I am facing a weird issue in a single elasticsearch query causing cluster instability.
I have a query with filters filters aggregation on a nested field. When I do terms query on the nested field with few values only the query works fine (no impact on cluster) however, if I add many items to the terms query the inside the nested field, then the cluster gets unstable.
I have a cluster with 4 data nodes and a master node, with 32 gb memory on each nodes.
{
"size" : 0,
"aggregations" : {
"amount" : {
"terms" : {
"field" : "user_id",
"size" : 0
},
"aggregations" : {
"totalAmount" : {
"nested" : {
"path" : "amount"
},
"aggregations" : {
"testfilters" : {
"filter" : {
"bool" : {
"must" : {
"bool" : {
"must" : [ {
"terms" : {
**"amount.group" : [ "A1", "A2", "A4",..... "A100" ]**
}
} ]
}
}
}
},
"aggregations" : {
"paidAmountTotal" : {
"sum" : {
"field" : "amount.paid"
}
}
}
}
}
}
}
}
}
}
The above query causes cluster to become unstable. The changes I have done is in above bold text, which is a nested field (amount.group) that I did terms aggregation on.
I have tested with adding match_all instead of values for amount.group field, though I have no issue with cluster.
How does the terms aggregation in nested field works ?
What could be cause for this ?