Unable to use marija with elasticsearch 5.0.2 over ssh tunnel

Question

Unable to use marija with elasticsearch 5.0.2 over ssh tunnel

ckuethe opened this issue 8 years ago · 11 comments

I'm connecting to a remote Elasticsearch 5.0.2 instance over an SSH tunnel; the tunnel works because:

connecting to http://localhost:9200/ in a browser returns the proper version information
marija detects my indexes

Attempting to "use the refresh icon to refresh the list of available fields" or "add the fields [...] to use as nodes" gives an error

Error executing query: The connection was closed abnormally, e.g., without sending or receiving a Close control frame

In my terminal the following messages are visible:

$ ./marija 
Marija server started, listening on address 127.0.0.1:8080.
2016/11/30 13:46:47 Connection upgraded.
2016/11/30 13:46:53 Connection closed
2016/11/30 13:46:56 Connection upgraded.
2016/11/30 13:47:04 Connection closed
2016/11/30 13:47:07 Connection upgraded.

Any suggestions on what to do next?

Answer 1 · 2016-11-30T22:00:55.000Z

{
  "name" : "my-remote-server",
  "cluster_name" : "my-elk-stack",
  "cluster_uuid" : "KmBuokUjSnmsO7ZUYGygOA",
  "version" : {
    "number" : "5.0.2",
    "build_hash" : "f6b4951",
    "build_date" : "2016-11-24T10:07:18.101Z",
    "build_snapshot" : false,
    "lucene_version" : "6.2.1"
  },
  "tagline" : "You Know, for Search"
}

Answer 2 · 2016-12-01T07:46:16.000Z

@ckuethe did you use the latest commit? Or a release version?

Answer 3 · 2016-12-01T07:56:31.000Z

Just pushed a version that disables sniffing (this resolves the ip from the Elasticsearch nodes), causing probably your issue.

Answer 4 · 2016-12-01T08:41:07.000Z

Thanks for looking into this. Unfortunately even with the latest commit I still see this behavior... I'll clear my browser storage and do some more testing in the morning.

Answer 5 · 2016-12-01T11:43:03.000Z

I haven't tested it yet with ES 5 over a tunnel, but it works with older versions. Will setup some things to see if we can reproduce. Keep us posted, we're eager to solve this issue.

Answer 6 · 2016-12-01T11:48:12.000Z

Something I noticed before, sometimes there are too many fields in the index (we'll look into this issue), could you remove all but the relevant indexes, and retry refreshing the fields?

Answer 7 · 2016-12-01T16:17:26.000Z

There about 125 fields in each of the indices as I'm exploring syslog with a bunch of different hosts, log types, and fields courtesy of filebeat and logstash

Answer 8 · 2016-12-01T19:18:34.000Z

Could you export the mapping so we can try to reproduce the environment?

Answer 9 · 2016-12-01T20:32:07.000Z

https://gist.github.com/ckuethe/a0c0ce3033c8250eb68e2362ffb30a85

Answer 10 · 2016-12-01T20:34:23.000Z

Oops - 142 fields.

Answer 11 · 2016-12-01T22:09:46.000Z

thx, we'll look into this issue