Hi Experts ,
My kibana is very slow , it takes 15 -30 sec to show data , so I was cheeking the ES1.7.1 search slow logs . This is what I found , please help me to understand what could be the cause of this slowness.
[2016-03-11 01:48:17,639][WARN ][index.search.slowlog.query] [Free Spirit] [cef-2016-03-10][1] took[23.4s], took_millis[23466], types[], stats[], search_type[COUNT], total_shards[5], source[{"query":{"filtered":{"query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":{"bool":{"must":[{"query":{"match":{"priority":{"query":"High","type":"phrase"}}}},{"query":{"query_string":{"analyze_wildcard":true,"query":"*"}}},{"range":{"rt":{"gte":1457074687975,"lte":1457679487975}}}],"must_not":[]}}}},"size":0,"aggs":{"2":{"terms":{"field":"alertmsg","size":50,"order":{"_count":"desc"}}}}}], extra_source[],
My Resources are
RAM total :- 32 GB
ES heap size :- 9 GB
Data :- CISCO , ASA, Damballa logs ..etc and most of the fields are not analyzed with doc value true.
No of nodes :- 2
No of shards each node :-5
No of replicas :-1
Total documents :- 16714351
ES YML configrtion
cluster.name: e-3
transport.tcp.port: port range
http.port: Port range
discovery.zen.ping.multicast.enabled: false
discovery.zen.ping.unicast.hosts: ["IP1","IP2"]
index.search.slowlog.threshold.query.warn: 10s
index.search.slowlog.threshold.fetch.warn: 1s
index.indexing.slowlog.threshold.index.warn: 10s
I do not see any errors in ES logs except warning in the slow logs.Please help me to understand what causes this slowness .
Regards
Vikas