elasticsearch error – this cluster currently has [1000]/[1000] maximum shards open

Short term solution: increase the number of shards to 3000

curl -XGET localhost:9200/_cluster/allocation/explain?pretty

After that, please try the following to reallocate the unassigned shards. First, set the replica option to 0
curl -XPUT ' localhost:9200/wazuh-alerts-*/_settings' -H 'Content-Type: application/json' -d '{ "index": { "number_of_replicas": "0" } }'

At the same time, execute this in another terminal to see the status:
watch -n0 'curl -s localhost:9200/_cluster/health?pretty | grep "active_shards_percent"'

If that doesn't work, please try this solution as a workaround. It's about to increase the shards limit to 3k so you can take control of them meanwhile an architectural solution is implemented. 

curl -X PUT localhost:9200/_cluster/settings -H "Content-Type: application/json" -d '{ "persistent": { "cluster.max_shards_per_node": "3000" } }'

Long term solution: Add additional data nodes to your ES cluster in the near future.

Leave a Reply

Your email address will not be published. Required fields are marked *