Logstash querying elasticsearch timeout error

willsy · July 24, 2023, 11:23am

Hello,

I have the following error; just seeing if anyone knows where i am setting this? i originally put the timeout setting in the testpipeline.conf for logstash. Any help is greatly appreciated

[2023-07-24T11:59:41,350][WARN ][logstash.inputs.elasticsearch][main][3b44aa36a60d114757681112ebc1cdb657d6c631c725cd9f44a1ad88081ecd1a] Attempt to run query but failed. Sleeping for 0.02 {:fail_count=>1, :exception=>"Read timed out"}
[2023-07-24T11:59:41,371][ERROR][logstash.inputs.elasticsearch][main][3b44aa36a60d114757681112ebc1cdb657d6c631c725cd9f44a1ad88081ecd1a] Tried run query unsuccessfully {:message=>"Read timed out", :cause=>#<Java::JavaNet::SocketTimeoutException: Read timed out>}

carly.richmond · July 25, 2023, 9:33am

Hi @willsy,

It looks like Logstash is unable to read from the configured source. Can you share your config and where you are reading from?

willsy · July 27, 2023, 2:06pm

Hey @carly.richmond certainly will do. here it is. i am literally just trying to get anything at the moment

input {
 elasticsearch {
 hosts => "localhost:9200"
 ssl_enabled => true
 ssl_verification_mode => none
 api_key => "xxxxxxxxxxxxxxxxxxx"
 index => "*logs*"
 query => '{ "query": { "query_string": { "query": "*" } } }'
 size => 5
 scroll => "5m"
 docinfo => true
 docinfo_target => "[@metadata][doc]"
}
}

output {
  tcp {
host => "A.B.C.D"
port => ABCD
  }
}

widhalmt · July 27, 2023, 5:17pm

Can you try using curl to query this Elasticsearch instance from the Logstash host? Maybe there's a simple network connection problem.

willsy · July 31, 2023, 7:09am

Morning,

Yea we could, curling was fine. Everything that i was testing was working as expected. I had to create a netcat listener on my tower and send the logs that way to determine the formatting of the logs.

My issue was actually the json codex, for some reason it didnt like the default so i had to change it to json_lines which seemed to sort it out.

I can only assume, (assumptions make an ass out of you and me) that the buffer on my external side couldnt handle the logs as it was coming in in batches and not smaller individual lines. When it came in in individual lines it seemed to work.

so my fix was to add codex => json_lines

system · August 28, 2023, 7:10am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Timeout error in elasticsearch input plugin Logstash	1	850	July 6, 2017
Read timed out when using Elasticsearch filter in pipeline Logstash	1	694	February 11, 2022
Logstash is losing connection to Elastic search Logstash	1	386	July 15, 2021
Logstash's Elasticsearch input plugin timeout Elasticsearch	1	965	July 5, 2017
Timeout in Logstash Elasticsearch Filter and Elasticsearch Output Logstash	1	1862	June 6, 2022

Logstash querying elasticsearch timeout error

Related topics