ELK
懵懂无知的蜗牛
任何事到了最后总是好的。如果不好,说明还没到最后。
展开
-
Logstash报错: Could not index event to Elasticsearch
一、环境说明Logstash 7.3ElasticSearch 7.3二、现象logstash/logs/logstash-plain.log大量警告[2020-12-28T00:00:01,217][WARN ][logstash.outputs.elasticsearch] Could not index event to Elasticsearch. {:status=>400, :action=>["index", {:_id=>nil, :_index=>"原创 2020-12-28 13:59:55 · 10020 阅读 · 0 评论 -
解决LogStash报错:FORBIDDEN/12/index read-only / allow delete (api)
一、现象在Kibana上一直查询不到索引最新插入的数据,通过排查发现Logstash的日志(/logs/logstash-plain.log)大量报错:FORBIDDEN/12/index read-only / allow delete (api)[2020-10-27T15:35:12,119][INFO ][logstash.outputs.elasticsearch] retrying failed action with response code: 403 ({"type"=&..原创 2020-10-27 18:13:33 · 1142 阅读 · 1 评论 -
Kibana查询ES报错:[parent] Data too large, data for [<http_request>] would be [25720845544/23.9gb]
Kibana报错:{"type":"error","@timestamp":"2020-09-27T05:26:12Z","tags":["warning","stats-collection"],"pid":426971,"level":"error","error":{"message":"[circuit_breaking_exception] [parent] Data too large, data for [<http_request>] would be [2571245原创 2020-09-29 16:07:36 · 18772 阅读 · 3 评论 -
filebeat 报错:Failed to publish events
背景:使用filebeat往logstash中传递数据,查看filebeta日志发现报错。filebeat报错:ERROR logstash/async.go:235 Failed to publish events caused by: write tcp 127.0.0.1:54972->127.0.0.1:5044: write: connection reset by peer2020-09-18T13:50:19.159+0800 INFO [monitori...原创 2020-09-18 14:12:34 · 8952 阅读 · 0 评论 -
Kibana 7.X 导出CSV报告
背景ES7.3.0发布了新特性 从保存的搜索中导出CSV一、使用步骤1-1 保存搜索Discover -> 选择索引模式 ->选择要显示字段 ->输入你的查询条件 ->选择时间范围 -> 点击保存1-2 下载CSV报告点击共享 -> CSV报告 ->生成CSV报告1-3下载CSV报告下载完会在右下角弹出,点击下载报告下载完的报告也可以去管理>...原创 2020-09-17 15:26:27 · 11900 阅读 · 0 评论 -
ES已冻结索引查询不到,如何解决?
环境说明:ES 6.6及以上版本Elastic Stack在 6.6 版中,发布了两个强大的功能:索引生命周期管理 (ILM)和冻结索引1、如何冻结 Elasticsearch 索引?# 1、准备数据POST /sampledata/_doc{ "name":"Jane", "lastname":"Doe"}POST /sampledata/_doc{ "name":"John", "lastname":"Doe"}# 2、合并碎片数据POS.原创 2020-08-28 16:13:17 · 5684 阅读 · 0 评论