Hi all,
By request this is a re-post from what I've posted in the ES forum as it supposedly has something to do with Kibana.
When logstash posts even a single document to ElasticSearch, it takes about 4 minutes for it to show up in Kibana.
I installed the ELK stack (ES5.3) on a fresh Debian install on old hardware.
The machine has 8Gb RAM, a 2 Ghz AMD Athlon CPU and a 7200RPM drive (using the deadline scheduler because it performs best on this particular hardware.)
I've monitored the calls from LS to ES and those get sent pretty much instantly after LS receives the message.
I've also done some manual (CURL) posting through ES's API using "refresh=wait_for" switch.
The call returns in about 3 to 4 seconds.
However, before the data appears in Kibana takes about 4 minutes!
(Yes, I'm performing a wildcard search in the discover screen, every 5 minutes)
I read that data should be searchable after about 1 second on decent hardware.
My hardware may not be great but it seems to cope quite well. No bizarre CPU or disk usage.
My cluster state is yellow (there's only one instance of ES in "the cluster")
The memory locking warnings I used to have were solved and everything seems peachy.
But why this thing takes so long is beyond me.
I haven't been able to enable the index slow log. For some reason I can't make that work.
Any pointers / suggestions?
Thanks in advance!
