Inconsistency in data table and serach results and getting error

Elastic Stack Kibana
1

I want to download the search results from dashboard but our kibana doesn't have that option. So I created data table as same search results. But data table showing less results than the search results so I increased the order size in split rows for the fields so I ma getting error

[esaggs] > Request to Elasticsearch failed: {
   "error":{
      "root_cause":[
         {
            "type":"too_many_buckets_exception",
            "reason":"Trying to create too many buckets. Must be less than or equal to: [10000] but was [10001]. This limit can be set by changing the [search.max_buckets] cluster level setting.",
            "max_buckets":10000
         }
      ],
      "type":"search_phase_execution_exception",
      "reason":"all shards failed",
      "phase":"query",
      "grouped":true,
      "failed_shards":[
         {
            "shard":0,
            "index":"events",
            "node":"pdKx6ekIQAaOLyCZrq_Fbw",
            "reason":{
               "type":"too_many_buckets_exception",
               "reason":"Trying to create too many buckets. Must be less than or equal to: [10000] but was [10001]. This limit can be set by changing the [search.max_buckets] cluster level setting.",
               "max_buckets":10000
            }
         }
      ]
   },
   "status":503
}
2

if you are using TSVB, change your interval from 'auto' to something bigger, for example 1d (depends on how big is your timerange). The reason for this error is that there's too many time buckets to process for Elasticsearch. By changing the interval, you would limit the number of buckets and get less precise data, but calculable.

3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.