Hello Everyone!
I am doing a proof of concept with ELK and I have the following doubts regarding specifically Kibana.
My hardware
Core I5 quad core
16GB RAM
Linux OS Ubuntu Server
JVM for Elasticsearch 5.4 8GB Heap
Kibana 5.4
1 - In my tests, I see that Kibana takes a lot of time to load indexes above 1000 fields. It takes time to set the indices on Kibana and the discovery process. One tactic I used was to load a document into the index to speed up loading in kibana to set the timestamp field. Is there a way to improve this load in the first configuration of the index and in the discovery process?
2- On scripts fields, I saw that the community recommendation is to use scripts moderately because it can impact performance depending on the complexity of the script. In my case I am doing a test using 7 fields scripts with the following code:
Painless
If (doc ['FIELD1.keyword']. Value == "Y") {return "OUTPUT"} else If (doc ['FIELD1.keyword']. Value == "Z") {return "OTHER"}
I was surprised by the delay in the loading time of only 2,000 documents (5 minutes approx). Is this behavior normal or is there really a performance problem when I use relatively simple
scripts? How can I improve this?
3 - On Painless for parameters, can you set the parameter value to a value of a field?
4 - Another doubt and about functions in Painless. How can I create a function and within that function read fields. My example below the error because the function does not know the field I'm trying to read:
Painless
String my_test (x) {
If (doc ['field1']. Value == X) {
Return 0
} Else {
Return 1
}
In this example error returns because the function does not recognize the doc ['field1']. Value. How can I resolve this?
Thanks in advance to everyone.
Best regards
Rodrigo Tornis