Issue with RecyclerBytesStreamOutput

aurelien.guillaume · February 20, 2023, 4:57pm

Hi,

I'm new in the usage of Elasticsearch (integrated into a security onion appliance)

I'm working to get a huge query (2.5M logs), and I'm stuck with this error message

{
  "error": {
    "root_cause": [
      {
        "type": "illegal_argument_exception",
        "reason": "RecyclerBytesStreamOutput cannot hold more than 2GB of data"
      }
    ],
    "type": "illegal_argument_exception",
    "reason": "RecyclerBytesStreamOutput cannot hold more than 2GB of data"
  },
  "status": 400
}

can you help me going over the 2GB limit ?

Thanks

warkolm · February 21, 2023, 2:57am

Welcome to our community!

What is the query?
What version of Elasticsearch?

aurelien.guillaume · February 21, 2023, 1:24pm

Hi Warkolm,
Thanks

the query is the following (hostname as been removed from the query), I did not write myself this query, I've reformatted it from a Kibana request as I don't know yet how to properly write one

{"query": {"bool": {"must": [],"filter": [{"multi_match": {"type": "phrase","query": "some-hostname","lenient": true}},{"match_phrase":{"event.dataset.keyword":"syslog"}},{"range": {"@timestamp": {"format": "strict_date_optional_time","gte": "2023-02-11T09:00:00.000Z","lte": "2023-02-13T02:00:00.000Z"}}}],"should": [],"must_not": []}}}

and the version number is 8.6.1

regards,

aurelien.guillaume · March 7, 2023, 4:03pm

Hi,
is anyone having a solution for that ?

Thanks,

system · April 4, 2023, 4:03pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.