Too many buckets exception in Flow Deep Dive Dashboard

Problem

When you try to use the Flow Deep Dive Dashboard for flow data you cat the

Trying to create too many buckets. Must be less than or equal to: [10000] but was [10001]. This limit can be set by changing the [search.max_buckets] cluster level setting.

Solution

Increase the search max_buckets from defaults, you can use the Kibana Developer tool with a query like this here:

PUT _cluster/settings
{
  "transient": {
    "search.max_buckets": 30000
  }
}

you can also use curl with a query like this:

curl -X PUT "localhost:9200/_cluster/settings?pretty" -H 'Content-Type: application/json' -d'
{
  "transient": {
    "search.max_buckets": 30000
  }
}'

The response should be something like:

{
  "acknowledged" : true,
  "persistent" : { },
  "transient" : {
    "search" : {
      "max_buckets" : "30000"
    }
  }
}
1 Like