Failed execution of ESQL query and high cpu load

AngelaChuang · November 13, 2023, 12:49pm

In /app/management/kibana/dataViews, find the one with tag Security Data View, click on it. Select Edit, remove logs-*, from both Name field and Index pattern field
Visit /app/security/timelines , create a new timeline or update an existing timeline, click ES|QL tab, remove logs-* from the query and click Update.
Whenever you use ESQL query, try not to include logs-* in the query and observe if the performance improved.

Topic		Replies	Views
Simple queries takes lots of time and uses 100% cpu Elasticsearch	34	3745	December 30, 2019
How to improve performance in this case? Elasticsearch	7	758	September 23, 2019
High CPU usage Elasticsearch	2	1590	July 5, 2017
Slow queries in elastic server in slow query log Elasticsearch	1	562	July 6, 2017
Elasticsearch query slow response via kibana console Kibana docker	19	4337	March 25, 2020