Too_many_scroll_contexts_exception

elasticforme · February 9, 2026, 3:58pm

elasticsearch -{"statusCode":500,"error":"Internal Server Error","message":"[search_phase_execution_exception\n\tRoot causes:\n\t\ttoo_many_scroll_contexts_exception: Trying to create too many scroll contexts. Must be less than or equal to: [500]. This limit can be set by changing the [search.max_open_scroll_context] setting.]: all shards failed"}

I have this issue since two week now. Seems like someone is executing too many scroll. I am trying to find out who and how this is happening.

when it happens kibana does not work. and some of the following curl does not work.

_tasks?actions=indices:data/read/search*&detailed=true&pretty

_tasks?actions=indices:data/read/scroll&detailed=true

gives me no reply for server until I restart some of the data servers. which I know is not right way to fix this issue. any more suggestion on how to find this

elasticforme · February 12, 2026, 9:50pm

I am still facing this issue and can’t find out who is creating this. I am just deleting all scroll to just get by. hope someone has some insight in it.

Musab_Dogan · February 13, 2026, 8:48am

Hey Sachin,

If you have a license, you can enable audit logging to start diagnose where the request is coming from.

elasticforme · February 13, 2026, 7:11pm

I don’t have license.

Christian_Dahlqvist · February 13, 2026, 7:44pm

I guess someone deployed some code that retrieves a lot of data using scrolling about two weeks ago. I can’t think of any way to find out the culprit without audit logging, which does require a license, so I would recommend asking around.

RainTown · February 13, 2026, 10:20pm

Add a trial license ?

elasticforme · February 16, 2026, 8:14pm

hmm, I guess I will have to find most all code which using this and debug it.

this is production cluster, do not want to add trial license and then not work after it expires.

RainTown · February 16, 2026, 8:44pm

The cluster can be reverted to basic (what you have now) license before trial ends. I am not saying it's a complete no-op, in fact I did make an error myself on this which was subject of an early Q by me on this very forum, but you are already better informed than I was so can take better care ... I believe it's manageable and feasible.

You could also try lowering limits for slowlog, and hope to be lucky?

Musab_Dogan · February 16, 2026, 10:51pm

If the HTTP layer security (HTTPS) is not active you can sniff the port 9200.

elasticforme · February 20, 2026, 10:07pm

Thank you all for replying and giving some pointer. I have just requested searh query from user community and some of them was not optimized. I provided them search_after and PIT option.

Also started collecting stack monitoring for cluster. Also improvise smaller query by using get or mget API and/or use REST in place of sql.

Still lot to do. but seems like I am on right track.

Topic		Replies	Views
Did I hit bug related to scroll and too many scroll contexts Elasticsearch	2	1702	June 11, 2020
Too many scroll error Elasticsearch	4	647	December 31, 2020
In Kibana 7.7.1, often try create too many scroll contexts when query the index kibana_task_manager Kibana	4	1193	November 26, 2020
Too Many Scroll Context ERROR but found no active scroll context Elasticsearch	2	1882	December 24, 2020
Elasticsearch 7.0.1 - Trying to create too many scroll contexts. Must be less than or equal to: [500] Elasticsearch	3	4541	June 15, 2019

Too_many_scroll_contexts_exception

Related topics