /usr/share/logstash/pipeline

http.host: "0.0.0.0"
http.port: 9600

path.logs: /usr/share/logstash/logs

pipeline.workers: 128
pipeline.batch.size: 1250

startup.options:

JAVACMD=/usr/bin/java
LS_HOME=/usr/share/logstash
LS_SETTINGS_DIR=/etc/logstash
LS_OPTS="--path.settings ${LS_SETTINGS_DIR}"
LS_JAVA_OPTS=""
LS_PIDFILE=/var/run/logstash.pid
LS_USER=logstash
LS_GROUP=logstash
LS_GC_LOG_FILE=/var/log/logstash/gc.log
LS_OPEN_FILES=16384
LS_NICE=19
SERVICE_NAME="logstash"
SERVICE_DESCRIPTION="logstash"

jvm.options:

-Xms55g
-Xmx55g

-XX:+UseParNewGC
-XX:+UseConcMarkSweepGC
-XX:CMSInitiatingOccupancyFraction=75
-XX:+UseCMSInitiatingOccupancyOnly
-XX:+DisableExplicitGC
-Djava.awt.headless=true
-Dfile.encoding=UTF-8
-XX:+HeapDumpOnOutOfMemoryError

system · August 1, 2018, 6:36pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Problem with logstash output to elastic via ssl Logstash	5	2596	December 29, 2017
Logstash Issue sending data to elasticseach cluster Elasticsearch	3	751	November 25, 2019
Logstash not able to send bulk requests to ES Logstash	1	989	November 8, 2017
Kibana with Logstash 5.0 elasticsearch 5.0 error Logstash	7	1752	December 8, 2016
error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: Logstash docker	3	239	October 20, 2021

Logstash outputs elasticsearch: Marking url as dead

Related topics