Kibana 4 Running ordinary search so so slow

shilong · December 11, 2015, 11:35pm

Hi is there any one can help me this issue?

How come Kibana 4 Running ordinary search so so slow, I use the apache access logs for the raw data, I just search the goolebot and load last 60 days, it actually really take a long time. I am crazy.

I am wondering if I need to figure out the elastic index or query problem?

Thanks,

warkolm · December 11, 2015, 11:48pm

KB just reads from ES, so if it is slow then it's likely ES is having issues.

Are you monitoring your stack?

shilong · December 12, 2015, 4:45pm

Thanks for you reply. I am wondering what is the monitor you refer to? Any plugins, cause we just use one node, so I am unsure if it is doable for the monitor? Thanks again.

warkolm · December 12, 2015, 8:29pm

Check out Marvel - https://www.elastic.co/downloads/marvel

shilong · December 13, 2015, 4:44pm

Thanks, any free plugin that can be instead of Marvel, I think it is a pricing tool.

warkolm · December 13, 2015, 8:48pm

Marvel is free.

german23 · December 14, 2015, 12:35pm

only Marvel 2.X is free to use right? Marvel for ESCluster 1.X still require license.

shilong · December 14, 2015, 8:02pm

Hi @warkolm Thanks for your help, I think I have already figured out how to install Marvel at the ELK.
just see the data, I am unsure if i need to increase the nodes or clusters, cause to search one item at Kibana, it loading so slowly.

Cluster: elasticsearchStatus: YellowNodes: 1Indices: 51Memory: 765MB / 4GBTotal Shards: 438Unassigned Shards: 219Documents: 194,253,753Data: 127GBUptime: 6 minutesVersion: 2.1.0

warkolm · December 14, 2015, 8:53pm

It requires a license, but it's a free license.

warkolm · December 14, 2015, 8:54pm

What is the load on the system like?

shilong · December 14, 2015, 9:07pm

it should always take more than 1 min to load the data, if I select year to date and then i search agent:googlebot AND response:404, that is what i am getting trouble. I am unsure what is the good level from the Marvel, in terms of the speed for searching the data by Kibana search box, it is not a good idea. Thanks for the reply. Very Appreciated.

warkolm · December 14, 2015, 9:34pm

It sounds like you are overloading your cluster, running a query over a years worth of data is likely to be slow given you only have 4GB of heap.

Try giving more resources to your cluster.

shilong · December 14, 2015, 9:40pm

Sounds good, I am going to consider doing these things

add nodes;
add clusters;
add more resources to the cluster as you mentioned, it is said that 4GB memory to 16 GB

any helpful doing so?

btw, what is the i ideal time response in general for running 1 year data with the AND search query ? Thanks ：）

warkolm · December 14, 2015, 10:03pm

That depends on too many things to say.

shilong · December 14, 2015, 10:22pm

OK, i will do some more research and Thank you again.

ebuildy · November 8, 2016, 12:08pm

It slows because Kibana is using msearch, mean searches in parallel . You can see an AJAX call to "/elasticsearch/_msearch".

You need lot of RAM on the node.

Topic		Replies	Views
Performance issues that make no sense Kibana	10	1244	July 28, 2017
Is Kabana able to deal with an index of 2 billions docs? Kibana	4	942	July 6, 2017
Kibana is running but extremely slow Kibana	2	1916	August 25, 2021
Elasticsearch and Kibana in v7.6.2 are loading slowly Kibana	10	767	June 12, 2020
Kibana is extremely slow (Loading graphs) Kibana	4	892	November 28, 2023

Kibana 4 Running ordinary search so so slow

Related Topics