简体繁体 English

Kibana会在一段时间后停止显示数据。日志太大？

[英]Kibana stops showing data after a while. Logs too big?

原文 2016-08-25 19:09:05 8 1 elasticsearch/ kibana/ kibana-4

I'm running PALallax, which is a custom version of Kibana / ElasticSearch for Palo Alto firewalls. 我正在运行PALallax，这是针对Palo Alto防火墙的Kibana / ElasticSearch的自定义版本。 I have it installed on CentOS 7 with more than enough resources (4 processors, 16GB of RAM). 我将它安装在具有足够资源（4个处理器，16GB RAM）的CentOS 7上。 It works fine - however, almost every single day, half way through, Kibana will stop showing results and end up with the dreaded "no results found". 它运行良好-但是，几乎每天，半途而废，Kibana都将停止显示结果，并以可怕的“未找到结果”告终。 I know it works, though. 我知道它有效。 The log file continues to grow (which is big, by the way - about 11GB half way through the day). 日志文件继续增长（顺便说一句，它很大-一天当中大约有11GB）。 No matter what I do, I can't get any information to display until I delete the log and indices files on the server and reboot - then it starts working again. 无论我做什么，在删除服务器上的日志和索引文件并重新启动之前，都无法显示任何信息，然后它将再次开始工作。

I've looked through logs all around the system and can't figure out what is going on. 我浏览了整个系统的日志，无法知道发生了什么。 I'm not an Linux expert, so unfortunately I've run out of ideas and have nothing else to try. 我不是Linux专家，所以很遗憾，我已经没有足够的想法了，没有别的尝试。 I've spent countless days googling different things and haven't been able to isolate any specific problem in the logs. 我花了无数天的时间来搜索不同的内容，并且无法隔离日志中的任何特定问题。

Any suggestions on where to look? 有什么建议在哪里看？ Are my logs too big? 我的日志太大了吗？ I can see that I'm not running out of RAM while this is happening. 我可以看到发生这种情况时我的RAM并没有耗尽。 I always have it set for 'last hour' worth of data, set to auto-refresh every 5 minutes. 我总是将其设置为“最后一小时”的数据，设置为每5分钟自动刷新一次。