Increasing Performance

So I was wondering whats going to be the best way to increase the performance of our dashboards. Currently we do daily indexes, which are closed after 30 day and deleted after 90. Each index is also around 12Gb. We have 3 Elasticsearch nodes, each with 2 CPUs and 16Gb of memory. Each is averaging around 12% CPU usage, while memory is around 20% with spikes up to 35-40%.

Would closing after 7 or 14 days have any impact on the performance that we see within Kibana? How about changing our index model from daily to something else?

Which version of Elasticsearch are you using? What kind of storage do you have? How many shards, primary and replica, do you generate per day?

What does CPU and disk I/O look like when you are refreshing a dashboard that is slow to respond? What kind of latencies are you seeing?

  • Verions 2.1.1
  • Currently the elasticsearch nodes are VMs, moving to physical within a few months, so they are VMDKs on iSCSI EMC VNX storage
  • 3 shards/3 replicas per daily index
  • CPU and disk I/O spike are very minimal
  • Dashboards take about 10 seconds per refresh