How To Solve Issues Related to Log – Malformed external ping request; missing cluster-name element within request; from ; content

Prevent Your Next ELK Incident

Try our free Check Up to test if your ES issues are caused from misconfigured settings

Fix Issue

Updated: Feb-20

In-Page Navigation (click to jump) :

Opster Offer’s World-Class Elasticsearch Expertise In One Powerful Product
Try Our Free ES Check-Up   Prevent Incident

Troubleshooting background

To troubleshoot Elasticsearch log “Malformed external ping request; missing cluster-name element within request; from ; content” it’s important to understand common problems related to Elasticsearch concepts: discovery, discovery-multicast, ping, Plugin. See detailed explanations below complete with common problems, examples and useful tips.

[wpseo_breadcrumb]

Discovery in Elasticsearch


What it is

The process known as discovery occurs when an Elasticsearch node starts, restarts or loses contact with the master node for any reason. In those cases, the node needs to contact other nodes in the cluster to find the existing master node for the cluster or initiate the election of a new master node. 

How It Works

Upon startup, each node looks for other nodes, firstly by contacting those ip addresses of eligible master nodes held in previous cluster state.  If they are not available, it will look for nodes based upon the seed host providers mechanisms available.

Seed host providers may be defined in 3 ways: list based, file based or plugin based.  All of these methods will provide a list of IP addresses or hostnames which the node should contact in order to obtain a list of master eligible nodes.  The node will contact all of these addresses in turn, until either an active master is found, or failing that, until sufficient nodes can be found to elect a new master node.

Examples

The simplest form is to define a list of seed host providers in elasticsearch.yml

discovery.seed_hosts:
   - 192.168.1.10:9300
   - 192.168.1.11 
   - seeds.mydomain.com

An alternative way is to refer to a file using the following setting:

discovery.seed_providers: file

The file MUST be placed in the following filepath: $ES_PATH_CONF/unicast_hosts.txt

10.10.10.5
10.10.10.6:9305
10.10.10.5:10005
# an IPv6 address
[2001:0db8:85a3:0000:0000:8a2e:0370:7334]:9301

Note that the use of a port is optional. If not used, then the default port range of 9300-9400 will be used.

If you use AWS or  GCS then you can install and use a PLUGIN to obtain a list of seed hosts from an API.  A plugin also exists for Azure but is deprecated since version 5.

AWS Plugin

A typical configuration could be as follows:

discovery.seed_providers: ec2
discovery.ec2.tag.role: master
discovery.ec2.tag.environment: dev
discovery.ec2.endpoint: ec2.us-east-1.amazonaws.com
cloud.node.auto_attributes: true
cluster.routing.allocation.awareness.attributes: aws_availability_zone

The above configuration would look for all nodes with a tag called “environment” set to “dev” and a tag called “role” set to “master”, in the AWS zone us-east-1. The last two lines set up cluster routing allocation awareness based upon aws availability zones. (Not necessary, but nice to have).

GCE Plugin

A typical configuration could be as follows:

discovery.seed_providers: gce
cloud.gce.project_id: <your-google-project-id>
cloud.gce.zone: <your-zone>
discovery.gce.tags: <my-tag-name>

The above configuration would look for all virtual machines inside your project, zone and with a tag set to the tag name you provide.

Notes and good things to know

Cluster formation depends on correct setup of the network.host settings in elasticsearch.yml.  Make sure that the nodes can reach each other across the network using the IP address / hostname you are using, and are not getting blocked due to firewall settings on the ports required.


To help troubleshoot related issues we have gathered selected Q&A from the community and issues from Github , please review the following for further information :

 

 


Log Context

Log ”malformed external ping request; missing ‘cluster_name’ element within request; from {}; content {}” classname is MulticastZenPing.java
We have extracted the following from Elasticsearch source code to get an in-depth context :

                 return;
            }

            final String requestClusterName = request.containsKey("cluster_name") ? request.get("cluster_name").toString() : request.containsKey("clusterName") ? request.get("clusterName").toString() : null;
            if (requestClusterName == null) {
                logger.warn("malformed external ping request; missing 'cluster_name' element within request; from {}; content {}"; remoteAddress; externalPingData);
                return;
            }

            if (!requestClusterName.equals(clusterName.value())) {
                logger.trace("got request for cluster_name {}; but our cluster_name is {}; from {}; content {}";






About Opster

Opster identifies and predicts root causes of Elasticsearch problems, provides recommendations and can automatically perform various actions to prevent issues, optimize performance and save resources.

Learn more: Glossary | Blog| Troubleshooting guides | Error Repository

Need help with any Elasticsearch issue ? Contact Opster