Exception "aggregation_execution_exception" after issues with not enough shards

Hi guys,
so we are using Graylog with Elasticsearch and when I tried to create additional indices we ran out of shards. I fixed the shard issue, created the new indices but if I use the new indices with existing indices I get this error:

Elasticsearch exception [type=aggregation_execution_exception, reason=Merging/Reducing the aggregations failed when computing the aggregation [agg-1] because the field you gave in the aggregation query existed as two different types in two different indices].

After a quick test I discovered that I can browse the new indices themselves without problems, also the existing ones. Just not together. No big deal I thought and deleted the new and existing indices. Still same error.

What can I do here to get rid of this error, please? Thanks in advance.

Edit: I didnt delete all the indices on the system, the error only shows up when selecting 'temporary' indices. Deleting all indices is not an option because that would affect data we still need.

Welcome to our community!

Without wanting to dismiss your request, I am not sure this is entirely an Elasticsearch problem. Elasticsearch doesn't have temporary indices, that sounds like a graylog concept.

However an aggregation will indeed fail if the mappings of the same field in different indices is not consistent. We would need to see the aggregation query and the mappings to comment further.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.