Too_many_scroll_contexts_exception

elasticsearch -{"statusCode":500,"error":"Internal Server Error","message":"[search_phase_execution_exception\n\tRoot causes:\n\t\ttoo_many_scroll_contexts_exception: Trying to create too many scroll contexts. Must be less than or equal to: [500]. This limit can be set by changing the [search.max_open_scroll_context] setting.]: all shards failed"}

I have this issue since two week now. Seems like someone is executing too many scroll. I am trying to find out who and how this is happening.

when it happens kibana does not work. and some of the following curl does not work.

_tasks?actions=indices:data/read/search*&detailed=true&pretty

_tasks?actions=indices:data/read/scroll&detailed=true

gives me no reply for server until I restart some of the data servers. which I know is not right way to fix this issue. any more suggestion on how to find this

I am still facing this issue and can’t find out who is creating this. I am just deleting all scroll to just get by. hope someone has some insight in it.

Hey Sachin,

If you have a license, you can enable audit logging to start diagnose where the request is coming from.

I don’t have license.

I guess someone deployed some code that retrieves a lot of data using scrolling about two weeks ago. I can’t think of any way to find out the culprit without audit logging, which does require a license, so I would recommend asking around.

Add a trial license ?