SlideShare a Scribd company logo

Troubleshooting your Elasticsearch cluster like an Elastic Support Engineer

I
Imma Valls Bernaus

The document provides a comprehensive troubleshooting guide for managing Elasticsearch clusters, focusing on issues like cluster health being 'red' and unbalanced CPU usage. It outlines diagnostic steps, potential causes, and treatment options, emphasizing proactive monitoring and management strategies. Key takeaways include the importance of understanding cluster settings, using APIs for diagnostics, and maintaining proper data retention and lifecycle management.

Technology
1 of 47
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
Troubleshooting your Elasticsearch cluster like a Support Engineer Imma Valls Support Engineer, Elastic @eyeveebee http://eyeveebee.net
Cluster down!
Know Your Tools
How can we approach troubleshooting?
The Emergency Room model
Troubleshooting your Elasticsearch cluster like an Elastic Support Engineer
Troubleshooting your Elasticsearch cluster like an Elastic Support Engineer
Troubleshooting your Elasticsearch cluster like an Elastic Support Engineer
9
Troubleshooting your Elasticsearch cluster like an Elastic Support Engineer
11
Troubleshooting your Elasticsearch cluster like an Elastic Support Engineer
13
Troubleshooting your Elasticsearch cluster like an Elastic Support Engineer
15
Troubleshooting your Elasticsearch cluster like an Elastic Support Engineer
17
Troubleshooting your Elasticsearch cluster like an Elastic Support Engineer
Troubleshooting by Example Red Cluster 19
TRIAGE Urgent Severity] Red cluster Vital signs ➔ Cluster in red health ➔ No ingest into any indices Symptoms ➔ Beats fail to ingest ➔ Cluster is responsive, search and REST API still work
TRIAGE Urgent Severity] Red cluster What happened? ➔ Out of the blue, no changes Any attempts to fix it? ➔ No Next steps ➔ Share a support diagnostics that will provide REST API calls https://www.elastic.co/blog/why-does-elastic-support-keep-asking-for-diagnostic-files https://github.com/elastic/support-diagnostics/blob/main/src/main/resources/elastic-rest.yml https://github.com/elastic/support-diagnostics > ./diagnostics.sh --host https://localhost -u elastic -p --port 9200 --ssl --type api --noVerify
DIAGNOSTIC Urgent Severity] Red cluster Why is the cluster red? ➔ REST API calls - CAT Indices API https://www.elastic.co/guide/en/elasticsearch/reference/7.14/rest-apis.html https://www.elastic.co/guide/en/elasticsearch/reference/7.14/cat-indices.html
DIAGNOSTIC Urgent Severity] Red cluster Why is an index red? ➔ Check shards that are not started: INITIALIZING or UNASSIGNED https://www.elastic.co/guide/en/elasticsearch/reference/7.14/cat-shards.html
DIAGNOSTIC Urgent Severity] Red cluster Why is a shard UNASSIGNED? ➔ Cluster allocation explain API https://www.elastic.co/guide/en/elasticsearch/reference/7.14/cluster-allocation-explain.html
DIAGNOSTIC Urgent Severity] Red cluster Why is a shard UNASSIGNED?
DIAGNOSTIC Urgent Severity] Red cluster Have we used all the cluster storage? ➔ Use CAT Allocation API https://www.elastic.co/guide/en/elasticsearch/reference/7.14/cat-allocation.html
DIAGNOSTIC Urgent Severity] Red cluster Interpret data ➔ Cluster reached its flood stage disk watermark https://www.elastic.co/guide/en/elasticsearch/reference/7.14/modules-cluster.html#disk-based-shard-allocation
DIAGNOSTIC Urgent Severity] Red cluster Interpret data ➔ Existing indices are blocked for write https://www.elastic.co/guide/en/elasticsearch/reference/7.14/cluster-get-settings.html
TREATMENT Urgent Severity] Red cluster Fixing the root cause ➔ Delete indices to increase available storage https://www.elastic.co/guide/en/elasticsearch/reference/7.14/indices-delete-index.html Do we have snapshots? We can restore later. https://www.elastic.co/guide/en/elasticsearch/reference/7.14/snapshot-restore.html ➔ Add nodes or increase storage capacity (easier on cloud)
TREATMENT Urgent Severity] Red cluster Temporary Hotfix ➔ Alter the cluster settings to temporarily allow a higher disk usage https://www.elastic.co/guide/en/elasticsearch/reference/7.14/cluster-update-settings.html
TREATMENT Urgent Severity] Red cluster Remove write block on the indices ➔ Once we have enough disk, remove the index block if needed https://www.elastic.co/guide/en/elasticsearch/reference/7.14/indices-update-settings.html
TREATMENT Urgent Severity] Red cluster Bonus track ➔ If corrupted shards, and no snapshots, we can force allocation accepting potential data loss https://www.elastic.co/guide/en/elasticsearch/reference/7.14/cluster-reroute.html#cluster-reroute-api-request-body
DISCHARGE Urgent Severity] Red cluster Takeaways ➔ Proactively monitor disk usage on each node / Alerts Aim to 75% used storage to be on the safe side (< 85%) ➔ Plan for data retention / deletion with ILM or Data Tiers Index Lifecycle Management (ILM) can help automate https://www.elastic.co/guide/en/elasticsearch/reference/7.14/index-lifecycle-management.html https://www.elastic.co/guide/en/elasticsearch/reference/7.14/data-tiers.html ➔ Snapshot / Snapshot Lifecycle Management (SLM) for backups https://www.elastic.co/guide/en/elasticsearch/reference/7.14/snapshot-lifecycle-management.html
Treatment ➔ Proactively monitor disk usage (alerts) ➔ Snapshots ➔ Index Lifecycle Management deletes old data and manages replicas ➔ Data Tiers with Cold Tier or Frozen Tiers Discharge Diagnostic ➔ Delete indices ➔ Add data node/s ➔ Update index settings / allow write Reached flood stage disk watermark ➔ CAT APIs ➔ Allocation Explain ➔ Cluster and index settings Support diagnostics Triage ➔ Cluster health is red ➔ Stopped ingesting ➔ Search works SUMMARY Urgent Severity] Red cluster
Troubleshooting by Example Unbalanced CPU usage 35
TRIAGE High Severity] Unbalanced CPU Usage Vital signs ➔ Green cluster ➔ Monitoring alerts high CPU usage Symptoms ➔ Unbalance CPU usage between different nodes ➔ CPU pressure switches to different nodes over time ➔ Some ingest delays
TRIAGE High Severity] Unbalanced CPU usage What happened? ➔ Was there any benchmarking done before going into production? ➔ Any changes in data ingest volumes? Any attempts to fix it? ➔ Tried adding nodes, did not help Next steps ➔ Export monitoring data and share a support diagnostics https://github.com/elastic/support-diagnostics#extracting-time-series-diagnostics-from-monitoring https://github.com/elastic/support-diagnostics
DIAGNOSTIC High Severity] Unbalanced CPU Usage Why high CPU usage? ➔ Monitoring https://www.elastic.co/guide/en/elasticsearch/reference/7.14/monitoring-production.html
DIAGNOSTIC High Severity] Unbalanced CPU Usage Why high CPU usage? ➔ REST API calls - Cat Shards and Get Index settings API https://www.elastic.co/guide/en/elasticsearch/reference/7.14/cat-shards.html https://www.elastic.co/guide/en/elasticsearch/reference/7.14/indices-get-settings.html
DIAGNOSTIC High Severity] Unbalanced CPU Usage Why high CPU usage? ➔ Hot threads API to confirm CPU usage is on write https://www.elastic.co/guide/en/elasticsearch/reference/7.14/cluster-nodes-hot-threads.html
TREATMENT High Severity] Unbalanced CPU Usage Fixing the root cause ➔ Increase primary shards In the example: 3 nodes → 3 primary shards for hot index logs-201998 ➔ How? Change index template and rollover index if using ILM https://www.elastic.co/guide/en/elasticsearch/reference/7.14/index-templates.html https://www.elastic.co/guide/en/elasticsearch/reference/current/getting-started-index-lifecycle- management.html https://www.elastic.co/guide/en/elasticsearch/reference/7.14/indices-rollover-index.html
TREATMENT High Severity] Unbalanced CPU Usage Fixing the root cause
TREATMENT High Severity] Unbalanced CPU usage Bonus track ➔ Use with caution index.routing.allocation.total_shards_per_node https://www.elastic.co/guide/en/elasticsearch/reference/7.14/allocation-total-shards.html
DISCHARGE High Severity] Unbalanced CPU Usage Takeaways ➔ Proactively monitor CPU usage on each node / Alerts https://www.elastic.co/guide/en/elasticsearch/reference/7.14/monitoring-production.html ➔ Benchmark with tools like ES Rally https://esrally.readthedocs.io/en/stable/ https://benchmarks.elastic.co/index.html https://esrally.readthedocs.io/en/stable/adding_tracks.html
Treatment ➔ Proactively monitor cpu usage (alerts) ➔ Benchmark (ES rally) before going into production or if there is any changes in the data volumes Discharge Diagnostic ➔ Create index settings ➔ Index templates to add additional primary shards Ingest is hot on an index with 1 primary shard ➔ Monitoring ➔ CAT shards API ➔ Index settings Triage ➔ Cluster health is green ➔ Unbalanced high CPU usage switching nodes over time SUMMARY High Severity] Unbalanced CPU Usage
➔ How critical is it? ➔ Do we need urgent care or is there a workaround to stabilize? Have your tools ready ➔ REST APIs / Support diagnostics ➔ Monitoring & Alerts ➔ Log Analysis: Use Kibana! ➔ Search Elastic discuss, Stackoverflow, Elastic GitHub repos, etc. Lessons learned ➔ Follow best practices ➔ Prevent future incidents - proactively investigate unexpected logs, etc. Wrapping up Triage incidents
47 Thank You

More Related Content

PDF
Deploying Elasticsearch and Kibana on Kubernetes with the Elastic Operator / ECK
Imma Valls Bernaus
 
PDF
OSA Con 2022 - Arrow in Flight_ New Developments in Data Connectivity - David...
Altinity Ltd
 
PDF
Can Apache Kafka Replace a Database?
Kai Wähner
 
PDF
Cassandra Introduction & Features
DataStax Academy
 
PDF
Introducción al Stack Elastic y Machine Learning con Elasticsearch
Imma Valls Bernaus
 
PDF
Introduction to Kafka Streams
Guozhang Wang
 
PDF
Zeus: Locality-aware Distributed Transactions [Eurosys '21 presentation]
Antonios Katsarakis
 
PPTX
Cassandra concepts, patterns and anti-patterns
Dave Gardner
 
Deploying Elasticsearch and Kibana on Kubernetes with the Elastic Operator / ECK
Imma Valls Bernaus
 
OSA Con 2022 - Arrow in Flight_ New Developments in Data Connectivity - David...
Altinity Ltd
 
Can Apache Kafka Replace a Database?
Kai Wähner
 
Cassandra Introduction & Features
DataStax Academy
 
Introducción al Stack Elastic y Machine Learning con Elasticsearch
Imma Valls Bernaus
 
Introduction to Kafka Streams
Guozhang Wang
 
Zeus: Locality-aware Distributed Transactions [Eurosys '21 presentation]
Antonios Katsarakis
 
Cassandra concepts, patterns and anti-patterns
Dave Gardner
 

What's hot (20)

PPTX
PostgreSQL Database Slides
metsarin
 
PDF
Cassandra NoSQL Tutorial
Michelle Darling
 
PPTX
Appache Cassandra
nehabsairam
 
PDF
Galera Cluster for MySQL vs MySQL (NDB) Cluster: A High Level Comparison
Severalnines
 
PDF
Architecture for building scalable and highly available Postgres Cluster
Ashnikbiz
 
PDF
Apache kafka 모니터링을 위한 Metrics 이해 및 최적화 방안
SANG WON PARK
 
PDF
jQuery Tutorial For Beginners | Developing User Interface (UI) Using jQuery |...
Edureka!
 
PDF
Percona xtrabackup - MySQL Meetup @ Mumbai
Nilnandan Joshi
 
ODP
Monitoring With Prometheus
Knoldus Inc.
 
PDF
Large Scale Lakehouse Implementation Using Structured Streaming
Databricks
 
PPTX
Hadoop & Greenplum: Why Do Such a Thing?
Ed Kohlwey
 
PDF
Advanced Streaming Analytics with Apache Flink and Apache Kafka, Stephan Ewen
confluent
 
PPTX
Introduction to ansible
Omid Vahdaty
 
PPTX
Prometheus and Grafana
Lhouceine OUHAMZA
 
PDF
Logs/Metrics Gathering With OpenShift EFK Stack
Josef Karásek
 
PDF
Getting Microservices and Legacy to Play Nicely Together with Event-Driven Ar...
VMware Tanzu
 
PDF
Cassandra 101
Nader Ganayem
 
PPTX
Advanced Flink Training - Design patterns for streaming applications
Aljoscha Krettek
 
PDF
Kubernetes in action
Bingu Shim
 
PDF
Confluent Workshop Series: ksqlDB로 스트리밍 앱 빌드
confluent
 
PostgreSQL Database Slides
metsarin
 
Cassandra NoSQL Tutorial
Michelle Darling
 
Appache Cassandra
nehabsairam
 
Galera Cluster for MySQL vs MySQL (NDB) Cluster: A High Level Comparison
Severalnines
 
Architecture for building scalable and highly available Postgres Cluster
Ashnikbiz
 
Apache kafka 모니터링을 위한 Metrics 이해 및 최적화 방안
SANG WON PARK
 
jQuery Tutorial For Beginners | Developing User Interface (UI) Using jQuery |...
Edureka!
 
Percona xtrabackup - MySQL Meetup @ Mumbai
Nilnandan Joshi
 
Monitoring With Prometheus
Knoldus Inc.
 
Large Scale Lakehouse Implementation Using Structured Streaming
Databricks
 
Hadoop & Greenplum: Why Do Such a Thing?
Ed Kohlwey
 
Advanced Streaming Analytics with Apache Flink and Apache Kafka, Stephan Ewen
confluent
 
Introduction to ansible
Omid Vahdaty
 
Prometheus and Grafana
Lhouceine OUHAMZA
 
Logs/Metrics Gathering With OpenShift EFK Stack
Josef Karásek
 
Getting Microservices and Legacy to Play Nicely Together with Event-Driven Ar...
VMware Tanzu
 
Cassandra 101
Nader Ganayem
 
Advanced Flink Training - Design patterns for streaming applications
Aljoscha Krettek
 
Kubernetes in action
Bingu Shim
 
Confluent Workshop Series: ksqlDB로 스트리밍 앱 빌드
confluent
 
Ad

Similar to Troubleshooting your Elasticsearch cluster like an Elastic Support Engineer (20)

PDF
Troubleshooting your elasticsearch cluster like a support engineer
Imma Valls Bernaus
 
PDF
Troubleshooting your Elasticsearch cluster like a support engineer
Imma Valls Bernaus
 
PDF
Client-Side Performance Testing
Anand Bagmar
 
PDF
Client-side Performance Testing
Thoughtworks
 
PPT
NCache 3.8 SP3
wesnoor
 
DOCX
High performance coding practices code project
Pruthvi B Patil
 
ODP
Caching and tuning fun for high scalability @ FOSDEM 2012
Wim Godden
 
PPT
Four Ways to Improve ASP .NET Performance and Scalability
Alachisoft
 
PDF
Ten Battle-Tested Tips for Atlassian Connect Add-ons
Atlassian
 
PPT
11g R2
afa reg
 
PDF
Addressing Issues of Risk & Governance in OpenStack without sacrificing Agili...
OpenStack
 
PPT
16aug06.ppt
zagreb2
 
ODP
Caching and tuning fun for high scalability @ PHPTour
Wim Godden
 
PPTX
Ssis Best Practices Israel Bi U Ser Group Itay Braun
sqlserver.co.il
 
KEY
Enterprise Hosting
Avarteq
 
PPTX
Dot Net Application Monitoring
Ravi Okade
 
PDF
Scaling machine learning to millions of users with Apache Beam
Tatiana Al-Chueyr
 
PPTX
Analysis Services Best Practices From Large Deployments
rsnarayanan
 
PPTX
Logs: Can’t Hate Them, Won’t Love Them: Brief Log Management Class by Anton C...
Anton Chuvakin
 
PPT
Jboss World 2011 Infinispan
cbo_
 
Troubleshooting your elasticsearch cluster like a support engineer
Imma Valls Bernaus
 
Troubleshooting your Elasticsearch cluster like a support engineer
Imma Valls Bernaus
 
Client-Side Performance Testing
Anand Bagmar
 
Client-side Performance Testing
Thoughtworks
 
NCache 3.8 SP3
wesnoor
 
High performance coding practices code project
Pruthvi B Patil
 
Caching and tuning fun for high scalability @ FOSDEM 2012
Wim Godden
 
Four Ways to Improve ASP .NET Performance and Scalability
Alachisoft
 
Ten Battle-Tested Tips for Atlassian Connect Add-ons
Atlassian
 
11g R2
afa reg
 
Addressing Issues of Risk & Governance in OpenStack without sacrificing Agili...
OpenStack
 
16aug06.ppt
zagreb2
 
Caching and tuning fun for high scalability @ PHPTour
Wim Godden
 
Ssis Best Practices Israel Bi U Ser Group Itay Braun
sqlserver.co.il
 
Enterprise Hosting
Avarteq
 
Dot Net Application Monitoring
Ravi Okade
 
Scaling machine learning to millions of users with Apache Beam
Tatiana Al-Chueyr
 
Analysis Services Best Practices From Large Deployments
rsnarayanan
 
Logs: Can’t Hate Them, Won’t Love Them: Brief Log Management Class by Anton C...
Anton Chuvakin
 
Jboss World 2011 Infinispan
cbo_
 
Ad

More from Imma Valls Bernaus (20)

PDF
Beyond Binaries: Understanding Diversity and Allyship in a Global Workplace -...
Imma Valls Bernaus
 
PDF
Understanding the Need for Systemic Change in Open Source Through Intersectio...
Imma Valls Bernaus
 
PDF
capitulando la keynote de GrafanaCON 2025 - Madrid
Imma Valls Bernaus
 
PDF
Beyond Binaries: Understanding Diversity and Allyship in a Global Workplace -...
Imma Valls Bernaus
 
PDF
OpenTelemetry 101 Cloud Native Barcelona
Imma Valls Bernaus
 
PDF
Observa tus flotas de Kubernetes como un/a especialista con Grafana
Imma Valls Bernaus
 
PDF
Recapitulando la keynote de GrafanaCON 2025 - Barcelona
Imma Valls Bernaus
 
PDF
Recapitulando la keynote de GrafanaCON 2025 - Barcelona
Imma Valls Bernaus
 
PDF
Temas principales de GrafanaCON 2025 Grafana 12 y más
Imma Valls Bernaus
 
PDF
Choose Your Own Adventure to Get Started with Grafana Loki
Imma Valls Bernaus
 
PDF
Logs, Metrics, traces and Mayhem - An Interactive Observability Adventure Wor...
Imma Valls Bernaus
 
PDF
🌱 Green Grafana 🌱 Essentials_ Data, Visualizations and Plugins.pdf
Imma Valls Bernaus
 
PDF
Métricas, Logs, Trazas y Caos_ Una Aventura Interactiva de Observabilidad co...
Imma Valls Bernaus
 
PDF
The Missing Voices: Unearthing the Impact of Survivorship Bias on Women in Te...
Imma Valls Bernaus
 
PDF
The Missing Voices: Unearthing the Impact of Survivorship Bias on Women in Cl...
Imma Valls Bernaus
 
PDF
Métricas, Logs, Trazas y Caos - Una Aventura Interactiva de Observabilidad c...
Imma Valls Bernaus
 
PDF
Unearthing the impact of survivorship bias on women in FOSS to build more inc...
Imma Valls Bernaus
 
PDF
Rebuilding Your Cloud Native Community Lessons learned from Stardew Valley
Imma Valls Bernaus
 
PDF
Metrics Cost Management with Adaptive Metrics.pdf
Imma Valls Bernaus
 
PDF
Te damos la bienvenida a una nueva forma de realizar búsquedas
Imma Valls Bernaus
 
Beyond Binaries: Understanding Diversity and Allyship in a Global Workplace -...
Imma Valls Bernaus
 
Understanding the Need for Systemic Change in Open Source Through Intersectio...
Imma Valls Bernaus
 
capitulando la keynote de GrafanaCON 2025 - Madrid
Imma Valls Bernaus
 
Beyond Binaries: Understanding Diversity and Allyship in a Global Workplace -...
Imma Valls Bernaus
 
OpenTelemetry 101 Cloud Native Barcelona
Imma Valls Bernaus
 
Observa tus flotas de Kubernetes como un/a especialista con Grafana
Imma Valls Bernaus
 
Recapitulando la keynote de GrafanaCON 2025 - Barcelona
Imma Valls Bernaus
 
Recapitulando la keynote de GrafanaCON 2025 - Barcelona
Imma Valls Bernaus
 
Temas principales de GrafanaCON 2025 Grafana 12 y más
Imma Valls Bernaus
 
Choose Your Own Adventure to Get Started with Grafana Loki
Imma Valls Bernaus
 
Logs, Metrics, traces and Mayhem - An Interactive Observability Adventure Wor...
Imma Valls Bernaus
 
🌱 Green Grafana 🌱 Essentials_ Data, Visualizations and Plugins.pdf
Imma Valls Bernaus
 
Métricas, Logs, Trazas y Caos_ Una Aventura Interactiva de Observabilidad co...
Imma Valls Bernaus
 
The Missing Voices: Unearthing the Impact of Survivorship Bias on Women in Te...
Imma Valls Bernaus
 
The Missing Voices: Unearthing the Impact of Survivorship Bias on Women in Cl...
Imma Valls Bernaus
 
Métricas, Logs, Trazas y Caos - Una Aventura Interactiva de Observabilidad c...
Imma Valls Bernaus
 
Unearthing the impact of survivorship bias on women in FOSS to build more inc...
Imma Valls Bernaus
 
Rebuilding Your Cloud Native Community Lessons learned from Stardew Valley
Imma Valls Bernaus
 
Metrics Cost Management with Adaptive Metrics.pdf
Imma Valls Bernaus
 
Te damos la bienvenida a una nueva forma de realizar búsquedas
Imma Valls Bernaus
 

Recently uploaded (20)

PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PPTX
Spectroscopy.pptx food analysis technology
nawahassan45
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
Teaching material agriculture food technology
LiaRayya
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Spectroscopy.pptx food analysis technology
nawahassan45
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 

Troubleshooting your Elasticsearch cluster like an Elastic Support Engineer

  • 1. Troubleshooting your Elasticsearch cluster like a Support Engineer Imma Valls Support Engineer, Elastic @eyeveebee http://eyeveebee.net
  • 4. How can we approach troubleshooting?
  • 9. 9
  • 11. 11
  • 13. 13
  • 15. 15
  • 17. 17
  • 20. TRIAGE Urgent Severity] Red cluster Vital signs ➔ Cluster in red health ➔ No ingest into any indices Symptoms ➔ Beats fail to ingest ➔ Cluster is responsive, search and REST API still work
  • 21. TRIAGE Urgent Severity] Red cluster What happened? ➔ Out of the blue, no changes Any attempts to fix it? ➔ No Next steps ➔ Share a support diagnostics that will provide REST API calls https://www.elastic.co/blog/why-does-elastic-support-keep-asking-for-diagnostic-files https://github.com/elastic/support-diagnostics/blob/main/src/main/resources/elastic-rest.yml https://github.com/elastic/support-diagnostics > ./diagnostics.sh --host https://localhost -u elastic -p --port 9200 --ssl --type api --noVerify
  • 22. DIAGNOSTIC Urgent Severity] Red cluster Why is the cluster red? ➔ REST API calls - CAT Indices API https://www.elastic.co/guide/en/elasticsearch/reference/7.14/rest-apis.html https://www.elastic.co/guide/en/elasticsearch/reference/7.14/cat-indices.html
  • 23. DIAGNOSTIC Urgent Severity] Red cluster Why is an index red? ➔ Check shards that are not started: INITIALIZING or UNASSIGNED https://www.elastic.co/guide/en/elasticsearch/reference/7.14/cat-shards.html
  • 24. DIAGNOSTIC Urgent Severity] Red cluster Why is a shard UNASSIGNED? ➔ Cluster allocation explain API https://www.elastic.co/guide/en/elasticsearch/reference/7.14/cluster-allocation-explain.html
  • 25. DIAGNOSTIC Urgent Severity] Red cluster Why is a shard UNASSIGNED?
  • 26. DIAGNOSTIC Urgent Severity] Red cluster Have we used all the cluster storage? ➔ Use CAT Allocation API https://www.elastic.co/guide/en/elasticsearch/reference/7.14/cat-allocation.html
  • 27. DIAGNOSTIC Urgent Severity] Red cluster Interpret data ➔ Cluster reached its flood stage disk watermark https://www.elastic.co/guide/en/elasticsearch/reference/7.14/modules-cluster.html#disk-based-shard-allocation
  • 28. DIAGNOSTIC Urgent Severity] Red cluster Interpret data ➔ Existing indices are blocked for write https://www.elastic.co/guide/en/elasticsearch/reference/7.14/cluster-get-settings.html
  • 29. TREATMENT Urgent Severity] Red cluster Fixing the root cause ➔ Delete indices to increase available storage https://www.elastic.co/guide/en/elasticsearch/reference/7.14/indices-delete-index.html Do we have snapshots? We can restore later. https://www.elastic.co/guide/en/elasticsearch/reference/7.14/snapshot-restore.html ➔ Add nodes or increase storage capacity (easier on cloud)
  • 30. TREATMENT Urgent Severity] Red cluster Temporary Hotfix ➔ Alter the cluster settings to temporarily allow a higher disk usage https://www.elastic.co/guide/en/elasticsearch/reference/7.14/cluster-update-settings.html
  • 31. TREATMENT Urgent Severity] Red cluster Remove write block on the indices ➔ Once we have enough disk, remove the index block if needed https://www.elastic.co/guide/en/elasticsearch/reference/7.14/indices-update-settings.html
  • 32. TREATMENT Urgent Severity] Red cluster Bonus track ➔ If corrupted shards, and no snapshots, we can force allocation accepting potential data loss https://www.elastic.co/guide/en/elasticsearch/reference/7.14/cluster-reroute.html#cluster-reroute-api-request-body
  • 33. DISCHARGE Urgent Severity] Red cluster Takeaways ➔ Proactively monitor disk usage on each node / Alerts Aim to 75% used storage to be on the safe side (< 85%) ➔ Plan for data retention / deletion with ILM or Data Tiers Index Lifecycle Management (ILM) can help automate https://www.elastic.co/guide/en/elasticsearch/reference/7.14/index-lifecycle-management.html https://www.elastic.co/guide/en/elasticsearch/reference/7.14/data-tiers.html ➔ Snapshot / Snapshot Lifecycle Management (SLM) for backups https://www.elastic.co/guide/en/elasticsearch/reference/7.14/snapshot-lifecycle-management.html
  • 34. Treatment ➔ Proactively monitor disk usage (alerts) ➔ Snapshots ➔ Index Lifecycle Management deletes old data and manages replicas ➔ Data Tiers with Cold Tier or Frozen Tiers Discharge Diagnostic ➔ Delete indices ➔ Add data node/s ➔ Update index settings / allow write Reached flood stage disk watermark ➔ CAT APIs ➔ Allocation Explain ➔ Cluster and index settings Support diagnostics Triage ➔ Cluster health is red ➔ Stopped ingesting ➔ Search works SUMMARY Urgent Severity] Red cluster
  • 36. TRIAGE High Severity] Unbalanced CPU Usage Vital signs ➔ Green cluster ➔ Monitoring alerts high CPU usage Symptoms ➔ Unbalance CPU usage between different nodes ➔ CPU pressure switches to different nodes over time ➔ Some ingest delays
  • 37. TRIAGE High Severity] Unbalanced CPU usage What happened? ➔ Was there any benchmarking done before going into production? ➔ Any changes in data ingest volumes? Any attempts to fix it? ➔ Tried adding nodes, did not help Next steps ➔ Export monitoring data and share a support diagnostics https://github.com/elastic/support-diagnostics#extracting-time-series-diagnostics-from-monitoring https://github.com/elastic/support-diagnostics
  • 38. DIAGNOSTIC High Severity] Unbalanced CPU Usage Why high CPU usage? ➔ Monitoring https://www.elastic.co/guide/en/elasticsearch/reference/7.14/monitoring-production.html
  • 39. DIAGNOSTIC High Severity] Unbalanced CPU Usage Why high CPU usage? ➔ REST API calls - Cat Shards and Get Index settings API https://www.elastic.co/guide/en/elasticsearch/reference/7.14/cat-shards.html https://www.elastic.co/guide/en/elasticsearch/reference/7.14/indices-get-settings.html
  • 40. DIAGNOSTIC High Severity] Unbalanced CPU Usage Why high CPU usage? ➔ Hot threads API to confirm CPU usage is on write https://www.elastic.co/guide/en/elasticsearch/reference/7.14/cluster-nodes-hot-threads.html
  • 41. TREATMENT High Severity] Unbalanced CPU Usage Fixing the root cause ➔ Increase primary shards In the example: 3 nodes → 3 primary shards for hot index logs-201998 ➔ How? Change index template and rollover index if using ILM https://www.elastic.co/guide/en/elasticsearch/reference/7.14/index-templates.html https://www.elastic.co/guide/en/elasticsearch/reference/current/getting-started-index-lifecycle- management.html https://www.elastic.co/guide/en/elasticsearch/reference/7.14/indices-rollover-index.html
  • 42. TREATMENT High Severity] Unbalanced CPU Usage Fixing the root cause
  • 43. TREATMENT High Severity] Unbalanced CPU usage Bonus track ➔ Use with caution index.routing.allocation.total_shards_per_node https://www.elastic.co/guide/en/elasticsearch/reference/7.14/allocation-total-shards.html
  • 44. DISCHARGE High Severity] Unbalanced CPU Usage Takeaways ➔ Proactively monitor CPU usage on each node / Alerts https://www.elastic.co/guide/en/elasticsearch/reference/7.14/monitoring-production.html ➔ Benchmark with tools like ES Rally https://esrally.readthedocs.io/en/stable/ https://benchmarks.elastic.co/index.html https://esrally.readthedocs.io/en/stable/adding_tracks.html
  • 45. Treatment ➔ Proactively monitor cpu usage (alerts) ➔ Benchmark (ES rally) before going into production or if there is any changes in the data volumes Discharge Diagnostic ➔ Create index settings ➔ Index templates to add additional primary shards Ingest is hot on an index with 1 primary shard ➔ Monitoring ➔ CAT shards API ➔ Index settings Triage ➔ Cluster health is green ➔ Unbalanced high CPU usage switching nodes over time SUMMARY High Severity] Unbalanced CPU Usage
  • 46. ➔ How critical is it? ➔ Do we need urgent care or is there a workaround to stabilize? Have your tools ready ➔ REST APIs / Support diagnostics ➔ Monitoring & Alerts ➔ Log Analysis: Use Kibana! ➔ Search Elastic discuss, Stackoverflow, Elastic GitHub repos, etc. Lessons learned ➔ Follow best practices ➔ Prevent future incidents - proactively investigate unexpected logs, etc. Wrapping up Triage incidents