My Googlefu must not be strong. When using Elasticsearch 8.x, how does one limit how long a query runs or how many resources a query consumes. We're noticing possible denial of service attacks from certain people running very expensive search queries (or maybe it is just accidental).
If you could point me to the section of the docs that has this info, I'd greatly appreciate it. I tried reading through most of the manual but don't remember seeing this info.
Thanks!
There is nothing in Elasticsearch that allows you to limit resources or query execution time per user or query, but you can prevent expensive queries from being run and limit max buckets for aggregation and the depth of query clauses.
As mentioned you can use the setting search.allow_expensive_queries to disable expensive queries, but keep in mind that if you use the Alerts interface of Kiban, this will break the Alerts, as expensive queries are needed for it to work.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.