CODEWITHSUNDEEP
elasticsearchelasticsearch-dsl
level_zebra
level_zebra

Reputation: 1533

Enabling Search Slow Log in ElasticSearch

How can I enable the search slow log in elastic search.

I am using ES version 5.2

I have tried running the below command but this doesn't seem to be working. Nothing appears to be written to file.

PUT /articles-dev-19-06-2017-15-20-48/_settings
{
"index.search.slowlog.threshold.query.warn": "10s",
"index.search.slowlog.threshold.query.info": "5s",
"index.search.slowlog.threshold.query.debug": "2s",
"index.search.slowlog.threshold.query.trace": "500ms",
"index.search.slowlog.threshold.fetch.warn": "1s",
"index.search.slowlog.threshold.fetch.info": "800ms",
"index.search.slowlog.threshold.fetch.debug": "500ms",
"index.search.slowlog.threshold.fetch.trace": "200ms",
"index.indexing.slowlog.threshold.index.warn": "10s",
"index.indexing.slowlog.threshold.index.info": "5s",
"index.indexing.slowlog.threshold.index.debug": "2s",
"index.indexing.slowlog.threshold.index.trace": "500ms",
"index.indexing.slowlog.level": "trace",
"index.indexing.slowlog.source": "100"
}

Here are the settings on the index

{
  "articles-dev-19-06-2017-15-20-48": {
    "settings": {
      "index": {
        "search": {
          "slowlog": {
            "threshold": {
              "fetch": {
                "warn": "1s",
                "trace": "200ms",
                "debug": "500ms",
                "info": "800ms"
              },
              "query": {
                "warn": "10s",
                "trace": "500ms",
                "debug": "2s",
                "info": "5s"
              }
            }
          }
        },
        "indexing": {
          "slowlog": {
            "level": "trace",
            "threshold": {
              "index": {
                "warn": "10s",
                "trace": "500ms",
                "debug": "2s",
                "info": "5s"
              }
            },
            "source": "100"
          }
        },
        "number_of_shards": "2",
        "provided_name": "advice-articles-dev-19-06-2017-15-20-48",
        "creation_date": "1497885649676",

Upvotes: 3

Views: 9800

Answers (2)

IvanD
IvanD

Reputation: 8321

Elasticsearch operations often execute in microseconds. Therefore, they will not be captured even by your most aggressive settings.

To test it, you should set your warn settings to 0 seconds, which will catch everything:

PUT /articles-dev-19-06-2017-15-20-48/_settings
{"index.search.slowlog.threshold.query.warn": "0s",
"index.search.slowlog.threshold.fetch.warn": "0s",
"index.indexing.slowlog.threshold.index.warn": "0s"
}

Check your logs after that. If they start filling up, you will know it is working.

After you are happy that it works, just set it back to the value that you want it to operate for the long term. Example:

PUT /articles-dev-19-06-2017-15-20-48/_settings
{"index.search.slowlog.threshold.query.warn": "10s",
"index.search.slowlog.threshold.fetch.warn": "10s",
"index.indexing.slowlog.threshold.index.warn": "10s"
}

Upvotes: 3

shan
shan

Reputation: 288

May be the queries you running are not slow enough to log them. - You can change the settings to 1ms and see if that helps. I tried these settings and it worked for me.

Tried with some random wildcard query :

{ "query": { "bool": { "must": { "wildcard": { "message": "*123*" } } } } }

Upvotes: 1

Related Questions