Hi all,
I have an elasticsearch cluster consisting of one client node and two data nodes as a part of an ELK stack. As we have configured 5 shards per index and 1 replica, every data node gets 2 primary shards and 3 replicas or 3 primary shards and 2 replicas of each index. So every one of the two nodes holds the complete index information. The shard distribution works as I expected.
When I start a search over all 14 indexes in our database against my client node, I expected it to divide the search into 14x5 shard searches and distribute these to the two data nodes that hold the primary shards. Then it should collect and merge the results and return it to kibana. That's how I understood the documentation but that is not what happens 
When I watch the load on my two data node machines, I see that one of the nodes gets the complete search load and it's load rises to 15-20 (which is not surprising as it has to start all 70 search threads!) and the other node gets no load at all. The searches are balanced in the meaning that the next search goes to the other node but each node gets a complete search every time. If I start one search only at a time, there is no load balancing at all.
Did I miss some point or missunderstood the documentation? How can I configure the cluster to load balance a single search onto several cluster nodes?
Regards,
Wolfgang
Yes, that seems to be the problem, thank you! 
At least I have some options to evaluate now 
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.