The node is using dm-crypt to encrypt data at rest which is why we added 2 more cores to compensate for the additional overheard (though I have read that it should only add between 1-5% overhead).
We have approximately 40 million documents indexed and about 300K daily being indexed. Our indexing strategy by default is using daily indexing using logstash-(yyyy-mm-dd) format . While monitoring the load the master rarely tops 4+ but the node can sometimes go up to 16 and then in about 20 minutes or so start tapering off. I can't understand why there is such a high load going through the node and the master seems unphased by the amount of data we are sending into elasticsearch. Please help!
If I'm reading this correct you have one node that is a dedicated master and another node that is a dedicated data node, right?
In such a configuration it's quite normal that you only see a high load on the data node, since this is the node being mostly affected by indexing documents. The master will not do much more than deciding where to put the index and updating the cluster state when a new field arrives. While the data node will do the real work like analyzing your data and storing it etc.
So what you are seeing is actually quite normal. The other way around (high load on the master) would be something to worry about.
Thank you for your insight I really appreciate it. Glad to hear that what I am seeing is actually normal. After much more investigation we found out that the load was getting out of control because of slow disks on an over provisioned hypervisor. The I/O wait times were getting ridiculous so we moved the VM over to another hypevisor backed by a RAID 10 SAN and poof, the problems went away.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.