I am getting below error while opening elastic cloud URL
Error
at Fetch._callee3$ (https://id.eastus2.azure.elastic-cloud.com:9243/bundles/commons.bundle.js:3:232)
at l (https://id.eastus2.azure.elastic-cloud.com:9243/bundles/kbn-ui-shared-deps/kbn-ui-shared-deps.js:288:970406)
at Generator._invoke (https://id.eastus2.azure.elastic-cloud.com:9243/bundles/kbn-ui-shared-deps/kbn-ui-shared-deps.js:288:232)
at Generator.forEach.e.<computed> [as next] (https://id.eastus2.azure.elastic-cloud.com:9243/bundles/kbn-ui-shared-deps/kbn-ui-shared-deps.js:288:970763)
at asyncGeneratorStep (https://id.eastus2.azure.elastic-cloud.com:9243/bundles/commons.bundle.js:3:3991504)
at _next (https://id.eastus2.azure.elastic-cloud.com:9243/bundles/commons.bundle.js:3:3991815)
Also after this I am reloading the elastic cloud, getting below error :
{"statusCode":503,"error":"Service Unavailable","message":"No shard available
for [get [.kibana][_doc][space:default]: routing [null]]:
[no_shard_available_action_exception] No shard available for [get [.kibana][_doc][space:default]: routing [null]]"}
Can aanyone please help
The first error message doesn't sound very helpful, but in the second one it's clear that the .kibana index is missing. Do you know why that might have happened there? I would generally look at the following options:
If you were using Kibana already and need to restore some visualizations or dashboards, do a partial restore from a snapshot.
If you are ok to start over, restart Kibana (potentially remove it from your deployment and then add it again). That should generally recreate the .kibana index.
If none of that works, contact support.
Related
I am querying logs in Kibana which connects to Elasticsearch cluster in the backend.
When I query logs in Discovery tab in Kibana, sometimes I see a popup error dialog with below exceptions. I can't find anything wrong in the backend logs.
search_phase_execution_exception
Error
at Fetch._callee3$ (https://kibana.crms.myzeller.dev/36063/bundles/core/core.entry.js:6:59535)
at l (https://kibana.crms.dev/36063/bundles/kbn-ui-shared-deps/kbn-ui-shared-deps.js:380:1740520)
at Generator._invoke (https://kibana.crms.dev/36063/bundles/kbn-ui-shared-deps/kbn-ui-shared-deps.js:380:1740273)
at Generator.forEach.e.<computed> [as next] (https://kibana.crms.dev/36063/bundles/kbn-ui-shared-deps/kbn-ui-shared-deps.js:380:1740877)
at fetch_asyncGeneratorStep (https://kibana.crms.dev/36063/bundles/core/core.entry.js:6:52652)
at _next (https://kibana.crms.myzeller.dev/36063/bundles/core/core.entry.js:6:52968)
is there more in your Elasticsearch and/or Kibana logs around the same time you are seeing this? there should be, and it'll help explain what the issue is
I am running elastic search 7.6 it is working ok on http://localhost:9200/ . I am able to use the REST API to add values to index.
Now when i start up kibana 7.6, i get following error:-
log [12:31:32.247] [info][plugins-service] Plugin "case" is disabled.
log [12:31:44.432] [info][plugins-system] Setting up [36] plugins: [taskManager,siem,licensing,infra,encryptedSavedObjects,code,timelion,features,security,usageCollection,metrics,canvas,apm_oss,translations,reporting,status_page,share,uiActions,data,navigation,newsfeed,kibana_legacy,management,dev_tools,home,spaces,cloud,graph,inspector,expressions,visualizations,embeddable,advancedUiActions,dashboard_embeddable_container,eui_utils,bfetch] log [12:31:44.435] [info]
log [12:31:44.587] [info][savedobjects-service] Waiting until all Elasticsearch nodes are compatible with Kibana before starting saved objects migrations...
log [12:31:44.617] [info][savedobjects-service] Starting saved objects migrations log [12:31:44.657] [info][savedobjects-service] Creating index .kibana_1.
log [12:31:44.663] [info][savedobjects-service] Creating index .kibana_task_manager_1.
log [12:32:14.663] [warning][savedobjects-service] Unable to connect to Elasticsearch. Error: Request Timeout after 30000ms
Unable to connect to Elasticsearch. Error: Request Timeout after
30000ms
I've got same problem like yours, and I've sloved it by switching cmd prompt window to PowerShell window. It seems that command prompt window is very sensitive. You may get some idea here. https://discuss.elastic.co/t/kibana-7-4-0-on-windows-command-prompt-not-able-to-start/203877/7
BTW, If you get a warning when you restart Kibana, like:
log [06:27:47.136] [warning][savedobjects-service] Unable to connect to Elasticsearch. Error: [resource_already_exists_exception] index [.kibana_task_manager_1/EmPx77s1TLWbLQdqQ8iC0w] already exists, with { index_uuid="EmPx77s1TLWbLQdqQ8iC0w" & index=".kibana_task_manager_1" }
log [06:27:47.140] [warning][savedobjects-service] Another Kibana instance appears to be migrating the index. Waiting for that migration to complete. If no other Kibana instance is attempting migrations, you can get past this message by deleting index .kibana_task_manager_1 and restarting Kibana.
Just do what it told you, delete the index .kibana_task_manager_1 and restart Kibana.
curl -XDELETE http://localhost:9200/.kibana_task_manager_1
Good Luck.
I am trying to deleate all the logs that are were stored 14 days ago or before in elasticsearch. I have installed curator , and created the config file and the action file, in this way:
curator.yml configuration file
My elasticsearch is running in localhost:8080 ,and kibana in localhost:80
delete_indices action file
With both configurations file, I execute the currator with the config files and i obtain this:
command execution
You can see in the following image, my index name in kibana:
filebeat index in kibana
I've already tried many things, however I didn't manage to make it work, it allways says there is no index with this name. Do someone know where could be the issue?
Edit 1:
With your help, I managed to get the exact index name, however I still have the same problem:
modified delete_indices.yml file
That's what i get when i enter GET _cat/indices:
my indices
The problem was that curator will not act on any index associated with an ILM policy without setting allow_ilm_indices to to true.
The solution was:
More information: https://www.elastic.co/guide/en/elasticsearch/client/curator/5.8/option_allow_ilm.html
I have managed to process log files using the ELK kit and I can now see my logs on Kibana.
I have scoured the internet and can't seem to find a way to remove all the old logs, viewable in Kibana, from months ago. (Well an explaination that I understand). I just want to clear my Kibana and start a fresh by loading new logs and them being the only ones displayed. Does anyone know how I would do that?
Note: Even if I remove all the Index Patterns (in Management section), the processed logs are still there.
Context: I have been looking at using ELK to analyse testing logs in my work. For that reason, I am using ElasticSearch, Kibana and Logstatsh v5.4, and I am unable to download a newer version due to company restrictions.
Any help would be much appreciated!
Kibana screenshot displaying logs
Update:
I've typed "GET /_cat/indices/*?v&s=index" into the Dev Tools>Console and got a list of indices.
I initially used the "DELETE" function, and it didn't appear to be working. However, after restarting everything, it worked the seond time and I was able to remove all the existing indices which subsiquently removed all logs being displayed in Kibana.
SUCCESS!
Kibana is just the visualization part of the elastic stack, your data is stored in elasticsearch, to get rid of it you need to delete your index.
The 5.4 version is very old and already passed the EOL date, it does not have any UI to delete the index, you will need to use the elasticsearch REST API to delete it.
You can do it from kibana, just click in Dev Tools, first you will need to list your index using the cat indices endpoint.
GET "/_cat/indices?v&s=index&pretty"
After that you will need to use the delete api endpoint to delete your index.
DELETE /name-of-your-index
On the newer versions you can do it using the Index Management UI, you should try to talk with your company to get the new version.
I am currently using Elastic Cloud to store my AWS CloudWatch logs. Everything seems to work fine as I'm already able to display charts and to query ElasticSearch correctly. Yet, I got a strange behavior I can't explain.
I am logging some events from my app. Let's say request_start and request_end. They are both available on Kibana. Yet, I'm also logging another event, let's say request_middle. I can see it on CloudWatch.
When checking in the Discover tab of Kibana, I don't see this event. I tried event:"request_middle" query, in vain. And if I display a list of all events under this same tab, I get a full list, except request_middle.
I tried to query directly Elastic Search, in case of. But no results as well.
Have some of you already encountered such a case? If so, how did you fix it?