My Googlefu must not be strong. When using Elasticsearch 8.x, how does one limit how long a query runs or how many resources a query consumes. We're noticing possible denial of service attacks from certain people running very expensive search queries (or maybe it is just accidental).
If you could point me to the section of the docs that has this info, I'd greatly appreciate it. I tried reading through most of the manual but don't remember seeing this info.
As mentioned you can use the setting search.allow_expensive_queries to disable expensive queries, but keep in mind that if you use the Alerts interface of Kiban, this will break the Alerts, as expensive queries are needed for it to work.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.