[2025-03-19T00:05:31,618][INFO ][logstash.outputs.elastic][main][f5eb5aca1c087bda2220eb216257aea3dd0ce51468b2b1e8aa414d37f871ded2] Retrying failed action {:status=>429, :action=>["index", {:_id=>"ea6cdea2b1e81ed5b4df4eebc913c8a736d56a8e", :_index=>"*****-*****0-*****_server-2025.03.18", :routing=>nil}, {"url"=>{"uripath"=>"/remote/core.list-plugins"}, "event"=>{"original"=>"[18/Mar/2025:18:06:00 +0000] 0:0:0:0:0:0:0:1 GET /remote/core.list-plugins HTTP/1.1 7354 200 [http-nio-8080-exec-19] [EF54989D57932D22FB2BEC7F969D97FF.route1] admin 125ms\r"}, "process"=>{"name"=>"http-nio-8080-exec-19"}, "@version"=>"1", "@timestamp"=>2025-03-18T18:06:00.000Z, "log"=>{"file"=>{"path"=>"C:/Program Files (x86)/**********/*******************************access_log.log"}}, "message"=>"[18/Mar/2025:18:06:00 +0000] 0:0:0:0:0:0:0:1 GET /remote/core.list-plugins HTTP/1.1 7354 200 [http-nio-8080-exec-19] [EF54989D57932D22FB2BEC7F969D97FF.route1] admin 125ms\r", "host"=>{"name"=>"************"}, "type"=>"************_access_log", "*****"=>"*****", "*****=>"*****", "nodeRole"=>"*****-*****0-*****_server", "partition"=>"*****0", "fingerprint"=>"ea6cdea2b1e81ed5b4df4eebc913c8a736d56a8e", "source"=>{"address"=>"0:0:0:0:0:0:0:1"}, "http"=>{"version"=>"1.1", "request"=>{"method"=>"GET"}, "response"=>{"body"=>{"bytes"=>7354}, "time"=>125, "status_code"=>200}, "referrer"=>"EF54989D57932D22FB2BEC7F969D97FF.route1", "user"=>"admin"}}], :error=>{"type"=>"cluster_block_exception", "reason"=>"index [*****-*****0-****_server-2025.03.18] blocked by: [TOO_MANY_REQUESTS/12/disk usage exceeded flood-stage watermark, index has read-only-allow-delete block];"}}
This index is already in kibana.
why did it pick this event again when it already sent. I use fingerprint plugin. The _id value is also same.
filter {
fingerprint {
method => "SHA1"
key => "103013"
target => "fingerprint"
source => ["[@metadata][timestamp]", "message"]
concatenate_sources => true
}
}
