Is there any way to retreive slowlog from all nodes (greping from one machine).
I query for all indices (from my_index_2011 to my_index_2018) [my_index_*], but on my machine I'm getting only logs for that machine/node_id.
Let's say I have a 3 data nodes (esdata01, esdata02 and esdata03). If I ssh to esdata01 and go to /elasticsearch/logs and grep elasticsearch_index_search_slowlog.log, I will get results only for shards on that machine:
[2020-03-10T10:38:30,036][WARN ][i.s.s.query ] [elasticsearch_esdata01] [my_index_2017][0] took[396.9micros], took_millis[0], total_hits[289 hits], types[], stats[], search_type[QUERY_THEN_FETCH], total_shards[10], source[{"from":0,"size":20,"query":{"bool":{"filter":[{"term":{"account_id":{"value":"1234567890","boost":1.0}}},{"term":{"currency_id":{"value":"000","boost":1.0}}},{"range":{"date":{"from":"2018-09-14","to":"2020-03-14","include_lower":true,"include_upper":true,"boost":1.0}}}],"adjust_pure_negative":true,"boost":1.0}},"sort":[{"date":{"order":"desc"}}]}], id[],
Do I really need to login on all data nodes, grep for logs and merge them and analyse or is there any way that I can trace shard hits for all nodes from a single machine only?
I've set in Kibana:
PUT /_all/_settings
{
"index.search.slowlog.threshold.query.warn": "0ms",
"index.search.slowlog.threshold.query.info": "0ms",
"index.search.slowlog.threshold.query.debug": "0ms",
"index.search.slowlog.threshold.query.trace": "0ms",
"index.search.slowlog.threshold.fetch.warn": "0ms",
"index.search.slowlog.threshold.fetch.info": "0ms",
"index.search.slowlog.threshold.fetch.debug": "0ms",
"index.search.slowlog.threshold.fetch.trace": "0ms",
"index.search.slowlog.level": "trace"
}
Will switch later to warn level and adjust times, but for now I need to trace everything, because I see some double results on my app.