Elasticsearch async search very slow

I'm running queries on a 3 node cluster. Simple query_string query with some wildcards. When i use _search, it takes about 10-15 ms to execute the query but when using _async_search query time goes up to around 300 000 ms. Can anybody help, what could be wrong? The queries are exactly the same, Elasticsearch 7.17.5 has 8 GB heap set, 2 vcores, nothing else is running on those machines. The data set is on 1 shard and occupies ~160 GB (this is a test env.) No matter if i search in one index or multiple indexes, it's very_veeery_veeeeery slow. Maybe a "hidden" setting should be adjusted to get acceptable performance? Thank you!

Welcome to our community! :smiley:

Why are you using async if it's that fast normally? Please also share your query.

The business req. is to search in a huge amount of log records in a case insensitive manner w. wildcards (to search for anything, anyhow). Sometimes these take longer and we receive SocketTimeoutException, so the "saying" is to search asynchronously and polling ES with the query ID if it has finished or not. Once the relevant records are identified, the data is queried synchronously with the document id list and w. search_after. That's why i need async search.
The query is irrelevant, practically all queries run 10x 20x times slower when using async search.
A sample req:

POST somindex/_async_search?allow_partial_search_results=true&request_cache=true&wait_for_completion_timeout=0s
{
  "track_total_hits": true,
  "size": 2000,
  "query": {
    "query_string": {
      "default_field": "original_data",
      "query": "*text1* AND *text2*"
    }
  },
  "_source": "mqBody.id"
}

I just haven't found any posts or issues on incredibly slow async search, so i thought there might be some misconfiguration on our site. Or...simply nobody uses async search because it is really that slow?

Are you saying that a query that in normal mode takes 15ms all of a sudden taken 5 minutes when run in async mode?

This statement seem to contradict the previous one. 20 times 15ms is only 300ms, not 5 minutes.

It would be useful to get some real data and practical examples.

Be aware that async search is designed for handling long running queries and does a lot more work than a simple search in that it handles the execution of the query and recording of partial results that are used to get the final result.

Yes, your're right, sorry, i confused seconds w. milliseconds. _seach w. the above query runs for ~15ms, with _async_search it runs for ~300 000 ms.
Unfortunately i can't share any data because it's strictly confidential. But i must explain to our customer why we can't use async or if we do, why it will be so painfully slow.
In case there's some more deatiled documentation then the official one for diving deeper into how async search works under the hood, i'd really appreciate it.
As far as i know, simple search results are also stored in the .search system index, so the fact that query result are stored, in itself doesn't explain this huge difference in running times.

So it increases from 15ms to 5 minutes (300s = 300000ms)? I find that hard to believe.

The result of normal queries are not persisted to disk at any stage.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.