Need Clarification on incoming request's to ES

Ravi_Shanker_Reddy · October 14, 2016, 3:01am

Through packet beats I am monitoring 9200 port and giving to ES. I am seeing so many unexpected incoming events to ES. In my elastic search setup I am using kibana, Sense & elastic head. I want to know which application is sending this queries and why???

Some of Most repeated requests are here:

"ip": "172.16.22.14", "method": "HEAD", "params": "", "path": "/", "port": 9200, "proc": "", "query": "HEAD /", "responsetime": 0, "server": "", "status": "OK", "type": "http"

"ip": "172.16.22.14", "method": "POST", "params": "", "path": "/_bulk", "port": 9200, "proc": "", "query": "POST /_bulk", "responsetime": 19, "server": "", "status": "OK", "type": "http"

Christian_Dahlqvist · October 14, 2016, 5:13am

Packetbeat is send data to Elasticsearch as bulk requests over HTTP, so I suspect that is what all the _bulk requests is from. As Packetbeat is monitoring its own traffic, you have created a feedback loop that will continuously generate results. When I built a similar test to look at Kibana traffic, I introduces a small client node on the same host that only listened to localhost, to which Packetbeat alone would send data.

Topic		Replies	Views
Is it good practice to exclude Packetbeat traffic? Beats packetbeat	4	949	April 15, 2017
Packetbeat data not going from ES to Kibana Beats packetbeat	8	3652	July 5, 2017
How to monitor Elasticsearch? Beats packetbeat	3	982	July 5, 2017
How do I verify that packetbeat transmits data to Elasticsearch Beats packetbeat	2	386	April 21, 2022
Dns Indexing Problem Beats packetbeat	5	721	March 18, 2018

Need Clarification on incoming request's to ES

Related Topics