Hi,
I need help. After upgrading Elastic Stack from 8.18.2 to 9.1.4, I got an error while monitoring Elastic.
Specifically, the built-in rules:
CCR read exceptions
Cluster health
CPU usage
Elasticsearch version mismatch
Kibana version mismatch
Memory usage (JVM)
started throwing errors during execution.
monitoring_alert_cluster_health:83885e42-292a-4a11-82ad-4d7a571d70ea: execution failed - search_phase_execution_exception Caused by: illegal_argument_exception: Result window is too large, from + size must be less than or equal to: [10000] but was [20000]. See the scroll API for a more efficient way to request large data sets. This limit can be set by changing the [index.max_result_window] index level setting. Root causes: illegal_argument_exception: Result window is too large, from + size must be less than or equal to: [10000] but was [20000]. See the scroll API for a more efficient way to request large data sets. This limit can be set by changing the [index.max_result_window]
I'm not sure how to improve or fix this. I tried adding the setting for the .monitroing_es-* and monitoring-kibana-* indexes:
"index.max_result_window": 25000,
"index.max_rescore_window": 25000
Unfortunately, it didn't work. I set it for the current index and previous ones. I even left one ClusterHeath rule and still got the same error. I reduced the execution time from 1 hour to 5 minutes.
Has anyone experienced a similar issue? I should emphasize that this concerns index monitoring, cluster monitoring, and so on. I should add that I'm using the Elastic Agent and the Elasticsearch integration. It previously worked without any issues.