We have a elasticsearch cluster for log collector system with 10
nodes(16Cores/32GB mem ). Installed one ES instance per machine with 16GB
jvm heap. The half of 10 nodes are primary, and other nodes is slave. We
store the last 7 days log into ES( one day one index) with 1TB index per
day. One index have 20 shards.
About the frequently writing system we have the below challenge:
- big jvm heap challenge: we use CMS GC with 16GB jvm heap.
- frequently index writing(2000 indexing requests per secend per node) and
low search request(10~20 search requests per secend). - the end user want search the log from the ES ASAP( log transport flow:
the user app write the log to local disk -> the collector read the log and
send the remote ES cluster -> the end user search log from front page of
ES). - the search will timeout when the ES merge the lucene segment, and the
index write speed will to be slow. This time,the CPU load will uprise, our
cluter can hardly provide search and index write.(Occur 1~2 times every day)
Anybody can give us some suggestion for our system? Especially the lucene
segment merge.Thank you very much!
--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.