我有一个进程,我每天运行,它的责任是计算ip请求,进入某个应用程序,并汇总它在每小时的基础上!但过了一段时间,我得到了以下错误:
{
"error" : {
"root_cause" : [
{
"type" : "too_many_buckets_exception",
"reason" : "Trying to create too many buckets. Must be less than or equal to: [10000] but was [10001]. This limit can be set by changing the [search.max_buckets] cluster level setting.",
"max_buckets" : 10000
}
],
"type" : "search_phase_execution_exception",
"reason" : "all shards failed",
"phase" : "query",
"grouped" : true,
"failed_shards" : [
{
"shard" : 0,
"index" : "ipreq-20201017",
"node" : "Pd-QGKviSZeHVPhIPiX92A",
"reason" : {
"type" : "too_many_buckets_exception",
"reason" : "Trying to create too many buckets. Must be less than or equal to: [10000] but was [10001]. This limit can be set by changing the [search.max_buckets] cluster level setting.",
"max_buckets" : 10000
}
}
]
},
"status" : 503
}我不明白!为什么elastic search抱怨bucket限制,它似乎没有清理任何已创建的内容!另外,我不想增加 search.max_buckets 因为过了一段时间我也会有同样的问题,因为再到这里只是时间问题!
我正在使用的索引的Map如下所示:
{
"ipreq-20201017" : {
"mappings" : {
"properties" : {
"at" : {
"type" : "date"
},
"count" : {
"type" : "integer"
},
"ip" : {
"type" : "keyword"
}
}
}
}
}注意:您可以从索引的名称猜到,我正在将每天的访问存储到一个单独的索引中,处理完数据后,我将删除该索引!
下面列出了我用于从目标索引聚合数据的查询,我尝试在20个分区中获取数据。
{
"size":0,
"aggs":{
"ips":{
"terms":{
"field":"ip",
"include":{
"partition":0,
"num_partitions":20
},
"size":1000000
},
"aggs":{
"ats":{
"terms":{
"script":{
"source":"doc.at.value.hour"
},
"size":24
}
}
}
}
}
}样本数据:
{
"ip":"58.252.205.49",
"count":1,
"at":"2020-10-16T22:45:05UTC"
}问题:
在所有这些情况下,我做错了什么?
我如何解决我的问题,关于 max_bucket 错误?
有什么方法可以清理以前创建的桶吗?
附言:我在网上查了很多,但找不到任何解决我具体问题的方法。
暂无答案!
目前还没有任何答案,快来回答吧!