Hi im using rsyslog+ES+kibana
es on 3 servers cluster
after 10 days my kibana work but its very slow
i think that the analyzed fileds use lot of memory .. there is any solution
i used ES to index logs from Rsyslog 2000 network equipment
thank you
Turn them into not analysed and use doc values.
The problem isn't that KB is slow, it'll be that ES is slowing down due to the amount of data you have and are querying. You should be monitoring it to see what is happening.
thank you
"mappings": {
"default": {
"_all": {
"enabled": false
},
"properties": {
"@timestamp": {
"type": "date",
"index": "not_analyzed",
"doc_values": true
},
"host": {
"type": "string",
"index": "not_analyzed",
"doc_values": true
},
"severity": {
"type": "string",
"index": "not_analyzed",
"doc_values": true
},
"facility": {
"type": "string",
"index": "not_analyzed",
"doc_values": true
},
"syslogtag": {
"type": "string",
"index": "not_analyzed",
"doc_values": true
},
"message": {
"type": "string",
"index": "analyzed"
}
like that ?
Yep 
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.