search

brunotm / elasticsplunk

A Search command to explore Elasticsearch data within Splunk.
MIT License
40 stars 25 forks source link

Scroll request has only succeeded on ### shards out of ### #27

Closed dancinfrandsen closed 4 years ago

dancinfrandsen commented 4 years ago

Queries that previously worked have stopped working and return this error:

External search command 'ess' returned error code 1. Script output = "error_message=ScanError at "D:\Splunk\etc\apps\elasticsplunk-master\bin\elasticsearch\helpers__init__.py", line 394 : Scroll request has only succeeded on 3492 shards out of 3544. "

Any queries at any time ranges return this same error. The queries run OK directly from the Elasticsearch 6.3.1 API:

curl -k -X GET "http://es-host/winlogbeat-*/_search?q=event_data.param1:*AP001175*&pretty"

Ten records are returned, the response begins with:

{ "took" : 33521, "timed_out" : false, "num_reduce_phases" : 7, "_shards" : { "total" : 3544, "successful" : 3492, "skipped" : 0, "failed" : 0 },

dancinfrandsen commented 4 years ago

Issue has cleared on its own