Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to use marija with elasticsearch 5.0.2 over ssh tunnel #42

Open
ckuethe opened this issue Nov 30, 2016 · 11 comments
Open

Unable to use marija with elasticsearch 5.0.2 over ssh tunnel #42

ckuethe opened this issue Nov 30, 2016 · 11 comments
Assignees
@nl5887
Labels
Backend bug

Comments

@ckuethe
Copy link

ckuethe commented Nov 30, 2016

I'm connecting to a remote Elasticsearch 5.0.2 instance over an SSH tunnel; the tunnel works because:

  • connecting to http://localhost:9200/ in a browser returns the proper version information
  • marija detects my indexes

Attempting to "use the refresh icon to refresh the list of available fields" or "add the fields [...] to use as nodes" gives an error

Error executing query: The connection was closed abnormally, e.g., without sending or receiving a Close control frame

In my terminal the following messages are visible:

$ ./marija 
Marija server started, listening on address 127.0.0.1:8080.
2016/11/30 13:46:47 Connection upgraded.
2016/11/30 13:46:53 Connection closed
2016/11/30 13:46:56 Connection upgraded.
2016/11/30 13:47:04 Connection closed
2016/11/30 13:47:07 Connection upgraded.

Any suggestions on what to do next?
@ckuethe
Copy link
Author

ckuethe commented Nov 30, 2016 

{
  "name" : "my-remote-server",
  "cluster_name" : "my-elk-stack",
  "cluster_uuid" : "KmBuokUjSnmsO7ZUYGygOA",
  "version" : {
    "number" : "5.0.2",
    "build_hash" : "f6b4951",
    "build_date" : "2016-11-24T10:07:18.101Z",
    "build_snapshot" : false,
    "lucene_version" : "6.2.1"
  },
  "tagline" : "You Know, for Search"
}

@Raz0rwire Raz0rwire added the bug label Dec 1, 2016
@nl5887
Copy link
Member

nl5887 commented Dec 1, 2016

@ckuethe did you use the latest commit? Or a release version?

@nl5887
Copy link
Member

nl5887 commented Dec 1, 2016

Just pushed a version that disables sniffing (this resolves the ip from the Elasticsearch nodes), causing probably your issue.

@ckuethe
Copy link
Author

ckuethe commented Dec 1, 2016

Thanks for looking into this. Unfortunately even with the latest commit I still see this behavior... I'll clear my browser storage and do some more testing in the morning.

@nl5887
Copy link
Member

nl5887 commented Dec 1, 2016

I haven't tested it yet with ES 5 over a tunnel, but it works with older versions. Will setup some things to see if we can reproduce. Keep us posted, we're eager to solve this issue.

@nl5887
Copy link
Member

nl5887 commented Dec 1, 2016

Something I noticed before, sometimes there are too many fields in the index (we'll look into this issue), could you remove all but the relevant indexes, and retry refreshing the fields?

@ckuethe
Copy link
Author

ckuethe commented Dec 1, 2016

There about 125 fields in each of the indices as I'm exploring syslog with a bunch of different hosts, log types, and fields courtesy of filebeat and logstash

@nl5887
Copy link
Member

nl5887 commented Dec 1, 2016

Could you export the mapping so we can try to reproduce the environment?

@ckuethe
Copy link
Author

ckuethe commented Dec 1, 2016

https://gist.github.com/ckuethe/a0c0ce3033c8250eb68e2362ffb30a85

@ckuethe
Copy link
Author

ckuethe commented Dec 1, 2016

Oops - 142 fields.

screenshot_2016-12-01_12-33-06

@nl5887
Copy link
Member

nl5887 commented Dec 1, 2016

thx, we'll look into this issue

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nl5887 nl5887

Labels
Backend bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@ckuethe @Thomas-Kuipers @nl5887 @Raz0rwire