Après pas mal d'essai j'ai trouvé la cause, en fait suite à un problème
d'horodatage de log, Logstash transmettait un evenement à stocker dans un
index clos celui du 7/7/2014, je l'ai ouvert et la situation s'est
débloquée aussitôt, j'ai juste 20h de log en retard à traiter, heureusement
Redis à tenu le coup.
After many search un try, I finaly found the route cause, it was a mistake
in timestamping in the log that make Logstash try to send an event for the
index of 07/07/2014 which was closed, I reopen it and everything work fine
again, I just have 20h hours of old log to process, fortunatly Redis could
hold all these.
Le vendredi 18 juillet 2014 14:56:54 UTC+2, Alexandre Fricker a écrit :
>
> Everithing was working fine until 4 h this morning when Logstash stop send
> new logs to Elasticsearch and when I stop then restart the losgstash process
> it reprocess a bulk of new log lines and when it start to send it to
> Elasticserch it start writing this message again and again
>
> {:timestamp=>"2014-07-18T09:46:29.593000+0200", :message=>"Failed to flush
> outgoing items", :outgoing_count=>86, :exception=>#<RuntimeError: Non-OK
> response code from Elasticsearch: 404>,
> :backtrace=>["/soft/sth/lib/logstash/outputs/elasticsearch/protocol.rb:127:in
> `bulk_ftw'",
> "/soft/sth/lib/logstash/outputs/elasticsearch/protocol.rb:80:in `bulk'",
> "/soft/sth/lib/logstash/outputs/elasticsearch.rb:321:in `flush'",
> "/soft/sth/vendor/bundle/jruby/1.9/gems/stud-0.0.17/lib/stud/buffer.rb:219:in
> `buffer_flush'", "org/jruby/RubyHash.java:1339:in `each'",
> "/soft/sth/vendor/bundle/jruby/1.9/gems/stud-0.0.17/lib/stud/buffer.rb:216:in
> `buffer_flush'",
> "/soft/sth/vendor/bundle/jruby/1.9/gems/stud-0.0.17/lib/stud/buffer.rb:193:in
> `buffer_flush'",
> "/soft/sth/vendor/bundle/jruby/1.9/gems/stud-0.0.17/lib/stud/buffer.rb:112:in
> `buffer_initialize'", "org/jruby/RubyKernel.java:1521:in `loop'",
> "/soft/sth/vendor/bundle/jruby/1.9/gems/stud-0.0.17/lib/stud/buffer.rb:110:in
> `buffer_initialize'"], :level=>:warn}
>
> But when I check Elastisearch status in Elastisearch HQ everything is
> Green and OK
>
> From the day beafore nothing change except that I added a new type of data
> but only 15 logs every 1 minute
>
--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/6fd734fb-79e7-4047-898b-0b8587cf7d49%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
