How do you limit how long a search query will run for or how much resources one query can use?

My Googlefu must not be strong. When using Elasticsearch 8.x, how does one limit how long a query runs or how many resources a query consumes. We're noticing possible denial of service attacks from certain people running very expensive search queries (or maybe it is just accidental).

If you could point me to the section of the docs that has this info, I'd greatly appreciate it. I tried reading through most of the manual but don't remember seeing this info.


There is nothing in Elasticsearch that allows you to limit resources or query execution time per user or query, but you can prevent expensive queries from being run and limit max buckets for aggregation and the depth of query clauses.

1 Like

As mentioned you can use the setting search.allow_expensive_queries to disable expensive queries, but keep in mind that if you use the Alerts interface of Kiban, this will break the Alerts, as expensive queries are needed for it to work.

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.