Kibana Logs UI query match_all

delphi · December 5, 2019, 9:43pm

Hi.

I'm using Kibana Logs UI to view my logs from my k8s pods. Although, when I do a simple query such as "kubernetes.pod.name: foo.bar" , I can check a high load on cluster and all Stack hangs.

Is that query doing a "match_all" documents from all matched indices? Is there way to deal with that?
(Other cached queries is ok).

Architecture: All my Stack is 7.4.2 (except Metricbeat 7.3.2) and running on k8s (Elastic Official Helm charts)

FIlebeat+Metricbeat (daemonsets) -> Elasticsearch
APM Agents -> APM Server -> Elasticsearch
Kibana -> Elasticsearch
Elasticsearch: Hot+Warm

03 hot nodes: 1TB SSD + 8CPU + 28GB RAM
03 warm nodes: 2TB SSD + 4CPU + 16GB RAM
03 shards - 0 Replica
Active indices -> Hot nodes
Read-only indices -> Warm nodes
I'm using ILM (rollover indices to warm nodes with 60GB (20gb/shard) and delete them after 20 days)

Index rate is 25k/s

system · January 2, 2020, 9:43pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Strange problem finding any documents/logs, other than from a specific container (Kubernetes) Kibana	2	689	October 28, 2020
List logs from all indices in Discover (Kibana) Kibana	11	4687	November 4, 2022
Can't find data when doing simple KQL query ( can see the log in general search) Kibana	4	2194	February 1, 2021
How to get Today's log in kibana dev Tools Kibana	4	4130	September 11, 2019
Use kibana to search in aggregated logs Kibana	4	285	April 30, 2019

Kibana Logs UI query match_all

Related topics