Hi!
I am trying to add a sub-bucket in an kibana histogram and i get the bellow:
Request to Elasticsearch failed: {"error":{
"root_cause":
"type":"search_phase_execution_exception","reason":"all shards failed","phase":"query","grouped":true,"failed_shards":[
{"shard":0,"index":"data-20200123",
"node":"CXFldNupTpObai1jt88wDg","reason":{"type":"too_many_buckets_exception","reason":"Trying to create too many buckets. Must be less than or equal to:
[10000] but was [10001]. This limit can be set by changing the [search.max_buckets] cluster level setting.","max_buckets":10000}},
{"shard":0,"index":"data-20200127",
"node":"CXFldNupTpObai1jt88wDg","reason":{"type":"too_many_buckets_exception","reason":"Trying to create too many buckets.
Must be less than or equal to: [10000] but was [10001]. This limit can be set by changing the [search.max_buckets] cluster level setting.","max_buckets":10000}},
{"shard":0,"index":"data-a-20200123","node":"CXFldNupTpObai1jt88wDg","reason":{"type":"too_many_buckets_exception","reason":"Trying to create too many buckets.
Must be less than or equal to: [10000] but was [10001]. This limit can be set by changing the [search.max_buckets] cluster level setting.","max_buckets":10000}},
{"shard":0,"index":"data-20200127","node":"rF8XLfPSSkSUBUdIgr9Lzw","reason":{"type":"too_many_buckets_exception","reason":"Trying to create too many buckets.
Must be less than or equal to: [10000] but was [10001]. This limit can be set by changing the [search.max_buckets] cluster level setting.","max_buckets":10000}}
]},
"status":503}
"search_phase_execution_exception","reason":"all shards failed"
Since I have only 4 indices with total 200 docs and the distinguished values for the sub-bucket aggregation are 30 how it exceeds the max_bucket (10000)?
Does the number of buckets has to do with all the sub-bucket aggregations cumulatively?
Is there any "formula" to calculate the buckets knowing the number of distinguished values of the sub-bucket aggregations (3 sub-buckets (terms) in a kibana histogram), the interval and the time period?
For example:
subbucket A : 30 distinguished values
subbucket B: 5 distinguished values
subbucket C: 10 distinguished values
and all this requested 80 times in a time period.
A multiplication of all these? (I guess that this way I will get the max possible but not the real number)
Or I have to count all the combinations from these 3 subbuckets I get for each moment in the time period and add all these numbers?
For example:
9:00 : results=8 (1 doc with aa-bb-cc / 4 docs with aa -bb -cb / 3 docs with ab -bb -cc)
9:15 : results=9 (1 doc with aa-bb-cc / 4 docs with aa -bb -cb / 2 docs with ab -bb - cc / 2 docs with ab-bb-ca)
9:30 : results=3 (1 doc with ad-bb-ca / 1 doc with aa -bb -cb / 1 docs with ab -bf -ca)
(Where e.g1 doc with ad-bb-ca means that the query for subbucket A has as result the value ad
the query for subbucket B has as result the value bb
and the query for subbucket C has as result the value ca
)
So in this way the buckets for time period [9:00-9:30] will be 8+9+3 ?
Sorry for the long text!
Thank you in advance!