Some queries never complete
Posted: Thu Mar 12, 2020 7:39 am
Hi,
I'm not getting any results for certain queries for specific two week period. The page time out before any results are presented.
When I query the same period for events from the same period for my own username, I get results in minutes. For the user of interest: the query never completes. For successful queries of myself I see events only for a three day period, when I know there was activity for every day both weeks. I suspect there was some problem with the log servers during this period.
Occasionally when I sign in to log server, I find that each instance in the two instance cluster in Yellow health status and showing that its opposite is not running the elasticsearch or logstash services with half of the shards
There's about 750GB of data with 224GB available on disk.
Any assistance appreciated.
I'm not getting any results for certain queries for specific two week period. The page time out before any results are presented.
When I query the same period for events from the same period for my own username, I get results in minutes. For the user of interest: the query never completes. For successful queries of myself I see events only for a three day period, when I know there was activity for every day both weeks. I suspect there was some problem with the log servers during this period.
Occasionally when I sign in to log server, I find that each instance in the two instance cluster in Yellow health status and showing that its opposite is not running the elasticsearch or logstash services with half of the shards
There's about 750GB of data with 224GB available on disk.
Any assistance appreciated.