Have had ELK up and running now for a few days. All was working just fine. Today however and am getting the attached error and data isn't showing up in 2 panels.
When I try to click on Show Details it's a dead link. How can I trouble shoot this?
You may be able to use the Kibana inspector or the Network tab of the browser developer tools to capture the request that is causing problems.
When doing some Inspecting I see this error
"java.util.concurrent.ExecutionException: CircuitBreakingException[[fielddata] Data too large, data for [_id] would be [420863022/401.3mb], which is larger than the limit of [415550668/396.2mb]]",
Okay, this is a common issue when aggregating on _id. Take a look at this: https://github.com/elastic/elasticsearch/issues/43599
We also recommend against aggregating on the _id field in general https://www.elastic.co/guide/en/elasticsearch/reference/current/mapping-id-field.html
Thanks for the direction. I am a bit new at this and not quite sure how to handle fixing it. How would I duplicate the _id field to another?
{
"aggs": {
"2": {
"terms": {
"field": "geoip.country_name.keyword",
"order": {
"1": "desc"
},
"size": 5
},
"aggs": {
"1": {
"cardinality": {
"field": "_id"
}
}
}
}
},You can't do this in your query, you would need to change your mapping. Unfortunately I don't know how to set this up, but my guess is that it involves the copy_to parameter: https://www.elastic.co/guide/en/elasticsearch/reference/current/copy-to.html
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.