At a glance
The number of client connections Redis refused in the last 24 hours because the instance had already reached maxclients. Every value above zero is a connection that was turned away: a web node, a worker, or a health check that could not get in. Unlike most metrics this one has no “acceptable” non-zero band; the alert fires at the first rejection because by the time Redis is refusing connections, some downstream service has already failed to do its job. This is the hard, lagging proof that the connection pool was exhausted, the confirmation event behind the Clients vs maxclients % gauge.
| What it tracks | The count of rejected_connections accumulated over a rolling 24-hour window. A non-zero value means Redis hit its maxclients ceiling and refused new connections during that window. |
| Data source | Redis INFO stats section: the rejected_connections counter. The detail line: rejected_connections from INFO stats, clients refused due to maxclients hit. The card computes the delta across the 24-hour window from this monotonic counter. |
| Time window | 24h (rolling 24-hour total, so a rejection event stays visible for a full day after it happens). |
| Alert trigger | > 0. Any rejection at all turns the card red and pages the on-call. There is no healthy non-zero value. |
| Roles | owner, engineering, operations |
Calculation
rejected_connections is a monotonically increasing counter that Redis exposes in INFO stats. It starts at zero on instance boot and only ever goes up; it resets only on restart (or CONFIG RESETSTAT). The card does not display the lifetime counter, it displays the delta over the trailing 24 hours:
- Counter reset on restart. If the instance restarted inside the 24-hour window, the “24h ago” sample is larger than “now”, which would yield a negative delta. The engine detects the reset (a decrease in a monotonic counter) and treats the window as starting from the restart, so a freshly booted instance shows the rejections since boot, not a nonsense negative.
rejected_connectionsis specifically themaxclientsrefusal. It does not count connections dropped for other reasons (a client that disconnected, a protocol error, an auth failure). Those have separate accounting. This counter is the clean signal: “I turned someone away because I was full.”- Cluster and replica connections. On a cluster node the counter reflects only the connections that node refused. A fleet-wide total is the sum across nodes; the card reports per instance so you can find the hot node.
Worked example
A platform team runs self-hosted Redis 7.0 backing session storage for a storefront.maxclients is set to 10,000 in redis.conf, but the host’s ulimit -n was left at the default 1,024, so Redis clipped the effective maxclients to roughly 992 at start-up and logged a warning nobody read. Snapshot taken on 22 Mar 26 at 09:00 GMT, covering the previous 24 hours.
| Reading | Value |
|---|---|
rejected_connections (lifetime) | 14,802 |
rejected_connections 24h ago | 12,610 |
| Rejected (24h) | 2,192 |
Configured maxclients (redis.conf) | 10,000 |
Effective maxclients (CONFIG GET) | 992 |
- 2,192 connections were refused in 24 hours. Each one was a real downstream failure: a web request that could not read a session and bounced the user to login, or a worker that crash-looped.
- Why is the cap 992 when the config says 10,000?
CONFIG GET maxclientsreturns 992, not 10,000. The OS file-descriptor limit clipped it. This is the classic mismatch, the team thought they had ten thousand slots and actually had under a thousand. - When did the rejections cluster? Cross-referencing the storefront’s traffic, the rejections all landed during the 18:00 to 21:00 evening peak, when concurrent sessions briefly exceeded 992.
- Zero is the only good value. Unlike latency or memory, there is no “a few rejections is fine” band. The first rejection means real traffic was turned away.
- The config value lies; the effective value is truth. Always confirm
CONFIG GET maxclientsagainstredis.conf. A clippedmaxclientsis one of the most common causes of unexplained rejections. - This card is the receipt, not the warning. By the time it is non-zero, the damage is done. Watch Clients vs maxclients % to act before rejections start.
Sibling cards
| Card | Why pair it with Rejected Connections | What the combination tells you |
|---|---|---|
| Clients vs maxclients % | The leading gauge that predicts rejections. | Gauge at 90%+ then rejections appearing equals the cap was crossed; act on the gauge to prevent the rejection. |
| Connections Rejected Due to maxclients | The real-time alert version of the same event. | This card is the 24h total; that one fires the instant the counter increments. |
| Connected Clients | The raw connection count over time. | Connected clients pinned at the cap during the rejection window confirms saturation, not a transient. |
| Blocked Clients (BLPOP / BRPOP / WAIT) | Blocked clients still occupy connection slots. | A consumer storm can fill the pool with blocked clients, causing rejections with low real throughput. |
| Connected Clients Saturation vs Traffic Burst | Ties rejections to storefront traffic spikes. | Confirms whether rejections coincided with genuine demand or a leak. |
| Redis Health Score | The composite that any rejection drags down. | A non-zero rejection count alone can drop the health score below threshold. |
| Operations per Second (live) | Throughput context during the rejection window. | High ops plus rejections equals real demand; low ops plus rejections equals a connection leak. |
Reconciling against the source
Where to look in Redis’s own tooling:For managed services:redis-cli INFO stats | grep rejected_connectionsreturns the lifetime counter. Sample it twice 24 hours apart (or read your monitoring history) to reproduce the card’s delta.redis-cli CONFIG GET maxclientsreturns the effective ceiling. If this is lower than yourredis.confvalue, the OS file-descriptor limit clipped it, the usual root cause.redis-cli INFO clientsshowsconnected_clientsso you can see how close you are to the cap right now. The Redis server log recordsWarning: max number of clients reachedlines with timestamps, giving you the exact moments rejections happened.
ElastiCache / MemoryDB: CloudWatch does not exposeWhy our number may legitimately differ:rejected_connectionsdirectly; watchCurrConnectionsagainst the node-typemaxclientsceiling and the engine log file (slow-log / events) for the reached-cap warning. Azure Cache for Redis: theTotal OperationsandConnected Clientsmetrics in Azure Monitor; rejections surface as failed connection attempts in client telemetry. Redis Cloud (Redis Enterprise): the database metrics view reports connection counts against the subscription limit.
| Reason | Direction | Why |
|---|---|---|
| Counter reset on restart | Ours could be lower | A restart inside the window resets the lifetime counter; we count from the restart, not a negative delta. |
| Per-node vs fleet | Ours per instance | A cluster total is the sum across nodes; we report each node separately to surface the hot one. |
CONFIG RESETSTAT | Ours lower | If someone reset stats inside the window, the baseline moved; the card counts from the reset. |
| Sampling cadence | Marginal | We delta two samples 24h apart; a vendor counter read at a different instant differs by the rejections in between. |
Known limitations / FAQs
The card shows rejections but Clients vs maxclients % is green right now. How? The gauge is real-time with 1-minute smoothing; this card is a 24-hour total. A short, sharp burst hours ago could have hit the cap, refused some connections, and subsided, all before you looked at the gauge. The 24h total preserves the evidence; the live gauge does not. This is exactly why both cards exist. Myredis.conf says maxclients 10000 but I am getting rejections at under a thousand connections. Why?
Almost certainly the OS file-descriptor limit. Redis needs one descriptor per client plus a reserve; if ulimit -n is lower than maxclients + 32, Redis clips the effective maxclients at start-up and logs a warning. Run CONFIG GET maxclients to see the real ceiling, then raise ulimit -n (systemd LimitNOFILE, or /etc/security/limits.conf) and restart.
Can I raise maxclients at runtime to stop rejections?
On self-hosted Redis, CONFIG SET maxclients 50000 works immediately if the OS file-descriptor limit allows it, otherwise it is clipped silently. On managed services the ceiling is fixed by node type and you must scale to a larger node or add a client-side connection pool. Raising the cap stops rejections only if the underlying demand is genuine; a connection leak will refill any headroom.
Does this counter include connections dropped for other reasons?
No. rejected_connections is specifically the maxclients refusal. Connections closed for client disconnects, protocol errors, idle timeouts, or auth failures are accounted for separately and do not appear here. That precision is what makes a non-zero value unambiguous.
Why is the window 24 hours and not real-time?
Because rejections are bursty and brief. A 24-hour total ensures a 3-minute rejection storm at 02:00 is still visible at 09:00 when the team reviews dashboards. The real-time view lives in Connections Rejected Due to maxclients.
My instance restarted overnight. Does that hide rejections from before the restart?
The lifetime counter resets to zero on restart, so rejections from before the restart are lost from Redis itself. The card detects the reset and reports rejections since boot rather than a negative delta. If you need the pre-restart figure, it lives only in the server log (max number of clients reached lines) or your external monitoring history.