Skip to content

Handle closed indices in search stats endpoint query#23824

Open
margaretpearce wants to merge 2 commits into
DataDog:masterfrom
margaretpearce:margaretpearce/elastic-index-search-stats-handle-closed-indices
Open

Handle closed indices in search stats endpoint query#23824
margaretpearce wants to merge 2 commits into
DataDog:masterfrom
margaretpearce:margaretpearce/elastic-index-search-stats-handle-closed-indices

Conversation

@margaretpearce
Copy link
Copy Markdown

@margaretpearce margaretpearce commented May 22, 2026

What does this PR do?

  • Update the query to get stats for searches by index to handle closed indices instead of returning an error

Motivation

Elasticsearch 7.3+ returns an error on /_stats/search if there are closed indices in the cluster: elastic/elasticsearch#88752.

Elasticsearch can have closed indices that are hidden, such as .ds-ilm-history-* and .internal.alerts-observability. These indices are system-managed. However, because these indices can exist and can be closed, they trigger error responses from the query in _get_index_search_stats:

{
	"error": {
		"root_cause": [
			{
				"type": "index_closed_exception",
				"reason": "closed",
				"index_uuid": "xxxxx",
				"index": ".internal.alerts-security.alerts-default-000001"
			}
		],
		"type": "index_closed_exception",
		"reason": "closed",
		"index_uuid": "xxxxx",
		"index": ".internal.alerts-security.alerts-default-000001"
	},
	"status": 400
}

These errors end up being surfaced in the Datadog integration as an AuthenticationError, which is not accurate: https://github.com/DataDog/integrations-core/blob/master/elastic/datadog_checks/elastic/elastic.py#L341

To resolve this problem, I considered two options:

  1. Gather stats from closed indices by passing query parameter forbid_closed_indices=false (https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-indices-stats#operation-indices-stats-forbid_closed_indices)
  2. Skip stats on closed indices by passing query parameter ignore_unavailable=true

I opted to pursue the first option because although the second option worked for me, it is not documented on https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-indices-stats.

This is my first contribution to this repository. Apologies for any mistakes or omissions.

Review checklist (to be filled by reviewers)

  • Feature or bugfix MUST have appropriate tests (unit, integration, e2e)
  • Add qa/required if this PR needs QA validation, or qa/skip-qa if it does not. Exactly one of the two is required.
  • If you need to backport this PR to another branch, you can add the backport/<branch-name> label to the PR and it will automatically open a backport PR once this one is merged

@margaretpearce margaretpearce requested a review from a team as a code owner May 22, 2026 22:06
@datadog-datadog-prod-us1

This comment has been minimized.

Sign in to view
@margaretpearce margaretpearce force-pushed the margaretpearce/elastic-index-search-stats-handle-closed-indices branch from 7ebb5b9 to bb7e71d Compare May 22, 2026 22:12
@codecov
Copy link
Copy Markdown

codecov Bot commented May 22, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 89.05%. Comparing base (6250e42) to head (bb7e71d).

Additional details and impacted files
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

agent/review-requested ecosystems/review-requested integration/elastic product/review-requested team/agent-integrations

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@margaretpearce