Performance of Elasticsearch running in one node

cterron · December 9, 2015, 6:46pm

Hi

I'm dealing with a weird ElasticSearch configuration. This system runs in a machine with 16 Gb of RAM with two cores, with 9 Gb reserve to ES and other process running on the machine. I know, I have read several docs about performance and all those docs recommend using half of the RAM and leave the rest to use by the buffer cache of the system. But I have to use this configuration. I'm storing data similar to syslog entries, but using a custom mapping and searching free text, returned it ordered by a timestamp. Data is distributed in several indexes (one day has more than one indexs). In my current test bed I have about 30M of docs and 180 shards. I've configured the ES to use only one shard and the refresh interval set to 60 seconds. System is receiving data continually receiving data. I know performance will not be stellar but ... , this is

What may be an acceptable performance numbers with this configuration? What can I do to improve it?

Thanks

magnusbaeck · December 9, 2015, 6:53pm

How much data in total? 180 shards on a single 9 GB node is a lot and I'd try to decrease that. Do you really need daily indexes?

cterron · December 9, 2015, 9:03pm

Hi Magnus

Thanks for the answer. Well this is an inherited settings :(. I'm trying to figure what are the correct steps to improve the performance within the constraints I have.

magnusbaeck · December 9, 2015, 9:06pm

And those constraints force you to have daily indexes, or what are you saying? Are you aware of index aliases?

cterron · December 9, 2015, 9:14pm

Hi Magnus

I know that with those hardware is impossible to use those number of shards with daily index.I'm going to talk with the develop team to change the index structure to use fewer indexes and use aliases and benchmark the results.

Thanks again for your response