Data might be incomplete because your request timed out

swb · July 11, 2019, 6:24am

Hi!
We have the cluster - 1 master nodes and 3 data nodes. Every Data nodes have cpu - 12 cores, RAM - 48 GB (Xms Xmx 16 GB), Disk - 450 GB SSD . Three Indices are created every day – logstash, elasticflow and elastalert. The total number of indices is 47, shards - 130, Documents - 1 billion, Data - 700 GB.

Average size of indices logstash is 60 GB, numbers of documents 60 million. When I am making a request in Kibana in indiced logstash for the last 72 hours and i'm getting "Data might be incomplete because your request timed out".

Could you tell me what cause that problem?

Mark_Harwood · July 11, 2019, 7:08am

A search that is provided with a “timeout” setting will try stop processing data when the time is up and return with only partial results.

If you’d rather have an error than partial results you can use the “allow partial results setting” to control this behaviour https://www.elastic.co/guide/en/elasticsearch/reference/6.7/search-request-body.html#_parameters_4

swb · July 11, 2019, 9:13am

Thanks for your reply.

system · August 8, 2019, 9:27am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.