High CPU Utilisation in 8.11.4

Elastic Stack Elasticsearch
1

We are using ELK version 8.11.4 and we have 6 hot nodes and 3 warm nodes and 3 master nodes 2 coordinator nodes

When users try to query in kibana discover for example field : value OR field1 : value2 , in the backend (elasticsearch) cpu will gradually increases to 90 ,95,98 until task is completed. Sometimes users try to search more fields values.

If we see query is running is from last 9 minutes we will cancel the task because if we fail to do so kibana will crash. But the thing is who will stop the users and how many times we will cancel the task.

Our ELK cluster is pretty good in hardware 8 core CPU 32 GB heap size in data and warm nodes and 125 shards we are maintaining in Hot and 300 in warm.

CPU Utilisation is High only in Hot nodes. Anyone tell me how to optimise the query and the performance.

2

What are the disk types? The disk type can have a huge influence on the performance.

Do you have SSD/Nvme on Hot nodes and HDD on warm nodes?

3

Hi @leandrojmp ,

We have SSDs in hot and warm nodes.

4

Is it local SSDs or some type of networked storage backed by SSDs?

5

We have deployed cluster on-prem so its may be local ssd

6

Can anyone tell me if an index has 50,000 fields and dynamic mapping is there will it cause CPU saturation?

7

Can you provide the output of the hot threads API, captured when the CPU usage is high?

8

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.