Elasticsearch Slowlog methodology clarification

Hi all,
I've read through several sources on slowlogs and I can't get my head around how should I configure it.
To my understanding the granularity of the elasticsearch logging levels are from low to high: WARN, INFO, DEBUG, TRACE. To my understanding (and for simplicity sake) if WARN level provides details on an "X" level INFO is "2X" etc... i.e the higher we go the more verbose the log is with detail.
This is paired with a threshold in order catch operations that take longer than a specified time.

If that is the case the configuration should look something like this -
(I used seconds here just to make it clear that I'm going up with the time count along with the level of log granularity)

PUT /my_index/_settings {
"index.search.slowlog.threshold.query.warn" : "1s",
"index.search.slowlog.threshold.query.info" : "5s",
"index.search.slowlog.threshold.query.debug" : "10s",
"index.search.slowlog.threshold.query.trace" : "15s",

Did I understand it correctly? Does it make sense to configure "slowlogs" like that?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.