Turn off source for search slow logs

Two questions:

  1. Per documentation, you can turn off source for indexing slow log by

    index.indexing.slowlog.source: 0 OR
    index.indexing.slowlog.source: false

I was wondering if there is a way to turn off source for search slow logs.

Business Justification: We do not want to log sensitive information (PII) in the logs that can breach any contracts with customers. Please let me know if that is doable or if there is any workaround for the same.

  1. In relation to above question: We enable slow logs for latency metrics. One quick observation is that the latency logged in slow logs for search is different than the one logged in the response payload.


Response Payload shows 10 ms

   "took": 10,
   "timed_out": false,
   "_shards": {
      "total": 5,
      "successful": 5,
      "failed": 0

Slow Log shows 0ms

[2017-01-11T06:32:21,452][INFO ][index.search.slowlog.query] [esdatanode1] [twitter] took[490.8micros], took_millis[0], types[], stats[], search_type[QUERY_THEN_FETCH], total_shards[5], source[{truncated}]

My best logical guess is that search logs are divided into query and fetch logs, plus the query is forwarded to each shard, in this case 5. So, the log pasted above is only for one shard and the latency is for fetching the data for that particular shard.

Assuming that my guess is correct, what is the best way to measure search and index latencies (We are using telegraf plugin for metrics as well). I didn't find a log that logs aggregated latency for all shards.

Thank you.

For 1. I have submitted a PR

See https://github.com/elastic/elasticsearch/issues/22683 for more info

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.