How do we enable slow search queries logging in Elasticsearch?

Elastic Stack Elasticsearch
1

The slow log settings are node settings and not index settings, so you can't change these settings via the update index settings api.

You can change these settings via the cluster update api:

PUT /_cluster/settings
{
 "transient": {
 "index.search.slowlog.threshold.query.warn": "60s",
 "index.search.slowlog.threshold.query.info": "50s",
 "index.search.slowlog.threshold.query.debug": "40s",
 "index.search.slowlog.threshold.query.trace": "20s",
 "index.search.slowlog.threshold.fetch.warn": "30s",
 "index.search.slowlog.threshold.fetch.info": "50s",
 "index.search.slowlog.threshold.fetch.debug": "40s",
 "index.search.slowlog.threshold.fetch.trace": "20s",
 "index.indexing.slowlog.threshold.index.warn": "60s",
 "index.indexing.slowlog.threshold.index.info": "50s",
 "index.indexing.slowlog.threshold.index.debug": "40s",
 "index.indexing.slowlog.threshold.index.trace": "20s"
 }
}

For more info, see the slow log documentation page.

1 Like
2

HI,

I happened to change this setting once for debugging purpose.
A few indices were created with this setting.

Now I need to reset it back.
I tried doing put and it gets acknowledged as well but slow log threshold does not change from index settings.
Is there any way to verify if slow log settings are saved and applied in the cluster ?

Thanks.

3

This doesn't work, i am looking for api which can be used to set the above slow-log in my cluster

How can we do this via. ES api ? Is it possible ?

I am using :
curl -XPUT http://:9200/_cluster/settings -d '{ "transient" : { "index.search.slowlog.threshold.query.warn": "60s" } }'

And got the below response
{"acknowledged":true,"persistent":{},"transient":{}}

Please suggest !! Thanks in advance