logstash有正常收集到日志,但是无法吐到elasticseach,查看logstash日志发现:
[2023-11-22T03:56:19,860][WARN ][logstash.outputs.elasticsearch][kh-firewall-cp][bf353f94647fb94a6b686ad3d19a784cc838ba96236e1f58c0a6dd974fbe9d8c] Could not index event to Elasticsearch. status: 400,
Kibana Dev tool:
输入:PUT elastalert_status 提示3000个index数量满了,400报错无法写入
调整参数max_shards_per_node 默认1000,修改为900000
curl -XPUT http://10.2.22.118:34236/_cluster/settings \
-u elastic:T3dawU0W2gz3h4lvw3m2561W \
-H "Content-Type: application/json" \
-d '{"transient":{"cluster":{"max_shards_per_node":900000}}}'
