关于kibana查询elasticsearch的index提示Courier Fetch: 4 of 6 shards failed.处理方法

原创 于 2017-11-29 11:12:54 发布 · 6.4k 阅读 · 0 ·
CC 4.0 BY-SA版权
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
文章标签:

#elasticsearch #kibana

公司使用Elastic Stack收集、处理nginx日志。

使用kibana查询nginx日志时,发现无法通过host:nginx003.ecs.east1-e来查询对应服务器的nginx日志。页面提示Courier Fetch: 4 of 6 shards failed

查看kibana日志没有发现特殊的错误;

查看elasticsearch日志发现有如下日志:

[2017-11-29T11:01:28,570][DEBUG][o.e.a.s.TransportSearchAction] [storm3] [23646] Failed to execute fetch phase
org.elasticsearch.transport.RemoteTransportException: [es5][*.*.*.*9200][indices:data/read/search[phase/fetch/id]]
Caused by: java.lang.IllegalArgumentException: Fielddata is disabled on text fields by default. Set fielddata=true on [parameters.createTimeStart] in order to load fielddata in memory by uninverting the inverted index. Note that this can however use significant memory. Alternatively use a keyword field instead.
        at org.elasticsearch.index.mapper.TextFieldMapper$TextFieldType.fielddataBuilder(TextFieldMapper.java:336) ~[elasticsearch-5.6.3.jar:5.6.3]
        at org.elasticsearch.index.fielddata.IndexFieldDataService.getForField(IndexFieldDataService.java:111) ~[elasticsearch-5.6.3.jar:5.6.3]
        at org.elasticsearch.search.fetch.subphase.DocValueFieldsFetchSubPhase.hitExecute(DocValueFieldsFetchSubPhase.java:64) ~[elasticsearch-5.6.3.jar:5.6.3]
        at org.elasticsearch.search.fetch.FetchPhase.execute(FetchPhase.java:165) ~[elasticsearch-5.6.3.jar:5.6.3]
        at org.elasticsearch.search.SearchService.executeFetchPhase(SearchService.java:426) ~[elasticsearch-5.6.3.jar:5.6.3]
        at org.elasticsearch.action.search.SearchTransportService$12.messageReceived(SearchTransportService.java:407) ~[elasticsearch-5.6.3.jar:5.6.3]
        at org.elasticsearch.action.search.SearchTransportService$12.messageReceived(SearchTransportService.java:404) ~[elasticsearch-5.6.3.jar:5.6.3]
        at org.elasticsearch.transport.RequestHandlerRegistry.processMessageReceived(RequestHandlerRegistry.java:69) ~[elasticsearch-5.6.3.jar:5.6.3]
        at org.elasticsearch.transport.TcpTransport$RequestHandler.doRun(TcpTransport.java:1539) ~[elasticsearch-5.6.3.jar:5.6.3]
        at org.elasticsearch.common.util.concurrent.ThreadContext$ContextPreservingAbstractRunnable.doRun(ThreadContext.java:638) ~[elasticsearch-5.6.3.jar:5.6.3]
        at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:37) ~[elasticsearch-5.6.3.jar:5.6.3]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) ~[?:1.8.0_73]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) ~[?:1.8.0_73]
        at java.lang.Thread.run(Thread.java:745) [?:1.8.0_73]

根据错误提示,是parameters.createTimeStart这个字段要设置下fielddata=true 

在kibana的Dev tools设置下索引的字段:

PUT nginx*/_mapping/logs/

"properties": { 
  "parameters.createTimeStart": { 
    "type":     "text",
    "fielddata": true 


}

同时需要在_template里面添加上面的字段,这样每天就会自动设置到索引里面了。

再在kibana里面查询,如果还有问题,再参照同样的方式设置即可!


评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值