After smoothly working for more than 10 months, I start getting this error on production suddenly while doing simple search queries.
{
"error" : {
"root_cause" : [
{
"type" : "circuit_breaking_exception",
"reason" : "[parent] Data too large, data for [<http_request>] would be [745522124/710.9mb], which is larger than the limit of [745517875/710.9mb]",
"bytes_wanted" : 745522124,
"bytes_limit" : 745517875
}
],
"type" : "circuit_breaking_exception",
"reason" : "[parent] Data too large, data for [<http_request>] would be [745522124/710.9mb], which is larger than the limit of [745517875/710.9mb]",
"bytes_wanted" : 745522124,
"bytes_limit" : 745517875
},
"status" : 503
}
Initially, I was getting this error while doing simple term queries when I got this circuit_breaking_exception error, To debug this I tried _cat/health query on elasticsearch cluster, but still, the same error, even the simplest query localhost:9200 is giving the same error Not sure what happens to the cluster suddenly.
Her is my circuit breaker status:
"breakers" : {
"request" : {
"limit_size_in_bytes" : 639015321,
"limit_size" : "609.4mb",
"estimated_size_in_bytes" : 0,
"estimated_size" : "0b",
"overhead" : 1.0,
"tripped" : 0
},
"fielddata" : {
"limit_size_in_bytes" : 639015321,
"limit_size" : "609.4mb",
"estimated_size_in_bytes" : 406826332,
"estimated_size" : "387.9mb",
"overhead" : 1.03,
"tripped" : 0
},
"in_flight_requests" : {
"limit_size_in_bytes" : 1065025536,
"limit_size" : "1015.6mb",
"estimated_size_in_bytes" : 560,
"estimated_size" : "560b",
"overhead" : 1.0,
"tripped" : 0
},
"accounting" : {
"limit_size_in_bytes" : 1065025536,
"limit_size" : "1015.6mb",
"estimated_size_in_bytes" : 146387859,
"estimated_size" : "139.6mb",
"overhead" : 1.0,
"tripped" : 0
},
"parent" : {
"limit_size_in_bytes" : 745517875,
"limit_size" : "710.9mb",
"estimated_size_in_bytes" : 553214751,
"estimated_size" : "527.5mb",
"overhead" : 1.0,
"tripped" : 0
}
}
I found a similar issue hereGithub Issue that suggests increasing circuit breaker memory or disabling the same. But I am not sure what to choose. Please help!
Elasticsearch Version 6.3
After some more research finally, I found a solution for this i.e
We should not disable circuit breaker as it might result in OOM error and eventually might crash elasticsearch.
dynamically increasing circuit breaker memory percentage is good but it is also a temporary solution because at the end after solution increased percentage might also fill up.
Finally, we have a third option i.e increase overall JVM heap size which is 1GB by default but as recommended it should be around 30-32 GB on production, also it should be less than 50% of available total memory.
For more info check this for good JVM memory configurations of elasticsearch on production, Heap: Sizing and Swapping
In my case I have an index with large documents, each document has ~30 KB and more than 130 fields (nested objects, arrays, dates and ids).
and I was searching all fields using this DSL query:
query_string: {
query: term,
analyze_wildcard: true,
fields: ['*'], // search all fields
fuzziness: 'AUTO'
}
Since full-text searches are expensive. Searching through multiple fields at once is even more expensive. Expensive in terms of computing power, not storage.
Therefore:
The more fields a query_string or multi_match query targets, the
slower it is. A common technique to improve search speed over multiple
fields is to copy their values into a single field at index time, and
then use this field at search time.
please refer to ELK docs that recommends searching as few fields as possible with the help of copy-to directive.
After I changed my query to search one field:
query_string: {
query: term,
analyze_wildcard: true,
fields: ['search_field'] // search in one field
}
everything worked like a charm.
I got this error with my docker container so I increase the java_opts to 1GB and now it works without any error.
Here are the docker-compose.yml
version: '1'
services:
elasticsearch-cont:
image: docker.elastic.co/elasticsearch/elasticsearch:7.9.2
container_name: elasticsearch
environment:
- "ES_JAVA_OPTS=-Xms1024m -Xmx1024m"
- discovery.type=single-node
ulimits:
memlock:
soft: -1
hard: -1
ports:
- 9200:9200
- 9300:9300
networks:
- elastic
networks:
elastic:
driver: bridge
In my case, I also have an index with large documents which store system running logs and I searched the index with all fields. I use the Java Client API, like this:
TermQueryBuilder termQueryBuilder = QueryBuilders.termQuery("uid", uid);
searchSourceBuilder.query(termQueryBuilder);
When I changed my code like this:
TermQueryBuilder termQueryBuilder = QueryBuilders.termQuery("uid", uid);
searchSourceBuilder.fetchField("uid");
searchSourceBuilder.fetchSource(false);
searchSourceBuilder.query(termQueryBuilder);
the error disappeared.
Related
I encountered a problem when using the swupdate image built by yocto.
Software Update started !
[network_initializer] : Software update started
[extract_file_to_tmp] : Found file
[extract_file_to_tmp] : filename sw-description
[extract_file_to_tmp] : size 303
[get_common_fields] : Version 0.1.0
[get_common_fields] : Description Firmware update for XXXXX Project
[parse_hw_compatibility] : Accepted Hw Revision : 1.0
[parse_hw_compatibility] : Accepted Hw Revision : 1.2
[parse_hw_compatibility] : Accepted Hw Revision : 1.3
[_parse_images] : Found Image: rootfs.ext4.gz in device : /dev/mmcblk2p4 for handler raw
[check_hw_compatibility] : Hardware myir Revision: 1.0
[check_hw_compatibility] : Hardware compatibility verified
[extract_files] : Found file
[extract_files] : filename rootfs.ext4.gz
[extract_files] : size 373258053 required
ERROR : Not enough free space to extract rootfs.ext4.gz (needed 373258053, got 223219712)
Image invalid or corrupted. Not installing ...
[network_initializer] : Main thread sleep again !
Waiting for requests...
ERROR : Writing to IPC fails due to Broken pipe
As shown in the figure, it indicates that there is not enough space, and then I use resize2fs /dev/mmcblk2p4 to expand the space. Now it has 1g of space. But still the same hint. Please let me know what you think.
Try using the installed-directly flag in the sw-description file.
files: (
{
filename = "rootfs.ext4.gz";
sha256 = "bc57b9c737033d0d6826db51618d596da7ecf3fdc0cb48dc9986a6094f529413";
type = "archive";
path = "/path/to/extract";
preserve-attributes = true;
installed-directly = true; <---------- this option
properties: {
create-destination = "true";
}
}
Hi I installed Elasticsearch 6.6 with Ansible playbook over a cluster with 3 nodes.
All nodes are on the same port.
When I run the query:
curl -u es_admin:<pass> -X GET 'https://<hostname1>:9201/_nodes/process?pretty' -k
I see only one node in the cluster:
{
"_nodes" : {
"total" : 1,
"successful" : 1,
"failed" : 0
},
"cluster_name" : "new_cluster",
"nodes" : {
"Qlqcbgs_QmWXpglNVoOApQ" : {
"name" : "node1",
"transport_address" : "<IP_address>:9301",
"host" : "<hostname1>",
"ip" : "<IP_address>",
"version" : "6.6.0",
"build_flavor" : "default",
"build_type" : "rpm",
"build_hash" : "<build_hash_number>",
"roles" : [
"master",
"data",
"ingest"
],
"attributes" : {
"ml.machine_memory" : "16653647872",
"xpack.installed" : "true",
"ml.max_open_jobs" : "20",
"ml.enabled" : "true"
},
"process" : {
"refresh_interval_in_millis" : 1000,
"id" : 11674,
"mlockall" : false
}
}
}
}
I get the same output for each node separately:
curl -u es_admin:<pass> -X GET 'https://<hostname2>:9201/_nodes/process?pretty' -k
curl -u es_admin:<pass> -X GET 'https://<hostname3>:9201/_nodes/process?pretty' -k
Under elasticsearch.template.yml I do see the other nodes. For example if I go to node1 I see the other two:
discovery.zen.ping.unicast.hosts:
- <hostname2>:9301
- <hostname3>:9301
here is elasticsearch.yml:
node.name: node1
network.host: <hostname>
http.port: 9201
transport.tcp.port: 9301
node.master: true
node.data: true
node.ingest: true
search.remote.connect: true
#################################### Paths ####################################
# Path to directory containing configuration (this file and logging.yml):
path.data: /var/lib/elasticsearch/node1
path.logs: /var/log/elasticsearch/node1
discovery.zen.ping.unicast.hosts:
- <hostname2>:9301
- <hostname3>:9301
xpack.license.self_generated.type: trial
node.ml: true
xpack.ml.enabled: true
xpack.security.audit.enabled: true
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.http.ssl.enabled: true
xpack.ssl.keystore.path: **path**
xpack.ssl.keystore.password: *passwd*
xpack.ssl.truststore.path: **path**
xpack.ssl.truststore.password: *passwd*
What should be done in order to see all the nodes under the same cluster?
In 6.X you also need to set discovery.zen.minimum_master_nodes to say to your nodes what is the minimum number of master nodes required to form a cluster.
Since you didn't set it, each of your nodes think they are the master node and they won't join any cluster.
Set it to discovery.zen.minimum_master_nodes: 2 in each elasticsearch.yml file and restart your nodes.
I think all discovery.zen.ping.unicast.hosts must be the same in all node.
discovery.zen.ping.unicast.hosts:
- <hostname1>:9301
- <hostname2>:9301
- <hostname3>:9301
please try this or just:
discovery.zen.ping.unicast.hosts: ["hostname1:9301"]
I have log file with vert.x logs that i want to show in Kibana. How do i phrase following log, I want to phrase only IP, Request and Response time.
Here is my sample log.
[vert.x-eventloop-thread-7] 2016-09-27T07:13:53.263Z INFO [com.term.local.rest.server.Server] SUCCESS RESPONSE : 1.get.mydata, remoteIp : 192.168.1.1, processing time : 115
From this log i want only following information to visualise in Kibana
SUCCESS RESPONSE : 1.get.mydata, remoteIp : 192.168.1.1, processing time : 115
grok {
match => {
"message" => [
"%{GREEDYDATA}SUCCESS RESPONSE : %{NOTSPACE:response}, remoteIp : %{IP:remoteip}, processing time : %{INT:proceesingTime}"
]
}
}
For experiments with single node configuration I run ArangoDB with the command:
arangod --server.endpoint=tcp://0.0.0.0:8529 --server.disable-authentication=true --database.wait-for-sync=true
Then I do a few commands:
db._createDatabase("foo")
db._useDatabase("foo")
db._create("a")
db.a.properties()
Get the result:
{
"doCompact" : true,
"journalSize" : 33554432,
"isSystem" : false,
"isVolatile" : false,
"waitForSync" : false,
"keyOptions" : {
"type" : "traditional",
"allowUserKeys" : true
},
"indexBuckets" : 8
}
And where is my "waitForSync": true by default? Where do I do a mistake?
I can confirm your problem using ArangoDB 2.8.7 and the arangosh. This is a bug. If the same is done on the console (with --console), then it works.
From arangosh the request goes via the HTTP API and there the default of "false" for "waitForSync" is added, the command line option is ignored, which is the bug. I will make sure that this will be fixed in the next release of ArangoDB.
In the meantime, please add "waitForSync": true in all db._create calls in arangosh and all POST /_api/collection API calls via HTTP.
I'm working through upgrading our ElasticSearch version from 1.3 to 1.5. We use the Java API heavily. the following script in an ES query:
{
"script" : {
"script" : "values contains (int)doc['timestamp'].date.toDateTime(DateTimeZone.forID('America/New_York')).getMonthOfYear()",
"params" : {
"values" : [ 1 ]
},
"lang" : "groovy"
}
}
This works with 1.3, but gives the following error in 1.5:
org.elasticsearch.action.search.SearchPhaseExecutionException: Failed to execute phase [query_fetch], all shards failed; shardFailures {[XwOu9zq0TMi2uOptdfIS7w][eventdata][0]: QueryPhaseExecutionException[[eventdata][0]: query[filtered(ConstantScore(ScriptFilter(values contains (int)doc['timestamp'].date.toDateTime(DateTimeZone.forID('America/New_York')).getMonthOfYear().toString())))->cache(org.elasticsearch.index.search.nested.NonNestedDocsFilter#2a8c0465)],from[0],size[10]: Query Failed [Failed to execute main query]]; nested: GroovyScriptExecutionException[MissingMethodException[No signature of method: Script1.contains() is applicable for argument types: (java.lang.Class) values: [int]
Possible solutions: toString(), toString(), notify()]]; }
at org.elasticsearch.action.search.type.TransportSearchTypeAction$BaseAsyncAction.onFirstPhaseResult(TransportSearchTypeAction.java:238)
at org.elasticsearch.action.search.type.TransportSearchTypeAction$BaseAsyncAction$1.onFailure(TransportSearchTypeAction.java:184)
at org.elasticsearch.search.action.SearchServiceTransportAction$23.run(SearchServiceTransportAction.java:565)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
What's the best way to address this?
That looks like a brackets issue with the cast, so it thinks you're passing int to contains. Try adding brackets to help out the parser:
values.contains((int)doc['timestamp'].date.toDateTime(DateTimeZone.forID('America/New_York')).getMonthOfYear())