dutchcoders
Unable to use marija with elasticsearch 5.0.2 over ssh tunnel
I'm connecting to a remote Elasticsearch 5.0.2 instance over an SSH tunnel; the tunnel works because:
- connecting to http://localhost:9200/ in a browser returns the proper version information
- marija detects my indexes
Attempting to "use the refresh icon to refresh the list of available fields" or "add the fields [...] to use as nodes" gives an error
Error executing query: The connection was closed abnormally, e.g., without sending or receiving a Close control frame
In my terminal the following messages are visible:
$ ./marija
Marija server started, listening on address 127.0.0.1:8080.
2016/11/30 13:46:47 Connection upgraded.
2016/11/30 13:46:53 Connection closed
2016/11/30 13:46:56 Connection upgraded.
2016/11/30 13:47:04 Connection closed
2016/11/30 13:47:07 Connection upgraded.
Any suggestions on what to do next?
{
"name" : "my-remote-server",
"cluster_name" : "my-elk-stack",
"cluster_uuid" : "KmBuokUjSnmsO7ZUYGygOA",
"version" : {
"number" : "5.0.2",
"build_hash" : "f6b4951",
"build_date" : "2016-11-24T10:07:18.101Z",
"build_snapshot" : false,
"lucene_version" : "6.2.1"
},
"tagline" : "You Know, for Search"
}
Just pushed a version that disables sniffing (this resolves the ip from the Elasticsearch nodes), causing probably your issue.
Thanks for looking into this. Unfortunately even with the latest commit I still see this behavior... I'll clear my browser storage and do some more testing in the morning.
I haven't tested it yet with ES 5 over a tunnel, but it works with older versions. Will setup some things to see if we can reproduce. Keep us posted, we're eager to solve this issue.
Something I noticed before, sometimes there are too many fields in the index (we'll look into this issue), could you remove all but the relevant indexes, and retry refreshing the fields?
There about 125 fields in each of the indices as I'm exploring syslog with a bunch of different hosts, log types, and fields courtesy of filebeat and logstash
