Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

ranger is not updating access audit logs

Labels:
avatar
author-rank clouderaskme
Explorer

Created ‎06-01-2022 02:00 PM

Ranger is not updating the access audits in ranger after a certa date solr logs are giving the below error:

ERROR (qtp246273275-120) [c:ranger_audits s:shard1 r:core_node2 x:ranger_audits_shard1_replica_n1] o.a.s.h.RequestHandlerBase org.apache.solr.common.SolrException: Exception writing document id 8cb43886-8056-46b2-8b24-0ead48c8280b-1 to the index; possible analysis error: number of documents in the index cannot exceed 2147483519

 

how can this be troubleshooted?

1,599 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank Tylenol author-rank
Contributor

Created ‎06-01-2022 07:21 PM

Hello @clouderaskme ,

 

From the above error message , we could tell that you would be hitting  SOLR-3504. The issue is due to limitation from Solr side where 1 shard can only index upto 2.14 Billion.

The solution would be to create a new ranger_audits collection with 2 shards instead of 1. As it can index more documents.

 

You may also try to delete the older records if the solr instance is still up and running and see if the issue been resolved.

Please modify the http with https if SSL is enabled and check the port as per your environment and run the below command.

curl -ikv --negotiate -u: "http://$(hostname -f):8886/solr/ranger_audits/update?commit=true" -H "Content-Type: text/xml" --data-binary "<delete><query>evtTime:[* TO NOW-15DAYS]</query></delete>"

 

There is another method of splitting the shard. Please refer to the below doc
https://my.cloudera.com/knowledge/ERROR-quotToo-many-documents-composite-IndexReaders-cannot?id=7473...

View solution in original post

1,577 Views
2 REPLIES 2

avatar
author-rank Tylenol author-rank
Contributor

Created ‎06-01-2022 07:21 PM

Hello @clouderaskme ,

 

From the above error message , we could tell that you would be hitting  SOLR-3504. The issue is due to limitation from Solr side where 1 shard can only index upto 2.14 Billion.

The solution would be to create a new ranger_audits collection with 2 shards instead of 1. As it can index more documents.

 

You may also try to delete the older records if the solr instance is still up and running and see if the issue been resolved.

Please modify the http with https if SSL is enabled and check the port as per your environment and run the below command.

curl -ikv --negotiate -u: "http://$(hostname -f):8886/solr/ranger_audits/update?commit=true" -H "Content-Type: text/xml" --data-binary "<delete><query>evtTime:[* TO NOW-15DAYS]</query></delete>"

 

There is another method of splitting the shard. Please refer to the below doc
https://my.cloudera.com/knowledge/ERROR-quotToo-many-documents-composite-IndexReaders-cannot?id=7473...

1,578 Views

avatar
author-rank DianaTorres author-rank
Community Manager

Created ‎06-06-2022 10:56 AM

@clouderaskme Has the reply helped resolve your issue? If so, please mark the appropriate reply as the solution, as it will make it easier for others to find the answer in the future. Thanks!

Regards,

Diana Torres,
Community Moderator

Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
Learn more about the Cloudera Community:
1,545 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements