37

I've ran into an annoying issue with my ElasticSearch (Version 1.5.2): Queries immediately return timeout (when I used python's Requests) or

curl: (52) Empty reply from server

when I used curl.

This only happened when the expected output was large. When I sent a similar (but smaller) query, it came back just fine.

what's going on here? and how can I overcome this?

FuzzyAmi
  • 7,543
  • 6
  • 45
  • 79

8 Answers8

49

just open file with

sudo nano  /etc/elasticsearch/elasticsearch.yml

and replace this setting with false
# Enable security features
xpack.security.enabled: false
MD Shahid Khan
  • 670
  • 4
  • 5
  • 1
    for running **Kibana** this setting need to be `true` – Azhar Uddin Sheikh Apr 06 '22 at 06:27
  • 1
    Thank you @Er. Shahid Khan .. Solved the problem for me @ ES 8.1 as well. Now Very well able to hit the cUrl queries through terminal to ES. – Aditya Goel Apr 16 '22 at 05:54
  • 3
    @AdityaGoel I'm using docker-compose for elasticsearch and Kibana for both I'm using version 8.1.2 which is the latest I guess and I'm getting "curl: (52) Empty reply from server" while hitting the URL. And elasticsearch.yml is not found when I tried the above command it is creating a new one any suggestion..? btw I'm using docker on WSL2. Also this is working fine with 7.9.2 version of Elasticseach and Kibana – bkvishal Apr 16 '22 at 11:54
  • 6
    Turning off Elasticsearch security solves the problem by creating a much bigger one. – Andrew May 09 '22 at 12:02
27

An other explanation can be making http request when ssl/security is activated on the cluster.

In this case use

curl -X GET "https://localhost:9200/_cluster/health?wait_for_status=yellow&timeout=50s&pretty" --key certificates/elasticsearch-ca.pem  -k -u elasticuser

As stated by @FanchenBao, one can read the doc about ELK with SSL.

Update 16/08/2023 - As stated by @Nokados, one can use this command, using the --cacert option, from the updated security documentation :

curl --cacert /etc/elasticsearch/certs/http_ca.crt -u elastic:yourpassword https://localhost:9200
NanoPish
  • 1,379
  • 1
  • 19
  • 35
  • 1
    One can also refer to [the doc](https://www.elastic.co/guide/en/elasticsearch/reference/current/getting-started.html#send-requests-to-elasticsearch) regarding how to use `curl` with certificate. – Fanchen Bao May 18 '22 at 21:09
  • 1
    Now according [the documentation](https://www.elastic.co/guide/en/elasticsearch/reference/current/configuring-stack-security.html) it is `sudo curl --cacert /etc/elasticsearch/certs/http_ca.crt -u elastic:yourpassword https://localhost:9200`. sudo is here because /etc/elasticsearch has restricted access. password is not necessary, it can be typed interactively. – Nokados Aug 10 '23 at 16:23
14

I meet with the same issue on Elasticsearh 8.1.3, which is the latest version. I fixed this issue by changing the following setting from true to false in the /config/elasticsearch.yml file:

# Enable security features
xpack.security.enabled: false

I installed elastic by downloading the tar file, and unzip it, then going to the folder of elasticsearch, and running the following command:

./bin/elasticsearch

The first time you run this command, it will change the elasticsearch.yml file with the following content, which means it's a default secruity setting auto generated:

#----------------------- BEGIN SECURITY AUTO CONFIGURATION -----------------------
#
# The following settings, TLS certificates, and keys have been automatically      
# generated to configure Elasticsearch security features on 01-05-2022 06:59:12
#
# --------------------------------------------------------------------------------

# Enable security features
xpack.security.enabled: true

xpack.security.enrollment.enabled: true

# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl:
  enabled: true
  keystore.path: certs/http.p12

# Enable encryption and mutual authentication between cluster nodes
xpack.security.transport.ssl:
  enabled: true
  verification_mode: certificate
  keystore.path: certs/transport.p12
  truststore.path: certs/transport.p12
# Create a new cluster with the current node only
# Additional nodes can still join the cluster later
cluster.initial_master_nodes: ["DaMings-MacBook-Pro.local"]

# Allow HTTP API connections from localhost and local networks
# Connections are encrypted and require user authentication
http.host: [_local_, _site_]

# Allow other nodes to join the cluster from localhost and local networks
# Connections are encrypted and mutually authenticated
#transport.host: [_local_, _site_]

#----------------------- END SECURITY AUTO CONFIGURATION -------------------------
David Liu
  • 181
  • 1
  • 2
7

When running in Docker you can disable the security by setting the environment variable xpack.security.enabled to false, e.g. in docker-compose.yml:

    environment:
      - xpack.security.enabled=false
      - discovery.type=single-node
isapir
  • 21,295
  • 13
  • 115
  • 116
4

This issue was caused by Elastic running out of memory: it simply can't hold all the documents in memory. Unfortunately there's no explicit error code for this case.

There are a bunch of options to work around this (besides adding more memory):

  1. You can tell Elastic to not attach the source, by specifying "_source: false". The results would then just list the relevant documents (and you would need to retrieve them).
  2. You could use "source filtering" to return just part of the documents, if you dont need the whole thing - that worked for me.
  3. You can also just split your query into a bunch of sub-queries. not pretty, but it would do the trick.
FuzzyAmi
  • 7,543
  • 6
  • 45
  • 79
  • The aforementioned error occurs on a freshly installed ES, totally empty. With -Xms1g, -Xmx1g in jvm.options. Looks like https://stackoverflow.com/a/63072914/10639803 is more suitable in my case. – datsb Dec 28 '20 at 12:46
2

In version 6.2, there are more strict checking.

for example:

curl -XPUT -H'Content-Type: application/json' 'http://localhost:9200/us/user/2?pretty=1' -d '{"email" : "mary@jones.com", "name" : "Mary Jones","username" : "@mary"}'
curl: (52) Empty reply from server

if you remove =1:

curl -XPUT -H'Content-Type: application/json' 'http://localhost:9200/us/user/2?pretty' -d '{"email" : "mary@jones.com", "name" : "Mary Jones","username" : "@mary"}'
{
  "_index" : "us",
  "_type" : "user",
  "_id" : "2",
  "_version" : 1,
  "result" : "created",
  "_shards" : {
    "total" : 2,
    "successful" : 1,
    "failed" : 0
  },
  "_seq_no" : 0,
  "_primary_term" : 1
}

it works!

Preston
  • 7,399
  • 8
  • 54
  • 84
Dan
  • 3,221
  • 7
  • 27
  • 24
0

In my case it was because the url scheme https:// was missing in the endpoint url.

Almenon
  • 1,191
  • 11
  • 22
0

It looks like your version causes the problem. If you follow the steps below to reinstall ES and Kibana with the correct version, your problem could be solved. Be careful with running these commands, you will lose your data!

cleanup-remove and reinstall Elasticsearch

$ sudo rm -rf /etc/elasticsearch
$ sudo rm -rf /var/lib/elasticsearch
$ sudo apt-get install elasticsearch=7.10.1 
$ sudo systemctl start elasticsearch

check it's running

$ curl http://localhost:9200/

cleanup-remove and reinstall Kibana

$ sudo apt-get remove --purge kibana
$ sudo rm -rf /etc/kibana
$ sudo rm -rf /var/lib/kibana
$ sudo apt-get install kibana=7.10.1
$ sudo systemctl start kibana
tolgakaragol
  • 532
  • 4
  • 13