Something happened around 0700 EST today where suddenly one of our data types dropped off our Kibana graphs. I am trying to figure out how to troubleshoot it and have some ideas.
First, redis-cli monitor shows events landing in redis. However, the file DB is filling up and is 10-30 GB depending upon the server. I am not sure how to see what is in the redis db.
Second, logstash does appear to be sending events and the missing type is configured (it worked until this morning).
I restarted everything (redis, logstash, elasticsearch and all shippers) and waited for the 2014-01-30 index. It is still not appearing. I do think the events are landing in ES based upon the traffic volume, but are somehow no longer searchable. How would I confirm that?
How do I determine the most recent event for that type using a curl query against ES? If the last event is many hours old, how do I get ES to tell me why it is failing?
I think this had something to do with the Marvel beta code. ES came back
up properly with the index once I uninstalled the marvel beta plugin and
cleaned the ES config file.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.