elasticsearch设置分片数量

简述

今天发现es不能正常接入数据，查看Filebeat发现分片已超出默认的1000

Could not index event to Elasticsearch. {:status=>400, :action=>["index", {:_id=>nil, :_index=>"********-2021-
01-16", :routing=>nil, :_type=>"_doc"}, #<LogStash::Event:0x15df4cd0>], :response=>{"index"=>
{"_index"=>"********-2021-01-16", "_type"=>"_doc", "_id"=>nil, "status"=>400, "error"=>
{"type"=>"validation_exception", "reason"=>"Validation Failed: 1: this action would add [2] total shards, but 
this cluster currently has [999]/[1000] maximum shards open;"}}}}

配置es

配置文件中加一行

cluster.max_shards_per_node: 10000

[centos@us-prod-sre-eslog-node-1 ~]$ vim /data/elasticsearch/config/elasticsearch.yml
cluster.max_shards_per_node: 10000

重启服务后生效