Alert rule for standard cluster alerts: search_phase_execution_exception [illegal_argument_exception]

Platinum license

Setting up brand new cluster, and have configured metricbeat style monitoring of cluster (separate elasticsearch for monitoring).

Entered setup mode and did the add of standard alerts. Looks like these rules got created but am seeing Error status on all.

  • CCR read exceptions
  • CPU Usage
  • Cluster health
  • Disk Usage
  • Elasticsearch version mismatch
  • Kibana version mismatch
  • License expiration
  • Memory Usage (JVM)

Error that is shown for each....

search_phase_execution_exception: [illegal_argument_exception] Reason: no mapping found for cluster_uuid in order to collapse on; [illegal_argument_exception]

You should definitely raise a request with your Support engineer then :slight_smile:


Hi, did reach out to support for guidance, and the root cause was that I'd done monitoring alert setup on the actual production Kibana... But instead I needed to setup Kibana on the dedicated monitor cluster. Makes sense I guess thinking about it.

Also I had to enable the nodes with role 'remote_cluster_client' to get things working fully.

All good now! Alerts setup with PagerDuty actions as well so we're cookin' with fire now.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.