Slow log format - How to read the log?

AClerk · June 26, 2020, 6:47am

Hi,
I wanted to check queries run time.
Enabled slowlog on the cluster.
How can I know what query has been run?
This is a sample from the log:

{
    "type": "index_search_slowlog",
    "timestamp": "2020-06-26T16:38:07,561+10:00",
    "level": "WARN",
    "component": "i.s.s.q.duiHrIa1T8CEl4bNwMkBbw",
    "cluster.name": "cluster_name",
    "node.name": "AU01ELS00V03",
    "message": "[index1-2020-06-26-09][0]",
    "took": "2.7ms",
    "took_millis": "2",
    "total_hits": "2590 hits",
    "types": "[]",
    "stats": "[]",
    "search_type": "QUERY_THEN_FETCH",
    "total_shards": "36",
    "source": "{\"size\":0,\"timeout\":\"30000ms\",\"query\":{\"bool\":{\"filter\":[{\"match_all\":{\"boost\":1.0}},{\"match_all\":{\"boost\":1.0}},{\"match_phrase\":{\"msg_source_type_name.keyword\":{\"query\":\"Syslog - Juniper SSL VPN\",\"slop\":0,\"zero_terms_query\":\"NONE\",\"boost\":1.0}}},{\"match_phrase\":{\"log_source_name.keyword\":{\"query\":\"10.108.19.182 Juniper SSL VPN-VRPPSA-01\",\"slop\":0,\"zero_terms_query\":\"NONE\",\"boost\":1.0}}},{\"match_phrase\":{\"common_event_name.keyword\":{\"query\":\"VPN Session Started\",\"slop\":0,\"zero_terms_query\":\"NONE\",\"boost\":1.0}}},{\"range\":{\"timestamp\":{\"from\":null,\"to\":null,\"include_lower\":true,\"include_upper\":true,\"boost\":1.0}}}],\"adjust_pure_negative\":true,\"boost\":1.0}},\"_source\":{\"includes\":[],\"excludes\":[]},\"stored_fields\":\"*\",\"docvalue_fields\":[{\"field\":\"msg_date\",\"format\":\"date_time\"},{\"field\":\"normal_msg_date\",\"format\":\"date_time\"},{\"field\":\"timestamp\",\"format\":\"date_time\"}],\"script_fields\":{},\"track_total_hits\":2147483647,\"aggregations\":{\"2\":{\"filters\":{\"filters\":{\"common_event_name.keyword : \\\"Connection Closed\\\" \":{\"bool\":{\"filter\":[{\"bool\":{\"should\":[{\"match_phrase\":{\"common_event_name.keyword\":{\"query\":\"Connection Closed\",\"slop\":0,\"zero_terms_query\":\"NONE\",\"boost\":1.0}}}],\"adjust_pure_negative\":true,\"minimum_should_match\":\"1\",\"boost\":1.0}}],\"adjust_pure_negative\":true,\"boost\":1.0}},\"common_event_name.keyword : \\\"Tunnel Created\\\" \":{\"bool\":{\"filter\":[{\"bool\":{\"should\":[{\"match_phrase\":{\"common_event_name.keyword\":{\"query\":\"Tunnel Created\",\"slop\":0,\"zero_terms_query\":\"NONE\",\"boost\":1.0}}}],\"adjust_pure_negative\":true,\"minimum_should_match\":\"1\",\"boost\":1.0}}],\"adjust_pure_negative\":true,\"boost\":1.0}}},\"other_bucket\":false,\"other_bucket_key\":\"_other_\"}}}}",
    "cluster.uuid": "O_tH6qaKRHWJ2d1TcWyH1w",
    "node.id": "mgaMq1-7Qxa1Hi65LbQMMA"

Or in other words, how to read the log?

Thanks

Vinayak_Sapre · June 27, 2020, 1:57am

See "source" attribute

system · July 25, 2020, 1:57am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.