Kibana Discovery UI Slow

Prefacing this with: There are numerous long code blocks in this post.

The default Discovery tab in Kibana takes between 120000ms and 150000ms to return the last 15 minutes of logs. We are using monthly indices in a hot/warm configuration. Here's the request snippet

{
  "version": true,
  "size": 500,
  "sort": [
{
  "@timestamp": {
    "order": "desc",
    "unmapped_type": "boolean"
  }
}
  ],
  "aggs": {
"2": {
  "date_histogram": {
    "field": "@timestamp",
    "fixed_interval": "30s",
    "time_zone": "America/Chicago",
    "min_doc_count": 1
  }
}
  },
  "stored_fields": [
"*"
  ],
  "script_fields": {},
  "docvalue_fields": [
{
  "field": "@timestamp",
  "format": "date_time"
},
{
  "field": "log_timestamp",
  "format": "date_time"
},
{
  "field": "nginx.access.time",
  "format": "date_time"
},
{
  "field": "timestamp8601",
  "format": "date_time"
}
  ],
  "_source": {
"excludes": []
  },
  "query": {
"bool": {
  "must": [],
  "filter": [
    {
      "match_all": {}
    },
    {
      "range": {
        "@timestamp": {
          "gte": "2020-03-02T14:26:47.096Z",
          "lte": "2020-03-02T14:41:47.096Z",
          "format": "strict_date_optional_time"
        }
      }
    }
  ],
  "should": [],
  "must_not": []
}
  },
  "highlight": {
"pre_tags": [
  "@kibana-highlighted-field@"
],
"post_tags": [
  "@/kibana-highlighted-field@"
],
"fields": {
  "*": {}
},
"fragment_size": 2147483647
  }
}

Ran out of characters here's what got left off:
This returns either results or returns the following (both the request and response were gathered using the Inspect tool in Discovery

{
  "ok": false,
  "message": "backend closed connection"
}

I have tried scaling the Kibana instance to no-avail, this leads me closer to believing it's a mapping issue of some sort. I don't have enough characters to post the mapping so I can link it externally if needed.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.