Hi, guys,
I am employing ES to do log message query. I got about 100G sized indices which are mainly distributed in 14 indices. A search test was imposed to search log messages from one of the 14 indices. And the test said ES took ~5s-20s to finish one query.
###Here is the index template I have imposed on the index:
"service_log_template" : {
"order" : 0,
"template" : "service_log_*",
"settings" : {
"index" : {
"number_of_replicas" : "0",
"number_of_shards" : "10"
}
},
"mappings" : {
"log" : {
"properties" : {
"Instance" : {
"index" : "not_analyzed",
"type" : "string"
},
"Host" : {
"index" : "not_analyzed",
"type" : "string"
},
"Level" : {
"index" : "not_analyzed",
"type" : "string"
},
"Content" : {
"type" : "string"
},
"Timestamp" : {
"index" : "not_analyzed",
"type" : "long"
}
}
}
},
"aliases" : { }
}
###And here is what the query request like:
"query":
{
"bool":
{
"filter":
[
{"term":{"Level":"INFO"}},
{"term":{"Instance":"AAAABBBBCCCCDDDD"}},
{
"match":
{
"Content":
{
"query":"pinyin",
"type":"boolean"
}
}
},
{
"range":
{
"Timestamp":{"from":1462842567465499517,"include_lower":true,"include_upper":true,"to":null}
}
}
]
}
},
"size":20,
"sort":[{"Timestamp":{"order":"asc"}}]
###And for my ES node configuration
It is a single node running exclusively on the box.
CPU: 4
RAM: 14G
RAM for ES JVM: 6G
Thanks for any suggestion on what I should do to optimize the query performance.