Skip to main content

Support

Support

# Collect system information
elasticsearch-support-diagnostics
# Generate support bundle
elasticsearch-support-bundle generate \
  --timeout 300s \
  --output /path/to/support/bundle.zip
# Verify support contract
elasticsearch-support verify --license

Diagnostic Information Collection

# Collect logs
tar czf elasticsearch-logs.tar.gz /var/log/elasticsearch/
# Gather configuration
tar czf elasticsearch-config.tar.gz /etc/elasticsearch/
# Export cluster settings
curl -X GET "localhost:9200/_cluster/settings?pretty" > cluster-settings.json
# Collect node stats
curl -X GET "localhost:9200/_nodes/stats?pretty" > node-stats.json
# Generate thread dumps
jstack -l $(pgrep -f elasticsearch) > thread-dump.txt

Log Analysis

# Search for errors
grep -r "ERROR" /var/log/elasticsearch/
# Analyze slow logs
cat /var/log/elasticsearch/*_index_search_slowlog.log
# Check deprecation logs
cat /var/log/elasticsearch/elasticsearch_deprecation.log
# Monitor GC logs
cat /var/log/elasticsearch/gc.log

Performance Analysis

# Check cluster health
curl -X GET "localhost:9200/_cluster/health?pretty"
# Analyze hot threads
curl -X GET "localhost:9200/_nodes/hot_threads?pretty"
# Review thread pool stats
curl -X GET "localhost:9200/_cat/thread_pool?v"
# Check pending tasks
curl -X GET "localhost:9200/_cluster/pending_tasks?pretty"
## 13.5 Memory Analysis

# Check heap usage
curl -X GET "localhost:9200/_nodes/stats/jvm?pretty"
# Monitor field data
curl -X GET "localhost:9200/_stats/fielddata?fields=*&pretty"
# Analyze cache usage
curl -X GET "localhost:9200/_nodes/stats/indices/query_cache,request_cache?pretty"

Support Ticket Management


# support-ticket-template.yaml
ticket:
  priority: high|medium|low
  category: performance|cluster|index|security
  details:
    cluster_name: production-cluster
    elasticsearch_version: 8.12.0
    issue_description: "Detailed description"
    steps_to_reproduce: 
      - step 1
      - step 2
    impact: "Business impact description"
    attempted_solutions:
      - solution 1
      - solution 2
    attached_logs:
      - elasticsearch.log
      - slow_queries.log

Common Support Procedures

Index Recovery

1.# Check recovery status
2.curl -X GET "localhost:9200/_recovery?pretty"
# Control recovery speed
PUT _cluster/settings
{
  "persistent": {
    "indices.recovery.max_bytes_per_sec": "50mb",
    "indices.recovery.concurrent_streams": 2
  }
}

Cluster Recovery

# Reset cluster
POST /_cluster/reroute?retry_failed=true
# Rebuild indexes
POST /my-index/_refresh
POST /my-index/_forcemerge

Support Escalation Procedures

escalation_levels:
  level1:
    response_time: "4 hours"
    handled_by: "First-line support"
    actions:
      - Log analysis
      - Basic troubleshooting
      - Known issue verification
  level2:
    response_time: "2 hours"
    handled_by: "Technical support engineers"
    actions:
      - Detailed diagnosis
      - Performance analysis
      - Configuration review
  level3:
    response_time: "1 hour"
    handled_by: "Senior engineers"
    actions:
      - Complex issue resolution
      - Architecture review
      - Critical system recovery
  emergency:
    response_time: "15 minutes"
    handled_by: "Critical response team"
    actions:
      - Immediate intervention
      - Production restoration
      - Root cause analysis

Support Documentation

  • Cluster health reports

  • Performance baseline documentation

  • Configuration change history

  • Incident response plans

  • Disaster recovery procedures

  • Capacity planning guidelines

Remote Support Access

# Configure secure support access
elasticsearch-support-tunnel create \
  --cluster-id prod-cluster \
  --duration 4h \
  --access-level diagnostic
# Monitor support sessions
elasticsearch-support-tunnel list
# Terminate support access
elasticsearch-support-tunnel terminate \
  --session-id ABC123