Troubleshoot Verification with Elasticsearch

Updated 2 weeks ago by Michael Cretzman

The following are resolutions to common configuration problems.

Workflow Step Test Error

When you click TEST in the ELK workflow dialog Expression for Host Name popover, you should get provider information:

The following error message can occur when testing the New Relic verification step in your workflow:

ELK_CONFIGURATION_ERROR: Error while saving ELK configuration. No node with name ${hostName} found reporting to ELK

Cause

The expression in the Expression for Host/Container name field is incorrect. Typically, this occurs when the wrong hostName label is selected to create the expression in the Expression for Host/Container name field.

Solution

Following the steps in Verify with ELK again to select the correct expression. Ensure that the name label selected is under the host section of the JSON.

SocketTimeoutException

When you add an ELK verification provider and click SUBMIT, you might see the following error.

Cause

The Harness delegate does not have a valid connection to the ELK server.

Solution

On the same server or instance where the Harness delegate is running, run one of the following cURL commands to verify whether the delegate can connect to the ELK server.

If you do not have a username and password for the ELK server:

curl -i -X POST url/*/_search?size=1 -H 'Content-Type: application/json' -d '{"size":1,"query":{"match_all":{}},"sort":{"@timestamp":"desc"}}'

If you have username and password then use this command:

curl -i -X POST url/*/_search?size=1 -H 'Content-Type: application/json' -H 'Authorization: <Basic: Base64 encoded username:password>'-d '{"size":1,"query":{"match_all":{}},"sort":{"@timestamp":"desc"}}'

If you have token-based authentication, use this command:

curl -i -X POST url/*/_search?size=1 -H 'Content-Type: application/json' -H 'tokenKey: tokenValue'-d '{"size":1,"query":{"match_all":{}},"sort":{"@timestamp":"desc"}}'

If the cURL command cannot connect, it will fail.

If the cURL command can connect, it will return a HTTP 200, along with the JSON.

If the cURL command is successful, but you still see the SocketTimeoutException error in the ELK dialog, contact Harness Support (support@harness.io).

It is possible that the response from the ELK server is just taking very long.

Log Errors Due To Missing Fields

While trying to set up a simple query for ELK deployment verification, an error message occurs about a missing field and the workflow fails.

Cause

The fields specified in the query can be present only in a subset of the documents.

Solution

Make sure that the field exists in the document that is being examined in ELK and then filter the value of the field.

For example, if you want to fetch only documents where the message field contains the term exception and the ELK index contains documents that could either contain the message field or not contain it. In such a case, a query with conditions as implemented here is recommended.


{
"bool":{
"must":[
{
"exists":{
"field":"message"
}
},
{
"regexp":{
"message":{
"value":"exception"
}
}
}
]
}
}

Next Steps


How did we do?