Re: Red status unassigned shards help
Mark, appreciate the response I will look into both!
On Fri, May 30, 2014 at 5:47 PM, Mark Walkom ma...@campaignmonitor.com
wrote:
You can set the replicas for an index using the API (or kopf).
As for your upgrade concerns, see
http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/setup-upgrade.html
Regards,
Mark Walkom
Infrastructure Engineer
Campaign Monitor
email: ma...@campaignmonitor.com
web: www.campaignmonitor.com
On 31 May 2014 00:15, Jason Weber davev...@gmail.com wrote:
Thanks Mark and pawan,
Here is my output from netstat:
tcp6 0 0 :::9200 :::*
LISTEN 1155/java
Mark are you talking about upgrading to the lastest 0.9 or to 1.x.x?
Still waiting on a good method to go to the lastest 1.x in ES with out
messing up a bunch of stuff. Still in development but dont want to loose my
data.
I think you are right about the replica set, I read about a setting I
need to change in elasticsearch.yml, I will see if I can find that doc.
Also will install kopf. Thanks again for the help!
On Friday, May 30, 2014 12:18:47 AM UTC-4, Mark Walkom wrote:
It could also be the elasticsearch integrated output in ES, which adds
the LS instance as a client node to the cluster.
And you probably don't want to kill that.
Regards,
Mark Walkom
Infrastructure Engineer
Campaign Monitor
email: ma...@campaignmonitor.com
web: www.campaignmonitor.com
On 30 May 2014 14:11, Pawan Sharma pawansh...@gmail.com wrote:
In the node another instances of elasticsearch is started, so the
solution is first you have to find the PID ok another instances of es by
*netstat -lnp | grep 920*
and kill the PID if there is another es is started in 9201 port
Thanks
On Fri, May 30, 2014 at 4:03 AM, Mark Walkom ma...@campaignmonitor.com
wrote:
Install a visual monitoring plugin like kopf and ElasticHQ, you will
be able to see which shards are unassigned.
However I think you may have replicas set, which, given you only have
one one, will always result in a yellow state as the cluster cannot assign
replicas to another node.
You should also upgrade ES to a newer version if you can :)
Regards,
Mark Walkom
Infrastructure Engineer
Campaign Monitor
email: ma...@campaignmonitor.com
web: www.campaignmonitor.com
On 29 May 2014 23:45, Jason Weber dave...@gmail.com wrote:
I rebooted several times and I believe its collecting the correct
data now. I still show 520 unassigned shards, but its collecting all my
logs now. Is this something I can use the redirect command for to assign
it
to a new index?
Jason
On Tuesday, May 27, 2014 11:39:49 AM UTC-4, Jason Weber wrote:
Could someone walk me through getting my cluster up and running.
Came in from long weekend and my cluster was red status, I am showing a
lot
of unassigned shards.
jmweber@MIDLOG01:/var/log/logstash$ curl localhost:9200/_cluster/
health?pretty
{
cluster_name : midlogcluster,
status : red,
timed_out : false,
number_of_nodes : 2,
number_of_data_nodes : 1,
active_primary_shards : 512,
active_shards : 512,
relocating_shards : 0,
initializing_shards : 0,
unassigned_shards : 520
}
I am running ES 0.90.11
LS and ES are on a single server, I only have 1 node, although it
shows 2, I get yellow status normally, it works fine with that. But I am
only collecting like 43 events per minute vs my usual 50K.
I have seen several write ups but I seem to get a lot of no handler
found for uri statements when I try to run them.
Thanks,
Jason
--
You received this message because you are subscribed to the Google
Groups elasticsearch group.
To unsubscribe from this group and stop receiving emails from it,
send an email to elasticsearc...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/
msgid/elasticsearch/1307dd8d-411e-4690-a6d1-8e27ce26ecec%
40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/1307dd8d-411e-4690-a6d1-8e27ce26ecec%40googlegroups.com?utm_medium=emailutm_source=footer
.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google
Groups elasticsearch group.
To unsubscribe from this group and stop receiving emails from it, send
an email to elasticsearc...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/
msgid/elasticsearch/CAEM624Y%2BPsF8a4C0mh-Jsi%
3Dc6ogiXctAuA-Hn2oO6MVvv7SkBQ%40mail.gmail.com
https://groups.google.com/d/msgid/elasticsearch/CAEM624Y%2BPsF8a4C0mh-Jsi%3Dc6ogiXctAuA-Hn2oO6MVvv7SkBQ%40mail.gmail.com?utm_medium=emailutm_source=footer
.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google
Groups elasticsearch group.
To unsubscribe from this group and stop receiving emails from it, send
an email to elasticsearc...@googlegroups.com.
To view
Re: Red status unassigned shards help
Thanks Mark and pawan,
Here is my output from netstat:
tcp6 0 0 :::9200 :::*
LISTEN 1155/java
Mark are you talking about upgrading to the lastest 0.9 or to 1.x.x? Still
waiting on a good method to go to the lastest 1.x in ES with out messing up
a bunch of stuff. Still in development but dont want to loose my data.
I think you are right about the replica set, I read about a setting I need
to change in elasticsearch.yml, I will see if I can find that doc. Also
will install kopf. Thanks again for the help!
On Friday, May 30, 2014 12:18:47 AM UTC-4, Mark Walkom wrote:
It could also be the elasticsearch integrated output in ES, which adds the
LS instance as a client node to the cluster.
And you probably don't want to kill that.
Regards,
Mark Walkom
Infrastructure Engineer
Campaign Monitor
email: ma...@campaignmonitor.com javascript:
web: www.campaignmonitor.com
On 30 May 2014 14:11, Pawan Sharma pawansh...@gmail.com javascript:
wrote:
In the node another instances of elasticsearch is started, so the
solution is first you have to find the PID ok another instances of es by
*netstat -lnp | grep 920*
and kill the PID if there is another es is started in 9201 port
Thanks
On Fri, May 30, 2014 at 4:03 AM, Mark Walkom ma...@campaignmonitor.com
javascript: wrote:
Install a visual monitoring plugin like kopf and ElasticHQ, you will be
able to see which shards are unassigned.
However I think you may have replicas set, which, given you only have
one one, will always result in a yellow state as the cluster cannot assign
replicas to another node.
You should also upgrade ES to a newer version if you can :)
Regards,
Mark Walkom
Infrastructure Engineer
Campaign Monitor
email: ma...@campaignmonitor.com javascript:
web: www.campaignmonitor.com
On 29 May 2014 23:45, Jason Weber dave...@gmail.com javascript:
wrote:
I rebooted several times and I believe its collecting the correct data
now. I still show 520 unassigned shards, but its collecting all my logs
now. Is this something I can use the redirect command for to assign it to
a
new index?
Jason
On Tuesday, May 27, 2014 11:39:49 AM UTC-4, Jason Weber wrote:
Could someone walk me through getting my cluster up and running. Came
in from long weekend and my cluster was red status, I am showing a lot of
unassigned shards.
jmweber@MIDLOG01:/var/log/logstash$ curl localhost:9200/_cluster/
health?pretty
{
cluster_name : midlogcluster,
status : red,
timed_out : false,
number_of_nodes : 2,
number_of_data_nodes : 1,
active_primary_shards : 512,
active_shards : 512,
relocating_shards : 0,
initializing_shards : 0,
unassigned_shards : 520
}
I am running ES 0.90.11
LS and ES are on a single server, I only have 1 node, although it
shows 2, I get yellow status normally, it works fine with that. But I am
only collecting like 43 events per minute vs my usual 50K.
I have seen several write ups but I seem to get a lot of no handler
found for uri statements when I try to run them.
Thanks,
Jason
--
You received this message because you are subscribed to the Google
Groups elasticsearch group.
To unsubscribe from this group and stop receiving emails from it, send
an email to elasticsearc...@googlegroups.com javascript:.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/1307dd8d-411e-4690-a6d1-8e27ce26ecec%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/1307dd8d-411e-4690-a6d1-8e27ce26ecec%40googlegroups.com?utm_medium=emailutm_source=footer
.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google
Groups elasticsearch group.
To unsubscribe from this group and stop receiving emails from it, send
an email to elasticsearc...@googlegroups.com javascript:.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/CAEM624Y%2BPsF8a4C0mh-Jsi%3Dc6ogiXctAuA-Hn2oO6MVvv7SkBQ%40mail.gmail.com
https://groups.google.com/d/msgid/elasticsearch/CAEM624Y%2BPsF8a4C0mh-Jsi%3Dc6ogiXctAuA-Hn2oO6MVvv7SkBQ%40mail.gmail.com?utm_medium=emailutm_source=footer
.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups
elasticsearch group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearc...@googlegroups.com javascript:.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/CAMUueYn0EkSL1qAH%2Bb5s0PHMW%3Ds5dK48n3dLgFAuEDziSpBfDg%40mail.gmail.com
https://groups.google.com/d/msgid/elasticsearch/CAMUueYn0EkSL1qAH%2Bb5s0PHMW%3Ds5dK48n3dLgFAuEDziSpBfDg%40mail.gmail.com?utm_medium=emailutm_source=footer
.
For more options, visit https://groups.google.com/d/optout
Re: Red status unassigned shards help
I rebooted several times and I believe its collecting the correct data now.
I still show 520 unassigned shards, but its collecting all my logs now. Is
this something I can use the redirect command for to assign it to a new
index?
Jason
On Tuesday, May 27, 2014 11:39:49 AM UTC-4, Jason Weber wrote:
Could someone walk me through getting my cluster up and running. Came in
from long weekend and my cluster was red status, I am showing a lot of
unassigned shards.
jmweber@MIDLOG01:/var/log/logstash$ curl
localhost:9200/_cluster/health?pretty
{
cluster_name : midlogcluster,
status : red,
timed_out : false,
number_of_nodes : 2,
number_of_data_nodes : 1,
active_primary_shards : 512,
active_shards : 512,
relocating_shards : 0,
initializing_shards : 0,
unassigned_shards : 520
}
I am running ES 0.90.11
LS and ES are on a single server, I only have 1 node, although it shows 2,
I get yellow status normally, it works fine with that. But I am only
collecting like 43 events per minute vs my usual 50K.
I have seen several write ups but I seem to get a lot of no handler found
for uri statements when I try to run them.
Thanks,
Jason
--
You received this message because you are subscribed to the Google Groups
elasticsearch group.
To unsubscribe from this group and stop receiving emails from it, send an email
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/1307dd8d-411e-4690-a6d1-8e27ce26ecec%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Red status unassigned shards help
Could someone walk me through getting my cluster up and running. Came in
from long weekend and my cluster was red status, I am showing a lot of
unassigned shards.
jmweber@MIDLOG01:/var/log/logstash$ curl
localhost:9200/_cluster/health?pretty
{
cluster_name : midlogcluster,
status : red,
timed_out : false,
number_of_nodes : 2,
number_of_data_nodes : 1,
active_primary_shards : 512,
active_shards : 512,
relocating_shards : 0,
initializing_shards : 0,
unassigned_shards : 520
}
I am running ES 0.90.11
LS and ES are on a single server, I only have 1 node, although it shows 2,
I get yellow status normally, it works fine with that. But I am only
collecting like 43 events per minute vs my usual 50K.
I have seen several write ups but I seem to get a lot of no handler found
for uri statements when I try to run them.
Thanks,
Jason
--
You received this message because you are subscribed to the Google Groups
elasticsearch group.
To unsubscribe from this group and stop receiving emails from it, send an email
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/f8c8d310-4819-41eb-ae94-973ce9d06dd7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Re: elasticesearch and event correlation
John, Same questions, did you ever figure anything out on this? Jason On Friday, June 7, 2013 4:35:22 AM UTC-4, John Zhang wrote: Hi guys, I am one newer for elasticesearch. I am trying ElasticSearch +Kibana + Logstash for my security log management, I also need do event correlation on this platform, like what Simple Event Correlator (SEC, http://simple-evcorr.sourceforge.net/) do. My question is: How I do event correlation with ElasticSearch +Kibana + Logstash? Or Can I make SEC work with ElasticSearch +Kibana + Logstash? Any suggestion, comment will be highly appreciated! Thanks! Best regards, John -- You received this message because you are subscribed to the Google Groups elasticsearch group. To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/b4d3f19f-534c-4f05-88e0-23770c4638fd%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
