Kibana Discover not working with Search Enterprise 3.0

Description

Reproduction Steps

  1. Access Kibana (e.g. http://localhost:5600/kibana)

  2. If not done already, create an index pattern. I set time field to be cm%3Acreated, but not sure it makes any difference to the bug.

  3. Click Kibana > Discover from main menu

  4. Note error in bottom right corner:

  5. Adjust time range and query to something that will definitely return data. Same result.

Assumption is that Kibana features will work OOTB, though without any permission based reporting.

Acceptance criteria:

  • Investigate why Kibana require in the query that list of docValues (full of duplicates, including aliases)

  • Investigate if this is a bug in Kibana or potential issue with docvalues or both

  • If the bug is in Kibana - add documentation in supported versions or Kibana configuration

  • If the list of docvalues is incorrect - simple fix in this story or raise a separate ticket

Environment

None

Activity

Show:
Alessandro Benedetti
April 29, 2021, 4:43 PM
Edited

 

This list is full of duplicated fields (and given the name and type the _untokenized one was supposed to just be an alias).

That list is meant to fetch from docValues data structures to return the values in the response.

But that can also be done through classic source retrieval:

If Kibana builds that query automatically, we need to understand where it fetches this huge list of fields, why duplicates are included and how the docValues expected to be returned are used (displayed?)

Davide Cerbo
April 29, 2021, 3:18 PM

The error details is:

{"statusCode":400,"error":"Bad Request","message":"status_exception","attributes":{"error":{"type":"status_exception","reason":"error while executing search","caused_by":{"type":"search_phase_execution_exception","reason":"all shards failed","phase":"query","grouped":true,"failed_shards":[{"shard":0,"index":"alfresco","node":"7OnaHZGWRIWEpxcrDBdUiA","reason":{"type":"illegal_argument_exception","reason":"Trying to retrieve too many docvalue_fields. Must be less than or equal to: [100] but was [126]. This limit can be set by changing the [index.max_docvalue_fields_search] index level setting."}}],"caused_by":{"type":"illegal_argument_exception","reason":"Trying to retrieve too many docvalue_fields. Must be less than or equal to: [100] but was [126]. This limit can be set by changing the [index.max_docvalue_fields_search] index level setting.","caused_by":{"type":"illegal_argument_exception","reason":"Trying to retrieve too many docvalue_fields. Must be less than or equal to: [100] but was [126]. This limit can be set by changing the [index.max_docvalue_fields_search] index level setting."}}}}}}

This error can be resolved:

  • incrementing max_docvalue_fields_search value

  • reducing the number of docvalues, if we can

  • Use Elasticsearch 7.11 (see the last comment here)

Assignee

Unassigned

Reporter

Martin Stanford

Bug Priority

Category 3