How To Solve Issues Related to Log – id ; -source node

Get an Elasticsearch Check-Up


Check if your ES issues are caused from misconfigured settings
(Free 2 min process)

ES Check Up

Elasticsearch Error Guide In Page Navigation :

Troubleshooting Background – start here to get the full picture       
Related Issues – selected resources on related issues  
Log Context – usefull for experts
About Opster – offering a diffrent approach to troubleshoot Elasticsearch

Check My Elasticsearch 


Troubleshooting background

To troubleshoot Elasticsearch log ” id ; -source node” it’s important to know common problems related to Elasticsearch concepts: aggregations. See below-detailed explanations complete with common problems, examples and useful tips.

Source in Elasticsearch

What it is

When a document is sent to for indexing, Elasticsearch indexes all the fields in the format of inverted index but it also keeps the original json document in a special field called _source. 

Examples

Disabling source field in the index

PUT /api-logs?pretty
{
  "mappings": {
    "_source": {
      "enabled": false
    }
  }
}

Store only selected fields as a part of _source field

PUT api-logs
{
  "mappings": {
    "_source": {
      "includes": [
        "*.count",
        "error_info.*"
      ],
      "excludes": [
        "error_info.traceback_message"
      ]
    }
  }
}

Including only selected fields using source filtering

GET api-logs/_search
{
  "query": {
    "match_all": {}
  },
  "_source": {
       "includes": ["api_name","status_code", "*id"]
  }
}

Notes

The source field brings an overhead of extra storage space but serves special purposes such as:

  • Return as a part of the response when a search query is executed.
  • Used for reindexing purpose, update and update_by_query operations.
  • Used for highlighting, if the field is not stored, it means  the field is not set as “store to true” inside the mapping.
  • Allows selection of fields to be returned.

The only concern with source field is the extra storage usage on disk. But this storage space used by source field can be optimized by changing compression level to best_compression. This setting is done using index.codec parameter.


To help troubleshoot related issues we have gathered selected Q&A from the community and issues from Github , please review the following for further information :


 


 


Log Context

Log ” id ; -source node” classname is tophits-aggregation.asciidoc
We have extracted the following from Elasticsearch source code to get an in-depth context :

     logger.info("key [{}]; doc_count [{}]"; key; docCount);

    // We ask for top_hits for each bucket
    TopHits topHits = entry.getAggregations().get("top");
    for (SearchHit hit : topHits.getHits().getHits()) {
        logger.info(" -> id [{}]; _source [{}]"; hit.getId(); hit.getSourceAsString());
    }
}
--------------------------------------------------

This will basically produce for the first example:






About Opster

Incorporating deep knowledge and broad history of Elasticsearch issues. Opster’s solution identifies and predicts root causes of Elasticsearch problems, provides recommendations and can automatically perform various actions to manage, troubleshoot and prevent issues

We are constantly updating our analysis of Elasticsearch logs, errors, and exceptions. Sharing best practices and providing troubleshooting guides.

Learn more: Glossary | Blog| Troubleshooting guides | Error Repository

Need help with any Elasticsearch issue ? Contact Opster

Did this page help you?