@Mark the link you posted is for linux paths. I assumed windows path will
be on similar lines and expected index data to be on below path:
C:\\data\elasticsearch\nodes\0\indices\idd
I see the path looks like it contains all the index data but I am puzzled
why the size of data directory is only
Take a look at
http://www.elastic.co/guide/en/elasticsearch/reference/current/setup-dir-layout.html#_zip_and_tar_gz
On 24 March 2015 at 16:34, Ravi Gupta wrote:
> Hi ,
>
> I have downloaded and installed ES on windows 7 and imported 2million+
> records into it. (from a csv of size 2.2GB). I can
ELK experts, I'm desperately need your help. I've spend hours and days on
this simple thing but still can't figure it out.
My settings are Elasticsearch 1.4.4 and Kibana 4.0.1. My program feeds data
into ElasticSearch. The data contain a timestamp and a value. I want to
create a bar chart, with
Hi ,
I have downloaded and installed ES on windows 7 and imported 2million+
records into it. (from a csv of size 2.2GB). I can search records using
fiddler and it works as expected.
I was hoping to see size of below directory to increase few GB but the size
is only 77 kb.
C:\temp\elasticsearc
Thank you, as i finished the post and was reading documentation, it made
sense to make all of them master and data as true.
i haven't specifically mentioned replica when i bulk index, if i specify
what would be the syntax, so that i can go back and double check.
On Monday, March 23, 2015 at 6:
I have a field of "Object" index type. It was initially created with index
mapping with "enabled" : false. For example:
"root_obj": {
"properties": {
"test_obj": {
"type": "object",
"enabled": false
}
}
Later now, I have the need to reset t
Mark,
Very thanks for your answer. I am new to ES. Can i get implementation
instruction or detailed answer? Thanks,
Andy
On Monday, March 23, 2015 at 9:11:18 PM UTC-7, Mark Walkom wrote:
>
> You'll want aliases with a routing query here, but to get the full benefit
> you'll have to reindex yo
You'll want aliases with a routing query here, but to get the full benefit
you'll have to reindex your data.
Sorry term, use aliases and consider setting up multiple KB instances.
On 24/03/2015 1:03 pm, "Andy" wrote:
> In my org, each team is creating ES index so the number of index grows
> very
I've found with K3 that if I'm updating filters but I don't wait for the
previous change to load completely that it seems that there are two
concurrent processes updating the histogram. Refreshing the page using the
in-page refresh, not the browser reload seems to resolve the display
problem for m
In my org, each team is creating ES index so the number of index grows very
quickly. Usually users are interested only in their 'product' data.
Currently, users execute query using Kibana w/o specifying index(it takes
_all'). To force user to specify index, what are my options? At the same
t
I did an optimize on this index and it looks like it caused a shard to
become corrupted. Or maybe the optimize just brought the shard corruption
to light?
On the node that reported the corrupted shard I tried shutting it down,
moving the shard out and then restarting. Unfortunately the next no
You might try 1.5, which was released today. There was a bug fix for date
histograms whereby improper DST handling could cause incorrect results.
> On Mar 23, 2015, at 5:35 PM, MC wrote:
>
> Just realized I forgot to mention: this is with version 1.4.4. Also I've
> been able to localize it
Just realized I forgot to mention: this is with version 1.4.4. Also I've
been able to localize it to a specific day's index, but I'm not sure what
the next steps should be to find the root cause and prevent/correct it.
On Monday, March 23, 2015 at 4:34:04 PM UTC-4, MC wrote:
>
> I'm wondering
There is a whole bunch more stats you can get from various APIs, see them
listed here https://www.elastic.co/search?q=stats
On 24 March 2015 at 02:52, wrote:
> Thanks, do you know if there's more memory metric reporting that I'm
> missing? I'd like to figure out what's growing the fastest/larges
How much data overall do you have?
If you are getting queue capacity limits then chances are you're
overloading your instance.
On 24 March 2015 at 05:34, vindictive27 wrote:
> Hello,
>
> I've searched through the group here and found a lot of information, but I
> am hoping someone could help me
You'd be better off setting them all as master and data true, it'll reduce
the possibility for a split brain situation to occur.
In that instance, and with your proxy, it doesn't really matter too much
where you bulk index data.
Did you specify replicas when you created the index? If you didn't t
https://www.elastic.co/blog/elasticsearch-1-5-0-released
Today, we are pleased to announce the release of *Elasticsearch 1.5.0*,
> based on *Lucene 4.10.4*. This is the latest stable version of
> Elasticsearch. It contains a number of important resiliency enhancements
> and bug fixes, and we advis
Greetings,
I am utilizing elasticsearch from JavaScript (node). I need to define a
mapping (set certain fields to "not_analyzed"). How can I do that from
JavaScript?
Thanks!
Blake McBride
--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
T
All,
Need advice on ES prod configuration,Our use case is very straightforward
and simple.
Data is updated only once per week and mostly the data would be searched.
We have 3 nodes and planning to configure them as follows.
1 nodes with data true and master false, 2 nodes with data and master true
Since you are using uid, your setup would look something like this
shield:
authc:
realms:
ldap1:
type: ldap
order: 0
url: "ldap://ldapserver:389";
user_dn_templates:
- "uid={0}, ou=People,dc=test,dc=org"
This assumes all users are directly in
It only does file inputs. For other things look at Logstash.
On 24 March 2015 at 08:13, Ashit Kumar wrote:
> I cant seem to find an reference to this but how can I configure
> Logstash-forwarder for
>
> 1. Windows Event logs
> 2. udp/tcp inputs?
>
> This is for a store and forward subsystem.
>
>
I cant seem to find an reference to this but how can I configure
Logstash-forwarder for
1. Windows Event logs
2. udp/tcp inputs?
This is for a store and forward subsystem.
Thanks
Ash
--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsu
Hey guys,
I just realized that for query_string_queries, range query terms are not
analyzed.
Our index is configured with fields to allow sorting with ICU collation:
"sort_range_analyzer" : {
"type" : "custom",
"tokenizer" : "whitespace",
"filter" : ["lowercase", "en_stop", "icu_en_
I'm wondering if anyone had seen something like this before: I have a 5 node
cluster with a bunch of large date based indices (I.e. each daily index can
have 50m docs). I have some kibana dashboards which visualize the data. Every
so often one of the histogram graphs displays incorrect data -
I just bumped into "more like this" functionality/api. Is there a
possibility to combine the result from more_like_this with some additional
search constraint?
I have two following ES query which works:
POST /h/B/_search
{
"query":{
"more_like_this" : {
"fields" : ["de
There is not, if you want that it'd definitely be worth raising as a
request on github though!
On 23 March 2015 at 21:40, Görge Albrecht wrote:
> Hi All,
>
> Is there any way in Kibana 4 to hide the _source field from the detail
> view on the Discover table?
> As all fields are already shown in
You just need to add them yourself, it's not an automatic process.
Use something like Elasticsearch Curator (
https://github.com/elasticsearch/curator).
On 23 March 2015 at 23:57, Görge Albrecht wrote:
> Hi,
>
> when using ELK with standard configuration an new logstash index is
> created every
Ok, I found out myself. It is possible to use _exists_ like this:
_exists_:"sensor-1643"
Den mandag den 23. marts 2015 kl. 11.50.05 UTC+1 skrev Ole Hedegaard:
>
> Hi,
>
> I'm looking for a way to query ES from Kibana with a "constant_score"
> query (see eg.
> http://elasticsearch-users.115913.
Hello,
I've searched through the group here and found a lot of information, but I
am hoping someone could help me verify my configuration - as I have been
running into many issues running ES.
I have a very simple setup with a small number of documents and only one
index (currently about 100 do
Will this be helpful?
http://stackoverflow.com/questions/23366602/default-index-analyzer-in-elasticsearch
On Mon, Mar 23, 2015 at 9:16 AM, Shai Amar wrote:
> I want to store data in an ElasticSearch index as not_analyzed.
>
> Meaning, that I do not need any analyzer to analyze the data.
>
> e.
Hi all,
I am wondering whether it is possible to sort a reverse nested aggregation
by the document count of the joined root / document the nested object
belongs to. The counts of the nested objects and the root document counts
can be off.
I was hoping it is possible to do this in ES and not by do
Hi, this question has been asked so many times I am so sorry for being a
noob.
Kibana keeps giving me the error "*Error Could not contact Elasticsearch at
http://localhost:9200. Please ensure that Elasticsearch is reachable from
your system.]*
I have changed the conig.js to be the correct ip y
I want to store data in an ElasticSearch index as not_analyzed.
Meaning, that I do not need any analyzer to analyze the data.
e.g. {name:JHON-ANDERSON} will be stored as {name:JOHN-ANDERSON}
I want to create a template that creates not_analyzed indices.
I know that if I want to do it this way
You probably want to monitor each node as well, _nodes/stats has useful
disk/cpu/heap/gc stats. Also has information about thread usage and
completed tasks to monitor search/index growth.
I don't fully know the answer to #2, but I assume _nodes & _cluster are
served by management threads. We
Oh, and here's the stack trace from the leniency crash:
[2015-03-23 16:45:06,310][DEBUG][action.search.type ] [Tagak the
Leopard Lord] [platina][4], node[TeMv1BkeQumIU3zw
OL9ZGA], [P], s[STARTED]: Failed to execute
[org.elasticsearch.action.search.SearchRequest@3cf896] lastShard [true]
org
Are you saying JVM is using 99% of the system memory or 99% of the heap?
If it's 99% of the available heap that's bad and you will have cluster
instability. I suggest increasing your JVM heap size if you can, I can't
find it right now but I remember a blog post that used twitter as a
benchmar
Thanks, do you know if there's more memory metric reporting that I'm
missing? I'd like to figure out what's growing the fastest/largest.
Fielddata I think should show up in the 'fm' column of the node stats. I'm
mostly curious what I'm missing in adding up the memory requirements, from
the no
about 12:00PM I've changed the index settings to
"index" : {
"refresh_interval" : "-1",
"compound_format" : "false",
"compound_on_flush" : "false"
}
--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscrib
We have 6 es nodes (cc2 8xlarge). Right now we're indexing about 5 billions
documents to 87 different indexes each with one shard and replication 1.
Documents are regularly distributed so there are no hotspots. Documents on
each index/node grows with same speed but after 3 billions documents are
We currently monitor our app by having a monitoring tool (Pingdom) retrieve
a health page from our app that retrieves and displays the Elasticsearch
cluster info, e.g.
{
"status": 200,
"name": "whatever",
"cluster_name": "whatever_dev",
"version": {
"number": "1.4.4",
I am currently using Kibana to kee track of kafka offsets. Offsets come in
a triple of numbers; size (number of messages posted to topic), offset
(where in the list the consumer is) and lag (difference between the two).
One thing I would like to be able to visualize is the increase in the size
Hi!
I have made an analyzer which gives me all trigrams of my input (as per
http://www.elastic.co/guide/en/elasticsearch/guide/current/ngrams-compound-words.html).
The thing is, I ALSO want all two letter words (and maybe also one letter
words) to be indexed.
So basically, the string "I like
Hi
I think You need to escape those spl char in search string, like
{
"query": {
"bool": {
"must": [
{
"query_string": {
"fields": [
"msg"
],
"query": "a\\/"
}
}
]
}
}
}
--
View this m
Actually, my whole log file is json format, and, I don't use any grok, I
just log it into the file and logstash gets the json and sends to
elasticsearch, indexing everything. In this case, what do you think I could
do?
Em domingo, 22 de março de 2015 19:40:07 UTC-3, Mark Walkom escreveu:
>
> I
Hi all,
I'm looking for an easy way to index documents containing an email field
and searching for them using pre- and postfix wildcard queries (something
similar to SQL: WHERE email LIKE '%search_term%').
One way may be using the uax_url_email tokenizer but it seems that in this
case prefix w
Hi Elastic Users,
We have 6 shards 2 replicas(3 nodes). While am searching in node1 it gave
one result, then pass the query to node2 & 3 it gave different order.
I tried preference = _primary & _primary_first It will returns correct order
in all the nodes.
But I tried preference = userId(003fd
Thank you for reply. I dont' need viewCount field to be indexed. I need this
field only to be displayed, because data I take from ES. For example when user
open forum section of the site he see topics (with information how many times
each of them was viewed) from elastic. The problem is that on
One thing you might want to consider is whether or not you need your index
to stay perfectly in synch with your database. If a topic is viewed 1000
times over the course of 2 minutes, is it important that Elasticsearch
update after every one? Maybe after each update you queue a reindexing, but
Hi,
I want to preserve the special characters like -, /, (, ) in search results.
Ex: Abc/def a(bc)def a-bcd
response: If I enter Abc/ the records containing abc/ need to come,
similarly for abc/def records with the following need to come, in the same
way abc/def a(bc) records with the similar co
Hi Yogesh. I am not 100% sure of this, so if someone else posts a reply
that differs from mine you should probably go with theirs, but I think this
is correct behavior.
Unless there is another process demanding memory from the OS, there is no
harm whatsoever in having the JVM consume all avail
Hi,
when using ELK with standard configuration an new logstash index is created
every day.
Is there a possibility to create an alias, say "last-week" which always
covers the last 7 days?
I found several places within the ES docs where aliases like "last_3_month"
or "current_day" are used in in
I have forum. And every topic has such field as viewCount - how many times
topic was viewed by forum users.
I wanted that all fields of topics were taken from ES (id,date,title,content
and viewCount). However, this case after every topic view ES must reindex
entire document again - I asked th
Hi,
I want to preserve the special characters like -, /, (, ) in search
results.
Ex: Abc/def a(bc)def a-bcd
response: If I enter Abc/ the records containing abc/ need to come,
similarly for abc/def records with the following need to come, in the same
way abc/def a(bc) records with the simi
Ok, a reboot of all cluster hosts fixed the problem, like magic... :|
//MA
Den fredag 20 mars 2015 kl. 21:12:09 UTC+1 skrev Mathias Adler:
>
> Index pattern is default [logstash-].MM.DD, same on all nodes
> Thanks for reaching out...!
> //MA
>
> 2015-03-20 20:34 GMT+01:00 Mark Walkom >:
>
well i got the answer from my question ,dynamic mapping is the answer.i am
using default templates with __default__ all enabled.
On Thu, Mar 5, 2015 at 10:00 PM, navdeep agarwal
wrote:
> hi we have a use case where we want to create new index every day (so that
> we can leverage deleting older i
Hi guys,
I'm doing a Proof of Concept with Kibana 4, and I'm unable to find the
Editable option that allowed to hide some functionalities from the
Dashboard, in Kibana 3. I dont see this property even in the .kibana index
in Elasticsearch.
I use Kibana as a centralized application, so I can't
No, I'm using elasticsearch 1.3.4
> You received this message because you are subscribed to the Google Groups
>> "elasticsearch" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to elasticsearc...@googlegroups.com .
>> To view this discussion on the
Is this version 1.4.4?
Can you create a thread dump with tools like jstack?
If many threads are in the state BLOCKING, this would be interesting.
Jörg
On Mon, Mar 23, 2015 at 11:47 AM, Sharmi Banerjee
wrote:
> I'm also facing the same issue.
> I have copied 20 index from an elasticsearch inst
Hi,
I'm looking for a way to query ES from Kibana with a "constant_score" query
(see eg.
http://elasticsearch-users.115913.n3.nabble.com/exists-filter-td4047532.html).
The reason is that I have a lot of JSON data in ES in this format (sensor
readings/timestamps):
{"timestamp":"2015-03-23T10:3
I'm also facing the same issue.
I have copied 20 index from an elasticsearch instance to a new instance.
After that when I started firing search queries in the new instance from my
code, after 20-30 calls I'm getting error:
{[aRGdCWK2QsyfvgGJLt6xrA][quanteye_ing][1]:
EsRejectedExecutionExceptio
Hi All,
Is there any way in Kibana 4 to hide the _source field from the detail view
on the Discover table?
As all fields are already shown in the detail view, the additional _source
field seems to increase the visual noise without adding any value.
Thanks in advance,
Görge
--
You received thi
Hi guys
Hope one of you can help...
In our prod environment, we have a 5 data nodes cluster (data:true,
master:false) + 3 masters (master:true, data:false). Elasticsearch 1.4.4,
Oracle Java 1.8. 40.
Data nodes have 30GB memory, masters 15GB.
We have a problem where the Heap crosses the heap limit
I have managed to change my time field to a recognizable format using
talend
On Sunday, March 22, 2015 at 6:15:06 PM UTC+1, BEN SALEM Omar wrote:
>
> I want to push data I have in my hadoop cluster to ES and then visualize
> the hole thing in kibana.
>
> this is what I’ve done :
>
> 1)
>
> CRE
SENSE can not load a file AFAIK.
Use curl or copy the file content in SENSE
--
David ;-)
Twitter : @dadoonet / @elasticsearchfr / @scrutmydocs
> Le 23 mars 2015 à 10:18, sharath chandra a
> écrit :
>
> Hi,
>
> I am new to elastic search. I am using sense plugin. While i am trying to
> retri
Hi all
Recently we start to face error:
EsRejectedExecutionException[rejected execution (queue capacity 1000)
The strange thing that there is no parallel or hard requests. After some
actions node start to throw that kind of error for any request, even for
one shard with size set to 0 (aggregat
ES uses several threadpools. Some are fixed sized, some are scalable, and
the reference is the JVM available core count, i.e.
Runtime.getRuntime().availableProcessors(), which can be overridden by a
"processors" directive:
http://www.elastic.co/guide/en/elasticsearch/reference/current/modules-thre
Jingzhao Ou, do you state that you successfully combined msearch with the
query containing aggregations (like in your example)? How should the query
be constructed then to prevent "msearch approach is not accepting normal
JSON payloads"? Could you please post a working msearch API call example?
Thanks Jörg, I did a thread dump: 60 % of ~400 threads are in state
WAITING, 35 % are in state RUNNABLE, the rest is in state TIMED_WAITING,
none is in state BLOCKED.
So I assume everything is OK - still wondering whats the point of creating
hundreds of threads as there are "only" 24 cores avai
68 matches
Mail list logo
