I have set-up elasticsearch 8 node cluster 3 master 3 data(500gb total 1.5 tb) +2 coordinate nodes each node have 16gb ram and 4 CPUs and it uses only 2 cpu.
In client side we have packbeat and winlogbeat pointing to kafka and kafka to logstash and logstash pointing to elasticsearch. And we have 15 clients.
In first 3 days it works fine but later the elasticsearch behaviour changed its search speed and query speed got slow which i saw in kibana you query is taking time something like that
And i have an index named log-wlb-sysmon in day 1 its size 1 then 4 gb in 2nd day 25gb in 3rd day and in 4th day it size was 121.9.All the index i have created have 3 shards and 1 replica each.
My question is why its size get bigger in each day and why its search and query speed getting slower
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.