Elastic 2.2.0 how to find the query

jeannot · October 3, 2017, 12:20pm

Hi all,

When looking to slow query logs, I found some binary.
I try to find in documentation how to make a link between a query and this binary.

Any idea?

regards
Jean-Luc

Example:
[2016-12-22 08:53:35,630][TRACE][index.search.slowlog.query] took[511.1ms], took_millis[511], types[], stats[], search_type[QUERY_THEN_FETCH], total_shards[1
0], source[{"query_binary":"ewogICAgICAgICJxdWVyeSI6ewogICAgICAgICAgImFuZCI6W3sKICAgICAgICAgICAgInJhbmdlIjp7CiAgICAgICAgICAgICAgImV2ZW50X2RhdGVUaW1lX3Byb2R1Y
3Rpb24iOnsKICAgICAgICAgICAgICAgICJndGUiOiIyMDE2LTEyLTIwVDAwOjAwOjAwIiwKICAgICAgICAgICAgICAgICJsdGUiOiIyMDE2LTEyLTIwVDIzOjU5OjU5IiwKICAgICAgICAgICAgICAgICJ0aW
1lX3pvbmUiOiAiRXVyb3BlL1BhcmlzIgogICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgICAgfSwgeyJleGlzdHMiOnsiZmllbGQiOiJ3YXRjaExlZ2FjeSJ9fSAsewogICAgICAgICAgCSJ
ub3QiOiB7CiAgICAgICAgICAJCSJtYXRjaCI6IHsKICAgICAgICAgIAkJCSJldmVudF9zdGF0dXNfY29kZV9mdWxsIjogIlRFTVRFTSIKICAgICAgICAgIAkJfQogICAgICAgICAgCX0KICAgICAgICAgIH1d
CiAgICAgICAgfSwKICAgICAgICAic2l6ZSI6MAogICAgICB9"}], extra_source[],

dadoonet · October 3, 2017, 1:33pm

Please format your code using </> icon as explained in this guide. It will make your post more readable.

Or use markdown style like:

```
CODE
```

query_binary was undocumented and has been removed in 5.0.
Out of curiosity, why are you using it?

jeannot · October 3, 2017, 3:00pm

Thanks for your answer. I understand why it was difficult to find a doc on this subject.
Also by curiosity; I'm trying to analyse performance on an elastic cluster.
I tried recently to increase the number of nodes without proving that it will be better.
Sometime the system hangs; on slow insert, I found some simple query with several seconds to insert.

On search, there are a lot of search around 500ms wich is not too good too and I wondering about the original query

[2017-10-03 10:26:37,203][INFO ][index.indexing.slowlog.index] took[6.4s], took_millis[6488], type[esProbe], id[a487f390-790a-4c08-86b7-7390e6b5cbd8], routing[] , source[{"application":"colis360","parcel_parcelReferences_ref":"6A14992183610","event_status_code_full":"AARCFM","producers_FileFlow_receivingDateTime":null,"event_places_site_code":"000844","esId":null,"producers_FileFlow_physicalName":"00084420170930152705844668720170930152705201","event_dateTime_production":"2017-09-30T15:26:40.374+02:00","producers_IdFlow":"DISURN","watchLegacy":"2017-10-03T03:51:11.426+02:00","indexMonth":"2017.09","correlationId":"00084420170930152705844668720170930152705201","event_places_site_network":"LA POSTE","header_productionDateTimeEAI":"2017-09-30T15:27:05.251+02:00","messageUuid":"a487f390-790a-4c08-86b7-7390e6b5cbd8","parcelUuid":"dac0de9f-a892-3cf8-b520-387d32a2106e","watchColis360":"2017-10-03T10:26:29.524+02:00"}]

dadoonet · October 3, 2017, 3:26pm

I was more curious about why you are using query_binary in your code. Are you?

jeannot · October 3, 2017, 4:56pm

No
It is extracted from the log cluster-search_index_search_slowlog.log
I thought there was a trick to exploit this kind of logs

dadoonet · October 3, 2017, 5:19pm

I see. Does it mean you don't know what the client applications are doing with your cluster?

jeannot · October 5, 2017, 7:44am

Well, you know, an administrator is not a developer.
When I was an Oracle DBA, I was first analysing slow queries and AFTER asking why it was developed like that.
I read that this log is now written in json format.
On the other hand, a basic "insert" can take more than 6s so there is something else to investigate.
thanks

system · November 2, 2017, 7:45am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.