Thanks guys for the thoughts. Plugins didn't even occur to me, but they should have.
We've got Marvel, Head, and ElasticHQ installed. Is there some way to tell where the search is coming from? Something like an HTTP access log or something? Thanks again for your time! Chris On Wed, Aug 20, 2014 at 3:57 PM, Itamar Syn-Hershko <[email protected]> wrote: > I thought of Kibana because there's a faceting operation on the _type > field. But I doubt neither Marvel nor Kibana would issue such an awful > query (notice the "fquery" bit, too). > > Any part of your system (plugin or other) which might want to look at the > types of documents added to an ES index? > > -- > > Itamar Syn-Hershko > http://code972.com | @synhershko <https://twitter.com/synhershko> > Freelance Developer & Consultant > Author of RavenDB in Action <http://manning.com/synhershko/> > > > On Wed, Aug 20, 2014 at 11:53 PM, Ivan Brusic <[email protected]> wrote: > >> Very strange query indeed. Wildcard search filtered by a match_all. >> What?!? >> >> It is not Elasticsearch, but perhaps some plugin. Itamar mentioned >> Kibana, although you did not mention it in your post. Any other plugins? >> Marvel? >> >> -- >> Ivan >> >> >> On Wed, Aug 20, 2014 at 12:43 PM, Itamar Syn-Hershko <[email protected]> >> wrote: >> >>> There is no such thing as query "internal to ES", if you see this in the >>> logs you have a client making it. I would point to a Kibana instance but >>> I'm pretty sure Kibana won't use a query_string query like this. >>> >>> And yes this is quite an expensive query (and facets) to run on a decent >>> sized installation. >>> >>> -- >>> >>> Itamar Syn-Hershko >>> http://code972.com | @synhershko <https://twitter.com/synhershko> >>> Freelance Developer & Consultant >>> Author of RavenDB in Action <http://manning.com/synhershko/> >>> >>> >>> On Wed, Aug 20, 2014 at 10:14 PM, Chris Neal <[email protected]> >>> wrote: >>> >>>> Hi guys, >>>> >>>> I'm working through some performance concerns in my cluster, and I >>>> turned on the slow log feature. I'm seeing this in the >>>> index_search_slowlog.log log: >>>> >>>> [2014-08-20 06:37:52,734][INFO ][index.search.slowlog.query] >>>> [elasticsearch-ip-10-0-0-41] [index-20140731][0] took[6s], >>>> took_millis[6081], types[], stats[], search_type[QUERY_TH >>>> EN_FETCH], total_shards[86], >>>> source[{"facets":{"terms":{"terms":{"field":"_type","size":100,"order":"count","exclude":[]},"facet_filter":{"fquery":{"query":{"filtered":{"query":{"bool":{"should":[{"query_string":{"query":"*"}}]}},"filter":{"bool":{"must":[{"match_all":{}}]}}}}}}}},"size":0}], >>>> extra_source[], >>>> >>>> Is that a user generated search, or something internal to ES maybe? I >>>> can't even tell what it's trying to do. It seems to hit every one of my >>>> indexes though, as the same search query is logged 63 times in a one minute >>>> period. >>>> >>>> Any ideas what this is? Is it something to be concerned about? >>>> >>>> Thanks for the help! >>>> Chris >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "elasticsearch" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To view this discussion on the web visit >>>> https://groups.google.com/d/msgid/elasticsearch/CAND3Dpj7BzbaNva9B7JNFOeeaC9SrYWCEnvzTJgx2-AQeT478w%40mail.gmail.com >>>> <https://groups.google.com/d/msgid/elasticsearch/CAND3Dpj7BzbaNva9B7JNFOeeaC9SrYWCEnvzTJgx2-AQeT478w%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>> . >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "elasticsearch" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/elasticsearch/CAHTr4ZvzAbbWYHP%3DEAWb4LgZ7XxiKMK6ES%2BrG_M%2BLGG%2BHjDgDQ%40mail.gmail.com >>> <https://groups.google.com/d/msgid/elasticsearch/CAHTr4ZvzAbbWYHP%3DEAWb4LgZ7XxiKMK6ES%2BrG_M%2BLGG%2BHjDgDQ%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "elasticsearch" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/elasticsearch/CALY%3DcQCtyAG3B7-uWU%2BuRa416c%2Bz%2BDA3fEpSDDKW_r%2BdUv%3Dfhg%40mail.gmail.com >> <https://groups.google.com/d/msgid/elasticsearch/CALY%3DcQCtyAG3B7-uWU%2BuRa416c%2Bz%2BDA3fEpSDDKW_r%2BdUv%3Dfhg%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> >> For more options, visit https://groups.google.com/d/optout. >> > > -- > You received this message because you are subscribed to the Google Groups > "elasticsearch" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/elasticsearch/CAHTr4Zsqcw9eDQS427E%2BwebLqhy%3DYa76M3DkPJ%3DxAJ5p1oCsXw%40mail.gmail.com > <https://groups.google.com/d/msgid/elasticsearch/CAHTr4Zsqcw9eDQS427E%2BwebLqhy%3DYa76M3DkPJ%3DxAJ5p1oCsXw%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAND3DpgYfDZfg7pJN%3DkJ%3D_R3Tvec%3D2fVu5mt%3DM7_cg9hUhEJSg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
