生产BUG集

磁盘达到阈值导致ES无法删除数据

复制代码
method [POST], host [http://xx.xxx.xxx.xxx:9200], URI [/security_event/_delete_by_query?slices=1&requests_per_second=-1&ignore_unavailable=false&expand_wildcards=open&allow_no_indices=true&ignore_throttled=true&refresh=true&conflicts=proceed&wait_for_completion=true&timeout=1m], status line [HTTP/1.1 403 Forbidden]\n{\"took\":19,\"timed_out\":false,\"total\":8,\"deleted\":0,\"batches\":1,\"version_conflicts\":0,\"noops\":0,\"retries\":{\"bulk\":0,\"search\":0},\"throttled_millis\":0,\"requests_per_second\":-1.0,\"throttled_until_millis\":0,\"failures\":[{\"index\":\"security_event\",\"type\":\"_doc\",\"id\":\"ecb098ef-2e3a-4c7a-a282-4484cabb362f\",\"cause\":{\"type\":\"cluster_block_exception\",\"reason\":\"index [security_event] blocked by: [FORBIDDEN/12/index read-only / allow delete (api)];\"},\"status\":403},{\"index\":\"security_event\",\"type\":\"_doc\",\"id\":\"30c1da71-25c5-4e1f-a58f-95f6f5abfc52\",\"cause\":{\"type\":\"cluster_block_exception\",\"reason\":\"index [security_event] blocked by: [FORBIDDEN/12/index read-only / allow delete (api)];\"},\"status\":403},{\"index\":\"security_event\",\"type\":\"_doc\",\"id\":\"687e14ba-0bc8-466a-83b1-294a3f9b2422\",\"cause\":{\"type\":\"cluster_block_exception\",\"reason\":\"index [security_event] blocked by: [FORBIDDEN/12/index read-only / allow delete (api)];\"},\"status\":403},{\"index\":\"security_event\",\"type\":\"_doc\",\"id\":\"e0f25c75-cce3-4c44-9691-d4c79ecb72e1\",\"cause\":{\"type\":\"cluster_block_exception\",\"reason\":\"index [security_event] blocked by: [FORBIDDEN/12/index read-only / allow delete (api)];\"},\"status\":403},{\"index\":\"security_event\",\"type\":\"_doc\",\"id\":\"dbfabe19-3318-420c-a7f0-eb74eab25d43\",\"cause\":{\"type\":\"cluster_block_exception\",\"reason\":\"index [security_event] blocked by: [FORBIDDEN/12/index read-only / allow delete (api)];\"},\"status\":403},{\"index\":\"security_event\",\"type\":\"_doc\",\"id\":\"222fcf5e-8b72-4bd8-b3c8-a8c615db2ae9\",\"cause\":{\"type\":\"cluster_block_exception\",\"reason\":\"index [security_event] blocked by: [FORBIDDEN/12/index read-only / allow delete (api)];\"},\"status\":403},{\"index\":\"security_event\",\"type\":\"_doc\",\"id\":\"690f57a2-1306-4749-8dfc-a1f0c5d926e5\",\"cause\":{\"type\":\"cluster_block_exception\",\"reason\":\"index [security_event] blocked by: [FORBIDDEN/12/index read-only / allow delete (api)];\"},\"status\":403},{\"index\":\"security_event\",\"type\":\"_doc\",\"id\":\"280ff8cc-f43a-40ee-9ae3-9af48960832b\",\"cause\":{\"type\":\"cluster_block_exception\",\"reason\":\"index [security_event] blocked by: [FORBIDDEN/12/index read-only / allow delete (api)];\"},\"status\":403}]}

排查思路。之前有一个清理数据的接口。用来清理大屏的历史数据。运维人员根据往常一样执行接口。但是报错了反馈到我这里。

一开始看到报错有很多403。联想到之前这个环境做了安全检测。关闭了很多端口。之前es没有认证以为被扫到了,询问运维人员得知es在内部网络并没有开放出去。于是重新审视问题报错。看到

复制代码
index [security_event] blocked by: [FORBIDDEN/12/index read-only / allow delete (api)]

索引是只读模式不允许删除,但是并没有人去主动操作es。深入查询后发现es会检测磁盘使用率达到85%(默认)会将索引模型调整。检查磁盘后确实使用率达到了95%

解决方案:

临时解除只读限制

curl -X PUT "localhost:9200/security_event/_settings" -H 'Content-Type: application/json' -d' { "index.blocks.read_only_allow_delete": null } '

永久配置磁盘水印

curl -X PUT "localhost:9200/_cluster/settings" -H 'Content-Type: application/json' -d' { "persistent": { "cluster.routing.allocation.disk.watermark.low": "85%", "cluster.routing.allocation.disk.watermark.high": "90%", "cluster.routing.allocation.disk.watermark.flood_stage": "95%" } } '

后续交给运维人员清理磁盘数据。

Kafka 多监听/网络隔离转发

老大难问题

相关推荐
极客先躯21 分钟前
高级java每日一道面试题-2026年03月30日-实战篇[Docker]-如何监控容器的网络流量?
java·运维·docker·容器·prometheus·高级面试
tachibana243 分钟前
hot100 翻转二叉树(226)
java·数据结构·算法·leetcode
brave_zhao1 小时前
nginx的进程架构
java·学习·nginx
兰令水1 小时前
leecodecode【面试150】【2026.7.9打卡-java版本】
java·数据结构·leetcode·面试·职场和发展
禾高网络1 小时前
互联网医院|AI 互联网医院成品开发系统
java·大数据·人工智能·小程序
环境栈笔记1 小时前
多账号浏览器选型检查清单:Profile、权限、Session 和任务日志怎么评估
前端·人工智能·后端·自动化
shepherd1111 小时前
一次把 Spring MVC 文件上传参数“查没了”的排查:multipart、Filter 与 request body 的连环坑
java·spring boot·后端
lbb 小魔仙1 小时前
MuMu 模拟器 6.0 硬核测评:这次升级确实不一样
java·开发语言·模拟器·mumu·硬核测评
前端炒粉1 小时前
手写promise
java·前端·javascript
LaughingZhu1 小时前
智能体经典范式构建:ReAct、Plan-and-Solve 与 Reflection
前端·react.js·前端框架