Hi,
I'm having trouble with dealing an odd pattern of load distribution on one of our clusters. I inadvertently posted in the wrong forum. Link is here:
FYI we have 18 data nodes, 1250 shards and a limit of 3 index shards per node. So the loading pattern doesn't appear related to shard distribution.
Thx
D
try using the hot_threads API and paste the output here so we can check what java code is eating all the CPU.
Have the same situation since 6.8.0
are you doing a lot sliced scroll searches? The hot threads output seems to indicate that? Are you only hitting this one node with sliced scroll queries?
One of the devs may be. If so, I don't know who it is. Our data isn't indexed to be pinned to individual shards. How could this be happening?
I think trying out to figure who is accessing your data sounds like a good idea. A scroll search is usually not issued by kibana (i.e. for a dashboard), so someone/some code needs to trigger this explicitely.
As for Elasticsearch this is simply an open TCP connection, maybe using some more lowlevel tools could help, like tcpdump or netstat?
This instance is not exposed to the internet I suppose? So you control who can access it?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.