Hi!
We recently upgraded Elasticsearch and Kibana from 5.3.0 to 5.4.0 and since then we experience performance issues with dashboards and visualizations. Here is the query that is generated by Kibana for a visualization on the .monitoring-es-2-* index:
{
"query": {
"bool": {
"must": [
{
"query_string": {
"analyze_wildcard": true,
"query": "*"
}
},
{
"query_string": {
"analyze_wildcard": true,
"query": "*"
}
},
{
"range": {
"timestamp": {
"gte": 1495455394174,
"lte": 1495541794174,
"format": "epoch_millis"
}
}
}
],
"must_not": []
}
},
"size": 0,
"_source": {
"excludes": []
},
"aggs": {
"2": {
"date_histogram": {
"field": "timestamp",
"interval": "30m",
"time_zone": "Europe/Berlin",
"min_doc_count": 1
},
"aggs": {
"3": {
"terms": {
"field": "source_node.name",
"size": 30,
"order": {
"1": "desc"
}
},
"aggs": {
"1": {
"max": {
"field": "node_stats.process.cpu.percent"
}
}
}
}
}
}
},
"version": true,
"highlight": {
"pre_tags": [
"@kibana-highlighted-field@"
],
"post_tags": [
"@/kibana-highlighted-field@"
],
"fields": {
"*": {
"highlight_query": {
"bool": {
"must": [
{
"query_string": {
"analyze_wildcard": true,
"query": "*",
"all_fields": true
}
},
{
"query_string": {
"analyze_wildcard": true,
"query": "*",
"all_fields": true
}
},
{
"range": {
"timestamp": {
"gte": 1495455394174,
"lte": 1495541794174,
"format": "epoch_millis"
}
}
}
],
"must_not": []
}
}
}
},
"fragment_size": 2147483647
}
}
Side note: the query_string in the query and in the highlight_query are duplicated.
To analyze the problem we copied the query into the dev tools (sense) and executed them.
Using the exact same query results in a response time of 10+ seconds.
Removing the query_string blocks results in a response time of 1+ seconds.
As we experience the problem in Kibana, I decided to post it in this category, but it could be also a problem of Elasticsearch. What do you think?
I quickly compared the results with and without the query_string and I don't see any difference. Why is the query_string needed/used?
Thanks in advance for your help!