Open bossi6of9 opened 6 years ago
bossi6of9
commented
6 years ago Update:
Started using the splunk time-picker and made some progress. Now, I get the following: External search command 'ess' returned error code 1. Script output = "error_message=ScanError at "/opt/splunk/etc/apps/elasticsplunk-master/bin/elasticsearch/helpers/init.py", line 394 : Scroll request has only succeeded on 4 shards out of 5. "
brunotm
commented
6 years ago Hi @bossi6of9, this last error indicates a problem with your elasticsearch search. Does the same search with the same time range in kibana produce different results? Which version of elasticsearch are you searching against?
bossi6of9
commented
6 years ago Sorry for not getting back earlier - this is all set. Issue on my side.
hexvolt
commented
5 years ago @bossi6of9 what was the issue?!
Hi,
I'm trying to query an elastic search instance, but I never get any results and the logs are showing an error. Am I doing something wrong?
Query:
|ess eaddr="http://1.2.3.4:9200" tsfield="@timestamp" index=netflow-2018.05.01 earliest="now-2h" query="host:1.2.3.4" fields=host
Error: 5-02-2018 12:40:47.197 ERROR ScriptRunner - stderr from '/opt/splunk/bin/python /opt/splunk/etc/apps/elasticsplunk-master/bin/elasticsplunk.py EXECUTE eaddr="http://1.2.3.4:9200" tsfield="@timestamp" index=netflow-2018.05.01 earliest="now-2h" query="host:1.2.3.4" fields=host': 2018-05-02 12:40:47,197, Level=DEBUG, Pid=3948, Logger=splunklib, File=search_command.py, Line=624, ElasticSplunk.process finished under protocol_version=1 05-02-2018 12:40:47.238 INFO script - Invoked script ess with 399 input bytes (0 events). Returned 0 output bytes in 403 ms.