Briefly, this error occurs when Elasticsearch’s Watcher feature executes a watch more than once, causing the overwriting of watch history entries. This could be due to a system overload or a bug in the Watcher. To resolve this issue, you can increase the system resources, adjust the watch schedule to reduce frequency, or upgrade Elasticsearch to the latest version to fix potential bugs. Also, ensure that the watch actions do not take too long to execute, as this could cause overlapping executions.
This guide will help you check for common problems that cause the log ” overwrote watch history entries {}; possible second execution of a triggered watch; failure [{}] ” to appear. To understand the issues related to this log, read the explanation below about the following Elasticsearch concepts: plugin.
Log Context
Log “overwrote watch history entries {}; possible second execution of a triggered watch; failure [{}]” classname is Watcher.java.
We extracted the following from Elasticsearch source code for those seeking an in-depth context :
.filter(r -> r.getIndex().startsWith(HistoryStoreField.INDEX_PREFIX)) .filter(r -> r.getVersion() > 1) .collect(Collectors.toMap(BulkItemResponse::getId; BulkItemResponse::getFailureMessage)); if (overwrittenIds.isEmpty() == false) { String failure = overwrittenIds.values().stream().collect(Collectors.joining("; ")); logger.info("overwrote watch history entries {}; possible second execution of a triggered watch; failure [{}]"; overwrittenIds.keySet(); Strings.substring(failure; 0; 2000)); } } }