Failed to save to index due to maximum shard overlimit


I am running a web application (in my own windows server machine) called Automation Anywhere A360. This web application uses a local Elasticsearch instance to handle its Audit Logs.

Cluster health endpoint shows the following:

    "cluster_name": "aa_cr_elasticsearch",
    "status": "yellow",
    "timed_out": false,
    "number_of_nodes": 1,
    "number_of_data_nodes": 1,
    "active_primary_shards": 493,
    "active_shards": 493,
    "relocating_shards": 0,
    "initializing_shards": 0,
    "unassigned_shards": 499,
    "delayed_unassigned_shards": 0,
    "number_of_pending_tasks": 0,
    "number_of_in_flight_fetch": 0,
    "task_max_waiting_in_queue_millis": 0,
    "active_shards_percent_as_number": 49.69758064516129

The cluster allocation endpoint shows the following:

    "index": "bilegacyutility",
    "shard": 2,
    "primary": false,
    "current_state": "unassigned",
    "unassigned_info": {
        "reason": "CLUSTER_RECOVERED",
        "at": "2023-01-11T19:29:57.256Z",
        "last_allocation_status": "no_attempt"
    "can_allocate": "no",
    "allocate_explanation": "cannot allocate because allocation is not permitted to any of the nodes",
    "node_allocation_decisions": [
            "node_id": "Y2wDy49CSgqkleEfKeQShQ",
            "node_name": "localhost",
            "transport_address": "",
            "node_decision": "no",
            "deciders": [
                    "decider": "same_shard",
                    "decision": "NO",
                    "explanation": "a copy of this shard is already allocated to this node [[bilegacyutility][2], node[Y2wDy49CSgqkleEfKeQShQ], [P], s[STARTED], a[id=xP-_uMOwSfCxSIVVSIW9vQ]]"

PROBLEM: Recently some Audit Logs did not pop up in the app and the reason (looking at the logs) is related to sharding:

2023-Jan-09 Mon 15:44:55.539 **ERROR - com.automationanywhere.durablemessaging.DurableMessageTransactionalPublisher - {} - run( - Error: com.automationanywhere.es_client.ESRestClientException: Failed to save to index: audit_logs_20230101**
**    at com.automationan**ywhere.es_client.ESRestClient.insertJsonDoc( ~[kernel.jar:?]
    at com.automationanywhere.es_client.ESRestClient.insertJsonDoc( ~[kernel.jar:?]
    at com.automationanywhere.es_client.ESRestClient.insertJsonDoc( ~[kernel.jar:?]
    at com.automationanywhere.audit.model.AuditESPublisher$BatchPublisher.publish( ~[kernel.jar:?]
    at com.automationanywhere.durablemessaging.DurableMessageTopicPublisher$BatchPublisher.publish( ~[kernel.jar:?]
    at com.automationanywhere.durablemessaging.DurableMessageTransactionalPublisher.lambda$processTopicMessage$1( ~[kernel.jar:?]
    at com.automationanywhere.durablemessaging.DurableMessagingBase.lambda$runWithContext$0( ~[kernel.jar:?]
    at ~[kernel.jar:?]
    at ~[kernel.jar:?]
    at com.automationanywhere.durablemessaging.DurableMessagingBase.runWithContext( ~[kernel.jar:?]
    at com.automationanywhere.durablemessaging.DurableMessageTransactionalPublisher.processTopicMessage( ~[kernel.jar:?]
    at com.automationanywhere.durablemessaging.DurableMessageTransactionalPublisher.waitAndProcessMessage( ~[kernel.jar:?]
    at com.automationanywhere.durablemessaging.DurableMessageTransactionalPublisher.access$400( ~[kernel.jar:?]
    at com.automationanywhere.durablemessaging.DurableMessageTransactionalPublisher$ [kernel.jar:?]
**Caused by: org.elasticsearch.ElasticsearchStatusException: Elasticsearch exception [type=validation_exception, reason=Validation Failed: 1: this action would add [10] total shards, but this cluster currently has [992]/[1000] maximum shards open;]**
    at ~[kernel.jar:?]
    at org.elasticsearch.client.RestHighLevelClient.parseEntity( ~[kernel.jar:?]
    at org.elasticsearch.client.RestHighLevelClient.parseResponseException( ~[kernel.jar:?]
    at org.elasticsearch.client.RestHighLevelClient.internalPerformRequest( ~[kernel.jar:?]
    at org.elasticsearch.client.RestHighLevelClient.performRequest( ~[kernel.jar:?]
    at org.elasticsearch.client.RestHighLevelClient.performRequestAndParseEntity( ~[kernel.jar:?]
    at org.elasticsearch.client.RestHighLevelClient.index( ~[kernel.jar:?]
    at com.automationanywhere.es_client.ESRestClient.insertJsonDoc( ~[kernel.jar:?]

I must point out that our drive where all this is stored has 234GB free (just FYI).

We know that we can increase sharding limit to more than 1000 (we have not done this as it is not recommended at all), but we would like to know a more mid/long term sustainable solution for this, thank you!

Given you have a single node you don't need replicas, so I would set everything to 0 replicas and that will help in the short term.

Is that safe to do? (safer than setting cluster's shard limit higher than 1000?)

You have a single node, you are already at risk of data loss because you have no replicas assigned.

And how can I set everything to 0? Whenever I try to make this request:

PUT /*/_settings

    "index": {
        "number_of_replicas": 0

The response is the following: (http status 403 Forbidden)

    "error": {
        "root_cause": [
                "type": "security_exception",
                "reason": "no permissions for [] and User [name=es_client, backend_roles=[], requestedTenant=null]"
        "type": "security_exception",
        "reason": "no permissions for [] and User [name=es_client, backend_roles=[], requestedTenant=null]"
    "status": 403

How can I set replicas to 0?

Thanks in advance

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.