elk 常见问题

发表于 分类于

common

1
2
3
4
5
6
7
8
9
10
11
12
13
14
#!/usr/bin/env bash

method=$1
if [ -z "$method" ]; then
  method="GET"
fi
path=$2
if [[ $path == *\?* ]]; then
  path="$path&pretty"
else
  path="$path?pretty"
fi

curl -v -u "elastic:p1ssw0rd" -X "$method" -H "Content-Type: application/json" "${@:2}" "http://localhost:9200/$path"

index setting

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
./curl.sh PUT _index_template/logstash -d '{
  "template": {
    "settings": {
      "index": {
        "lifecycle": {
          "name": "90-days-default",
          "rollover_alias": "90days"
        },
        "refresh_interval": "5s",
        "number_of_replicas": "0"
      }
    }
  },
  "index_patterns": [
    "logstash-*"
  ]
}'

index health is yellow

1
2
3
./curl.sh PUT _settings -d '{
  "index.number_of_replicas": 0
}'

index has exceeded [1000000] - maximum allowed to be analyzed for highlighting

1
2
3
./curl.sh PUT _settings -d '{
  "index.highlight.max_analyzed_offset": 100000000
}'

this action would add [2] shards, but this cluster currently has [1000]/[1000]

1
2
3
4
5
./curl.sh PUT _cluster/settings -d '{
  "persistent": {
    "cluster.max_shards_per_node": 1000000
  }
}'

Can’t store an async search response larger than [10485760] bytes.

1
2
3
4
5
./curl.sh PUT _cluster/settings -d '{
  "persistent": {
    "search.max_async_search_response_size": "50mb"
  }
}'