Commandes utiles
Affichage de la santé du cluster Elastic
curl -XGET "http://192.168.10.205:9200/_cluster/health?pretty"
{
"cluster_name" : "graylog",
"status" : "green",
"timed_out" : false,
"number_of_nodes" : 1,
"number_of_data_nodes" : 1,
"active_primary_shards" : 68,
"active_shards" : 68,
"relocating_shards" : 0,
"initializing_shards" : 0,
"unassigned_shards" : 0,
"delayed_unassigned_shards" : 0,
"number_of_pending_tasks" : 0,
"number_of_in_flight_fetch" : 0,
"task_max_waiting_in_queue_millis" : 0,
"active_shards_percent_as_number" : 100.0
}
Occupation disque des index
Pour otenir le statut d'occupation des index.
root@205:~# curl -XGET "http://192.168.10.205:9200/_cat/shards?v"
index shard prirep state docs store ip node
gl-system-events_8 0 p STARTED 0 261b 192.168.10.205 d-xTItF
gl-events_4 0 p STARTED 0 261b 192.168.10.205 d-xTItF
gl-system-events_2 0 p STARTED 0 262b 192.168.10.205 d-xTItF
gl-system-events_1 0 p STARTED 0 261b 192.168.10.205 d-xTItF
gl-system-events_4 0 p STARTED 0 261b 192.168.10.205 d-xTItF
gl-events_6 0 p STARTED 0 261b 192.168.10.205 d-xTItF
gl-events_0 0 p STARTED 0 261b 192.168.10.205 d-xTItF
gl-events_7 0 p STARTED 0 261b 192.168.10.205 d-xTItF
gl-system-events_5 0 p STARTED 0 261b 192.168.10.205 d-xTItF
gl-system-events_3 0 p STARTED 0 261b 192.168.10.205 d-xTItF
gl-system-events_7 0 p STARTED 0 261b 192.168.10.205 d-xTItF
gl-events_8 0 p STARTED 72 46.7kb 192.168.10.205 d-xTItF
gl-system-events_0 0 p STARTED 0 261b 192.168.10.205 d-xTItF
gl-events_3 0 p STARTED 0 261b 192.168.10.205 d-xTItF
gl-events_2 0 p STARTED 0 262b 192.168.10.205 d-xTItF
gl-system-events_6 0 p STARTED 0 261b 192.168.10.205 d-xTItF
gl-events_1 0 p STARTED 0 261b 192.168.10.205 d-xTItF
gl-events_5 0 p STARTED 0 261b 192.168.10.205 d-xTItF
Afficher l'ocupation sur le disque
curl -XGET "http://192.168.10.205:9200/_cat/indices?v"
Suppression d'un index (sera recontruit si besoin)
curl -XDELETE 192.168.10.205:9200/graylog_8
Analyse des logs:
tail -f /var/log/graylog-server/tail -f server.log
Si l'erreur suivante apparait :
ERROR [IndexRotationThread] Couldn't point deflector to a new index
org.graylog2.indexer.ElasticsearchException: Couldn't remove alias graylog_deflector from indices [graylog_44]blocked by: [FORBIDDEN/12/index read-only / allow delete (api)];
Il s'avère que Elastic est passé en read only, surement à cause d'un problème de saturation de disque (problème réglé par ailleurs).
Pour repasser en mode écriture il suffit de lancer la commande suivante, ou l'IP .205 correspond à mon serveur Elastic:
curl -X PUT "http://192.168.10.205:9200/_all/_settings?pretty" -H 'Content-Type: application/json' -d' { "index.blocks.read_only_allow_delete": null }'