Get Started

Troubleshooting Elasticsearch Cluster Disconnection Issue

by the Hossted team
24.06.2024

Problem:

A client with an Elasticsearch cluster consisting of three nodes was experiencing a recurring issue where one of the nodes is disconnecting from the cluster automatically. This disruption was resulting in numerous unassigned shards, impacting the overall stability and performance of the Elasticsearch environment.

Process:

Data Collection for Further Analysis:

Request: Provide detailed system information, including CPU type and cores, available memory, disk type and size, as well as full Elasticsearch logs and configurations.

Additional Actions:

  • Run the dstat utility on all nodes to gather CPU, memory, and I/O usage data.
  • Collect Java process information using the ps aux | grep java command on each node.
  • Share historical charts depicting CPU, network, and memory usage over a 24-hour period for deeper analysis.

Solution:

After analyzing the provided logs and discussing the issue with the client, several potential causes and solutions were identified:

External Interference with Elasticsearch Data Files:

Error: “Underlying file changed by an external force…”

Description: This error suggests that something other than Elasticsearch is accessing Elasticsearch data (index) files, potentially causing disruption.

Solution: Ensure that no external processes or scripts are accessing Elasticsearch data files. This may include security scanners or custom scripts. Isolate Elasticsearch data to prevent unauthorized access.

Failed Scheduled Tasks Due to Resource Constraints:

Error: “Failed to run scheduled task…”

Description: This error occurs when Elasticsearch is unable to execute scheduled tasks due to resource limitations such as high CPU usage, insufficient memory, or thread pool saturation.

Solutions:

  • Dedicate servers exclusively to Elasticsearch to ensure optimal performance.
  • Optimize queries to reduce CPU usage.
  • Increase server memory allocation.
  • Adjust Elasticsearch thread pool settings.
  • Consider adding new nodes to distribute the workload and increase cluster capacity.
  • Monitor and tune garbage collection (GC) parameters, ensuring the use of the bundled JDK and G1 garbage collector.
  • Monitor system performance using tools such as dstat to identify potential bottlenecks and areas for improvement.

Continuous Monitoring:

Implement continuous monitoring of Elasticsearch cluster performance, including CPU, memory, and network usage.

Regularly review cluster health and address any emerging issues promptly to maintain system stability.

Conclusion:

By addressing potential sources of disruption, optimizing resource allocation, and collecting comprehensive system data for analysis, it is possible to diagnose and resolve the Elasticsearch cluster disconnection issue effectively. Continuous monitoring is essential to ensure the stability and performance of the Elasticsearch environment moving forward.

Related articles
OSSpediaCase Studies
Data Management and Analytics 16 Feb 2024 Search and Analytics with Elasticsearch: Unleashing the Power of Distributed Data Data Analytics ELA