Graylog-metrics plugin with elasticsearch

jtkarvo · January 26, 2018, 7:24am

hi,

I try to monitor a multi node graylog cluster with graylog metrics plugin’s elasticsearch version. Looking at kibana, it seems that the server name is not present, so I configured each server to send to a different index.

I get following errors in the ES side:

    [2018-01-26T09:09:23,170][DEBUG][o.e.a.b.TransportShardBulkAction] [es-graylog-mon01v] [metrics-gs05-2018-01][2] failed to execute bulk item (index) BulkShardRequest [[metrics-gs05-2018-01][2]] containing [512] reques
ts
org.elasticsearch.index.mapper.MapperParsingException: failed to parse [value]
        at org.elasticsearch.index.mapper.FieldMapper.parse(FieldMapper.java:298) ~[elasticsearch-5.6.6.jar:5.6.6]
        at org.elasticsearch.index.mapper.DocumentParser.parseObjectOrField(DocumentParser.java:468) ~[elasticsearch-5.6.6.jar:5.6.6]
        at org.elasticsearch.index.mapper.DocumentParser.parseValue(DocumentParser.java:591) ~[elasticsearch-5.6.6.jar:5.6.6]
        at org.elasticsearch.index.mapper.DocumentParser.innerParseObject(DocumentParser.java:396) ~[elasticsearch-5.6.6.jar:5.6.6]
        at org.elasticsearch.index.mapper.DocumentParser.parseObjectOrNested(DocumentParser.java:373) ~[elasticsearch-5.6.6.jar:5.6.6]
        at org.elasticsearch.index.mapper.DocumentParser.internalParseDocument(DocumentParser.java:93) ~[elasticsearch-5.6.6.jar:5.6.6]
        at org.elasticsearch.index.mapper.DocumentParser.parseDocument(DocumentParser.java:66) ~[elasticsearch-5.6.6.jar:5.6.6]
        at org.elasticsearch.index.mapper.DocumentMapper.parse(DocumentMapper.java:277) ~[elasticsearch-5.6.6.jar:5.6.6]
        at org.elasticsearch.index.shard.IndexShard.prepareIndex(IndexShard.java:530) ~[elasticsearch-5.6.6.jar:5.6.6]
        at org.elasticsearch.index.shard.IndexShard.prepareIndexOnPrimary(IndexShard.java:507) ~[elasticsearch-5.6.6.jar:5.6.6]
        at org.elasticsearch.action.bulk.TransportShardBulkAction.prepareIndexOperationOnPrimary(TransportShardBulkAction.java:458) ~[elasticsearch-5.6.6.jar:5.6.6]
        at org.elasticsearch.action.bulk.TransportShardBulkAction.executeIndexRequestOnPrimary(TransportShardBulkAction.java:466) ~[elasticsearch-5.6.6.jar:5.6.6]
        at org.elasticsearch.action.bulk.TransportShardBulkAction.executeBulkItemRequest(TransportShardBulkAction.java:146) [elasticsearch-5.6.6.jar:5.6.6]
        at org.elasticsearch.action.bulk.TransportShardBulkAction.shardOperationOnPrimary(TransportShardBulkAction.java:115) [elasticsearch-5.6.6.jar:5.6.6]
        at org.elasticsearch.action.bulk.TransportShardBulkAction.shardOperationOnPrimary(TransportShardBulkAction.java:70) [elasticsearch-5.6.6.jar:5.6.6]
        at org.elasticsearch.action.support.replication.TransportReplicationAction$PrimaryShardReference.perform(TransportReplicationAction.java:975) [elasticsearch-5.6.6.jar:5.6.6]
        at org.elasticsearch.action.support.replication.TransportReplicationAction$PrimaryShardReference.perform(TransportReplicationAction.java:944) [elasticsearch-5.6.6.jar:5.6.6]
        at org.elasticsearch.action.support.replication.ReplicationOperation.execute(ReplicationOperation.java:113) [elasticsearch-5.6.6.jar:5.6.6]
        at org.elasticsearch.action.support.replication.TransportReplicationAction$AsyncPrimaryAction.onResponse(TransportReplicationAction.java:345) [elasticsearch-5.6.6.jar:5.6.6]
        at org.elasticsearch.action.support.replication.TransportReplicationAction$AsyncPrimaryAction.onResponse(TransportReplicationAction.java:270) [elasticsearch-5.6.6.jar:5.6.6]
        at org.elasticsearch.action.support.replication.TransportReplicationAction$1.onResponse(TransportReplicationAction.java:924) [elasticsearch-5.6.6.jar:5.6.6]
        at org.elasticsearch.action.support.replication.TransportReplicationAction$1.onResponse(TransportReplicationAction.java:921) [elasticsearch-5.6.6.jar:5.6.6]
        at org.elasticsearch.index.shard.IndexShardOperationsLock.acquire(IndexShardOperationsLock.java:151) [elasticsearch-5.6.6.jar:5.6.6]
        at org.elasticsearch.index.shard.IndexShard.acquirePrimaryOperationLock(IndexShard.java:1659) [elasticsearch-5.6.6.jar:5.6.6]
        at org.elasticsearch.action.support.replication.TransportReplicationAction.acquirePrimaryShardReference(TransportReplicationAction.java:933) [elasticsearch-5.6.6.jar:5.6.6]
        at org.elasticsearch.action.support.replication.TransportReplicationAction.access$500(TransportReplicationAction.java:92) [elasticsearch-5.6.6.jar:5.6.6]
        at org.elasticsearch.action.support.replication.TransportReplicationAction$AsyncPrimaryAction.doRun(TransportReplicationAction.java:291) [elasticsearch-5.6.6.jar:5.6.6]
        at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:37) [elasticsearch-5.6.6.jar:5.6.6]
        at org.elasticsearch.action.support.replication.TransportReplicationAction$PrimaryOperationTransportHandler.messageReceived(TransportReplicationAction.java:266) [elasticsearch-5.6.6.jar:5.6.6]
        at org.elasticsearch.action.support.replication.TransportReplicationAction$PrimaryOperationTransportHandler.messageReceived(TransportReplicationAction.java:248) [elasticsearch-5.6.6.jar:5.6.6]
        at org.elasticsearch.transport.RequestHandlerRegistry.processMessageReceived(RequestHandlerRegistry.java:69) [elasticsearch-5.6.6.jar:5.6.6]
        at org.elasticsearch.transport.TransportService$7.doRun(TransportService.java:654) [elasticsearch-5.6.6.jar:5.6.6]
        at org.elasticsearch.common.util.concurrent.ThreadContext$ContextPreservingAbstractRunnable.doRun(ThreadContext.java:638) [elasticsearch-5.6.6.jar:5.6.6]
        at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:37) [elasticsearch-5.6.6.jar:5.6.6]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) [?:1.8.0_151]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) [?:1.8.0_151]
        at java.lang.Thread.run(Unknown Source) [?:1.8.0_151]
Caused by: java.lang.NumberFormatException: For input string: "2018-01-26T07:08:45.962+0000"
        at sun.misc.FloatingDecimal.readJavaFormatString(Unknown Source) ~[?:?]
        at sun.misc.FloatingDecimal.parseDouble(Unknown Source) ~[?:?]
        at java.lang.Double.parseDouble(Unknown Source) ~[?:1.8.0_151]
        at org.elasticsearch.common.xcontent.support.AbstractXContentParser.longValue(AbstractXContentParser.java:187) ~[elasticsearch-5.6.6.jar:5.6.6]
        at org.elasticsearch.index.mapper.NumberFieldMapper$NumberType$7.parse(NumberFieldMapper.java:737) ~[elasticsearch-5.6.6.jar:5.6.6]
        at org.elasticsearch.index.mapper.NumberFieldMapper$NumberType$7.parse(NumberFieldMapper.java:709) ~[elasticsearch-5.6.6.jar:5.6.6]
        at org.elasticsearch.index.mapper.NumberFieldMapper.parseCreateField(NumberFieldMapper.java:1072) ~[elasticsearch-5.6.6.jar:5.6.6]
        at org.elasticsearch.index.mapper.FieldMapper.parse(FieldMapper.java:287) ~[elasticsearch-5.6.6.jar:5.6.6]
        ... 36 more

ES version is 5.6.6. What kind of a custom field mapping is needed to make this work?

jochen · January 26, 2018, 11:05am

FWIW, this is the library (metrics reporter) which the Graylog Metrics Reporter for Elasticsearch is using:

system · February 9, 2018, 11:05am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Graylog and ElasticSearch Troubleshooting Graylog Central (peer support)	3	1122	January 21, 2019
Issues with Elasticsearch 7.10.1 Graylog Central (peer support)	8	2067	April 7, 2021
Graylog does not search! Graylog Central (peer support)	15	3499	July 4, 2019
Graylog metrics plugin feeding data via GELF to Graylog causing parsing errors Graylog Central (peer support)	3	505	July 31, 2020
Index Error - mapper_parse_Exception Graylog Central (peer support)	1	826	January 19, 2018

Graylog-metrics plugin with elasticsearch

Related topics