Elasticsearch Rejected Search Requests in Elasticsearch – Causes and Solutions

Opster Team

Last updated: Nov 29, 2021

| 1 min read

In addition to reading this guide, we recommend you run the Elasticsearch Health Check-Up. It will detect issues and improve your Elasticsearch performance by analyzing your shard sizes, threadpools, memory, snapshots, disk watermarks and more.

The Elasticsearch Check-Up is free and requires no installation.

To improve your search requests in Elasticsearch, we recommend you run the Elasticsearch Configuration Check-Up. The Check-Up will also help you optimize other important settings in Elasticsearch to improve performance.

Rejected Search Requests

There are a number of reasons why a search request can be rejected by the cluster. These reasons generally break down into 2 main groups: 

  1. Performance / workload related issues
  2. Mapping or syntax related issues

Performance / workload related issues

These are some of the issues that could cause search requests to be rejected:

  • 403 Request throttled due to too many requests
  • 400 Circuit Breaker Errors
  • 400 Queue Full Errors

As a general rule, you should look at monitoring data to find out why the Elasticsearch cluster is unable to keep up with the current workload. Bear in mind that the root cause of these errors may be something completely different from the specific request that was sent.  

In this case, it may be possible to simply re-try the command at a later time when the cluster is not so busy.

How to fix it

For request throttled errors, see:

https://opster.com/elasticsearch-glossary/high-cpu/

For circuit breaker errors, see:

https://opster.com/elasticsearch-glossary/elasticsearch-circuit-breakers/

For queue rejection errors see:

https://opster.com/elasticsearch-glossary/elasticsearch-search-rejected-queue/

Mapping or syntax related issues

One of the issues that could cause search requests to be rejected is:

  • 400 Parsing Exception

This issue occurs due to the specific request being sent, and is not retryable.

How to fix it

This is usually the result of incorrect structure or terminology in your query. In particular you should check which version of Elasticsearch you are using and check whether the query syntax is correct for that version.

"With Opster, we’ve been able to reduce our hardware costs by over $4 million."

Arpit Ghiya

Senior Lead SRE at Coupa

Read Case Study

Watch product tour

Try AutoOps to find & fix Elasticsearch problems

Analyze Your Cluster
Related Articles

Choose the Correct Number of Shards

How to Solve Indexing Downtime

How OzTam Improved Search Performance

Skip to content