Rejected Search Requests
There are a number of reasons why a search request can be rejected by the cluster. These reasons generally break down into 2 main groups:
- Performance / workload related issues
- Mapping or syntax related issues
Performance / workload related issues
These are some of the issues that could cause search requests to be rejected:
- 403 Request throttled due to too many requests
- 400 Circuit Breaker Errors
- 400 Queue Full Errors
As a general rule, you should look at monitoring data to find out why the Elasticsearch cluster is unable to keep up with the current workload. Bear in mind that the root cause of these errors may be something completely different from the specific request that was sent.
In this case, it may be possible to simply re-try the command at a later time when the cluster is not so busy.
How to fix it
For request throttled errors, see:
https://opster.com/elasticsearch-glossary/high-cpu/
For circuit breaker errors, see:
https://opster.com/elasticsearch-glossary/elasticsearch-circuit-breakers/
For queue rejection errors see:
https://opster.com/elasticsearch-glossary/elasticsearch-search-rejected-queue/
Mapping or syntax related issues
One of the issues that could cause search requests to be rejected is:
- 400 Parsing Exception
This issue occurs due to the specific request being sent, and is not retryable.
How to fix it
This is usually the result of incorrect structure or terminology in your query. In particular you should check which version of Elasticsearch you are using and check whether the query syntax is correct for that version.
