Elasticsearch

Commandes utiles

Affichage de la santé du cluster Elastic

curl -XGET "http://192.168.10.205:9200/_cluster/health?pretty"
{
  "cluster_name" : "graylog",
  "status" : "green",
  "timed_out" : false,
  "number_of_nodes" : 1,
  "number_of_data_nodes" : 1,
  "active_primary_shards" : 68,
  "active_shards" : 68,
  "relocating_shards" : 0,
  "initializing_shards" : 0,
  "unassigned_shards" : 0,
  "delayed_unassigned_shards" : 0,
  "number_of_pending_tasks" : 0,
  "number_of_in_flight_fetch" : 0,
  "task_max_waiting_in_queue_millis" : 0,
  "active_shards_percent_as_number" : 100.0
}

Occupation disque des index

Pour otenir le statut d'occupation des index.

root@205:~# curl -XGET "http://192.168.10.205:9200/_cat/shards?v"
index              shard prirep state   docs  store ip             node
gl-system-events_8 0     p      STARTED    0   261b 192.168.10.205 d-xTItF
gl-events_4        0     p      STARTED    0   261b 192.168.10.205 d-xTItF
gl-system-events_2 0     p      STARTED    0   262b 192.168.10.205 d-xTItF
gl-system-events_1 0     p      STARTED    0   261b 192.168.10.205 d-xTItF
gl-system-events_4 0     p      STARTED    0   261b 192.168.10.205 d-xTItF
gl-events_6        0     p      STARTED    0   261b 192.168.10.205 d-xTItF
gl-events_0        0     p      STARTED    0   261b 192.168.10.205 d-xTItF
gl-events_7        0     p      STARTED    0   261b 192.168.10.205 d-xTItF
gl-system-events_5 0     p      STARTED    0   261b 192.168.10.205 d-xTItF
gl-system-events_3 0     p      STARTED    0   261b 192.168.10.205 d-xTItF
gl-system-events_7 0     p      STARTED    0   261b 192.168.10.205 d-xTItF
gl-events_8        0     p      STARTED   72 46.7kb 192.168.10.205 d-xTItF
gl-system-events_0 0     p      STARTED    0   261b 192.168.10.205 d-xTItF
gl-events_3        0     p      STARTED    0   261b 192.168.10.205 d-xTItF
gl-events_2        0     p      STARTED    0   262b 192.168.10.205 d-xTItF
gl-system-events_6 0     p      STARTED    0   261b 192.168.10.205 d-xTItF
gl-events_1        0     p      STARTED    0   261b 192.168.10.205 d-xTItF
gl-events_5        0     p      STARTED    0   261b 192.168.10.205 d-xTItF

Afficher l'ocupation sur le disque

curl -XGET "http://192.168.10.205:9200/_cat/indices?v"

Suppression d'un index (sera recontruit si besoin)

curl -XDELETE 192.168.10.205:9200/graylog_8

Analyse des logs:

tail -f /var/log/graylog-server/tail -f server.log

Si l'erreur suivante apparait :

ERROR [IndexRotationThread] Couldn't point deflector to a new index
org.graylog2.indexer.ElasticsearchException: Couldn't remove alias graylog_deflector from indices [graylog_44]

blocked by: [FORBIDDEN/12/index read-only / allow delete (api)];

Il s'avère que Elastic est passé en read only, surement à cause d'un problème de saturation de disque (problème réglé par ailleurs).
Pour repasser en mode écriture il suffit de lancer la commande suivante, ou l'IP .205 correspond à mon serveur Elastic:

curl -X PUT "http://192.168.10.205:9200/_all/_settings?pretty" -H 'Content-Type: application/json' -d' { "index.blocks.read_only_allow_delete": null }'

Press ESC to close

Commandes utiles

Affichage de la santé du cluster Elastic

Occupation disque des index

Afficher l'ocupation sur le disque

Suppression d'un index (sera recontruit si besoin)

Analyse des logs:

Share Article:

Docker : Mise à jour de Portainer sur Synology

Graylog