How to reindex
426 views
Skip to first unread message
Cristian Radu
Feb 17, 2023, 10:28:56 AM2/17/23
to Wazuh mailing list
Hello,
Thanks,
I was trying to reindex using the steps mentioned here https://www.elastic.co/guide/en/elasticsearch/reference/current/docs-reindex.html but it is not working. What am I missing?
POST _reindex
{
"source": {
"index": "wazuh-archives-4.x-2022.11.24"
},
"dest": {
"index": "wazuh-archives-new-4.x-2022.11.24"
}
}
{
"source": {
"index": "wazuh-archives-4.x-2022.11.24"
},
"dest": {
"index": "wazuh-archives-new-4.x-2022.11.24"
}
}
{"statusCode":502,"error":"Bad Gateway","message":"Client request timeout"}
Thanks,
Cristian
Cristian Radu
Feb 17, 2023, 10:38:48 AM2/17/23
to Wazuh mailing list
Hello,
Now I see this:
GET _cluster/allocation/explain?pretty
{
"index" : "wazuh-archives-new-4.x-2022.11.24",
"shard" : 0,
"primary" : false,
"current_state" : "unassigned",
"unassigned_info" : {
"reason" : "INDEX_CREATED",
"at" : "2023-02-17T15:18:26.933Z",
"last_allocation_status" : "no_attempt"
},
"can_allocate" : "no",
"allocate_explanation" : "cannot allocate because allocation is not permitted to any of the nodes",
"node_allocation_decisions" : [
{
"node_id" : "Wgcxeaj4RM6UkojA65tufg",
"node_name" : "node-1",
"transport_address" : "<IP>:9300",
"node_attributes" : {
"shard_indexing_pressure_enabled" : "true"
},
"node_decision" : "no",
"weight_ranking" : 1,
"deciders" : [
{
"decider" : "same_shard",
"decision" : "NO",
"explanation" : "a copy of this shard is already allocated to this node [[wazuh-archives-new-4.x-2022.11.24][0], node[Wgcxeaj4RM6UkojA65tufg], [P], s[STARTED], a[id=ckclpW_sQqmQ2Xa5fN74Lg]]"
}
]
}
]
}
"index" : "wazuh-archives-new-4.x-2022.11.24",
"shard" : 0,
"primary" : false,
"current_state" : "unassigned",
"unassigned_info" : {
"reason" : "INDEX_CREATED",
"at" : "2023-02-17T15:18:26.933Z",
"last_allocation_status" : "no_attempt"
},
"can_allocate" : "no",
"allocate_explanation" : "cannot allocate because allocation is not permitted to any of the nodes",
"node_allocation_decisions" : [
{
"node_id" : "Wgcxeaj4RM6UkojA65tufg",
"node_name" : "node-1",
"transport_address" : "<IP>:9300",
"node_attributes" : {
"shard_indexing_pressure_enabled" : "true"
},
"node_decision" : "no",
"weight_ranking" : 1,
"deciders" : [
{
"decider" : "same_shard",
"decision" : "NO",
"explanation" : "a copy of this shard is already allocated to this node [[wazuh-archives-new-4.x-2022.11.24][0], node[Wgcxeaj4RM6UkojA65tufg], [P], s[STARTED], a[id=ckclpW_sQqmQ2Xa5fN74Lg]]"
}
]
}
]
}
So, the problem complicates a bit.
Thanks,
Cristian
Aditya Sharma
Feb 19, 2023, 10:07:16 PM2/19/23
to Wazuh mailing list
Hi Christian, Thanks for using Wazuh!
If you want, you can reindex the indexes with the incorrect type in the following way:
POST _reindex
{
"source":{
"index":"<problem index>"
},
"dest":{
"index":"<problem index>-fixed"
}
}
2. Verify that it has been created with the correct fields
GET <problem index>-fixed
3. If the index was created correctly, you can delete the index with the problem
DELETE <problem index>
If you want to have the names as before, you can repeat the process and delete the word fixed
Regards
If you want, you can reindex the indexes with the incorrect type in the following way:
POST _reindex
{
"source":{
"index":"<problem index>"
},
"dest":{
"index":"<problem index>-fixed"
}
}
2. Verify that it has been created with the correct fields
GET <problem index>-fixed
3. If the index was created correctly, you can delete the index with the problem
DELETE <problem index>
If you want to have the names as before, you can repeat the process and delete the word fixed
Regards
Cristian Radu
Feb 20, 2023, 4:10:50 AM2/20/23
to Aditya Sharma, Wazuh mailing list
Hello Aditya,
Thanks for your response!
When I do this:
POST _reindex
{
"source":{
"index":"wazuh-archives-new-4.x-2022.11.24"
},
"dest":{
"index":"wazuh-archives-new-4.x-2022.11.24-fixed"
}
}
{
"source":{
"index":"wazuh-archives-new-4.x-2022.11.24"
},
"dest":{
"index":"wazuh-archives-new-4.x-2022.11.24-fixed"
}
}
I get the same error as before:
{"statusCode":502,"error":"Bad Gateway","message":"Client request timeout"}
What can I do to troubleshoot?
BR,
Cristian
Cristian
--
You received this message because you are subscribed to a topic in the Google Groups "Wazuh mailing list" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/wazuh/YLr3AVDLnyM/unsubscribe.
To unsubscribe from this group and all its topics, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/02ea05a3-7834-40e4-96de-ce066cca43acn%40googlegroups.com.
Aditya Sharma
Feb 20, 2023, 4:14:45 AM2/20/23
to Wazuh mailing list
Hi Christian,
Can you please share below log file from the elasticsearch server:
cat /var/log/elasticsearch/<cluster_name>.log
Also, below are commands output from the server:
free -h
df -h
This might be possible because your server memory or disk usage is causing this issue.
Looking for your response soon!
Cristian Radu
Feb 20, 2023, 4:21:07 AM2/20/23
to Aditya Sharma, Wazuh mailing list
Hello again,
I deleted the shard, tried creating a new one, and I get this error:
{
"took" : 125,
"timed_out" : false,
"total" : 1074327,
"updated" : 0,
"created" : 0,
"deleted" : 0,
"batches" : 1,
"version_conflicts" : 0,
"noops" : 0,
"retries" : {
"bulk" : 0,
"search" : 0
},
"throttled_millis" : 0,
"requests_per_second" : -1.0,
"throttled_until_millis" : 0,
"failures" : [
{
"index" : "wazuh-archives-4.x-2022.11.24-new",
"type" : "_doc",
"id" : "aj9rqoQBsRQfJlr-7SXW",
"cause" : {
"type" : "validation_exception",
"reason" : "Validation Failed: 1: this action would add [3] total shards, but this cluster currently has [1199]/[1200] maximum shards open;"
},
"status" : 400
},
"took" : 125,
"timed_out" : false,
"total" : 1074327,
"updated" : 0,
"created" : 0,
"deleted" : 0,
"batches" : 1,
"version_conflicts" : 0,
"noops" : 0,
"retries" : {
"bulk" : 0,
"search" : 0
},
"throttled_millis" : 0,
"requests_per_second" : -1.0,
"throttled_until_millis" : 0,
"failures" : [
{
"index" : "wazuh-archives-4.x-2022.11.24-new",
"type" : "_doc",
"id" : "aj9rqoQBsRQfJlr-7SXW",
"cause" : {
"type" : "validation_exception",
"reason" : "Validation Failed: 1: this action would add [3] total shards, but this cluster currently has [1199]/[1200] maximum shards open;"
},
"status" : 400
},
why does it try to create the index with 3 shards? I specified "index.number_of_shards": "1" in /etc/filebeat/wazuh-template.json. And the purpose of my reindexing is to decrease the number of shards per index from 3 to 1. So why when I try to reindex it creates 3 shards?
BR,
Cristian
Aditya Sharma
Mar 24, 2023, 2:55:56 AM3/24/23
to Wazuh mailing list
Hi Christian, Sorry for the late response!
As I can see shards have increased the max number of shards, so please try you run the below command from the dev tools and increase the shards accordingly but that is not recommended for a single node environment. Try to delete the older indices instead of increasing max number of shards.
Regards
Aditya Sharma
As I can see shards have increased the max number of shards, so please try you run the below command from the dev tools and increase the shards accordingly but that is not recommended for a single node environment. Try to delete the older indices instead of increasing max number of shards.
PUT /_cluster/settings
{
"transient": {
"cluster.routing.allocation.total_shards_per_node": 3000
}
}
Regards
Aditya Sharma
Reply all
Reply to author
Forward
0 new messages