elasticsearch_node_indices_search_time_query.md 2.2 KB
Understand the alert
This alert is triggered when the average search time for Elasticsearch queries has been higher than the defined warning thresholds. If you receive this alert, it means that your search performance is degraded, and queries are running slower than usual.
What does search performance mean?
Search performance in Elasticsearch refers to how quickly and efficiently search queries are executed, and the respective results are returned. Good search performance is essential for providing fast and relevant results in applications and services relying on Elasticsearch for their search capabilities.
What causes degraded search performance?
Several factors can cause search performance degradation, including:
- High system load, causing CPU, memory or disk I/O bottlenecks
- Poorly optimized search queries
- High query rate, resulting in a large number of concurrent queries
- Insufficient hardware or resources allocated to Elasticsearch
Troubleshoot the alert
Check the Elasticsearch logs for any error messages or warnings:
cat /var/log/elasticsearch/elasticsearch.logMonitor the system resources (CPU, memory, and disk I/O) using tools like
top,vmstat, andiotop. Determine if there are any resource bottlenecks affecting the search performance.Analyze and optimize the slow search queries by using the Elasticsearch Slow Log.
Evaluate the cluster health status by running the following Elasticsearch API command:
curl -XGET 'http://localhost:9200/_cluster/health?pretty'
Check for any issues that may be impacting the search performance.
Assess the number of concurrent queries and, if possible, reduce the query rate or distribute the load among additional Elasticsearch nodes.
If the issue persists, consider scaling up your Elasticsearch deployment or allocating additional resources to the affected nodes to improve their performance.