Hi Chris, This is actually Kibana. The reason it uses query_string is to allow people some kind of syntax in their query with no query parsing on the client side. Just a decision which I guess was made long ago to keep things simple.
Is this a problem for you in any way? Cheers, Boaz On Thursday, August 21, 2014 6:37:02 PM UTC+2, Chris Neal wrote: > > Done. Will report back. > > Thank you! > > > > On Thu, Aug 21, 2014 at 11:27 AM, Itamar Syn-Hershko <[email protected]> > wrote: > >> I'm going to bet on Head. Disable it and see what happens. >> >> -- >> >> Itamar Syn-Hershko >> http://code972.com | @synhershko <https://twitter.com/synhershko> >> Freelance Developer & Consultant >> Author of RavenDB in Action <http://manning.com/synhershko/> >> >> >> On Thu, Aug 21, 2014 at 7:22 PM, Chris Neal <[email protected]> >> wrote: >> >>> Thanks guys for the thoughts. Plugins didn't even occur to me, but they >>> should have. >>> >>> We've got Marvel, Head, and ElasticHQ installed. >>> >>> Is there some way to tell where the search is coming from? Something >>> like an HTTP access log or something? >>> >>> Thanks again for your time! >>> Chris >>> >>> >>> On Wed, Aug 20, 2014 at 3:57 PM, Itamar Syn-Hershko <[email protected]> >>> wrote: >>> >>>> I thought of Kibana because there's a faceting operation on the _type >>>> field. But I doubt neither Marvel nor Kibana would issue such an awful >>>> query (notice the "fquery" bit, too). >>>> >>>> Any part of your system (plugin or other) which might want to look at >>>> the types of documents added to an ES index? >>>> >>>> -- >>>> >>>> Itamar Syn-Hershko >>>> http://code972.com | @synhershko <https://twitter.com/synhershko> >>>> Freelance Developer & Consultant >>>> Author of RavenDB in Action <http://manning.com/synhershko/> >>>> >>>> >>>> On Wed, Aug 20, 2014 at 11:53 PM, Ivan Brusic <[email protected]> wrote: >>>> >>>>> Very strange query indeed. Wildcard search filtered by a match_all. >>>>> What?!? >>>>> >>>>> It is not Elasticsearch, but perhaps some plugin. Itamar mentioned >>>>> Kibana, although you did not mention it in your post. Any other plugins? >>>>> Marvel? >>>>> >>>>> -- >>>>> Ivan >>>>> >>>>> >>>>> On Wed, Aug 20, 2014 at 12:43 PM, Itamar Syn-Hershko < >>>>> [email protected]> wrote: >>>>> >>>>>> There is no such thing as query "internal to ES", if you see this in >>>>>> the logs you have a client making it. I would point to a Kibana instance >>>>>> but I'm pretty sure Kibana won't use a query_string query like this. >>>>>> >>>>>> And yes this is quite an expensive query (and facets) to run on a >>>>>> decent sized installation. >>>>>> >>>>>> -- >>>>>> >>>>>> Itamar Syn-Hershko >>>>>> http://code972.com | @synhershko <https://twitter.com/synhershko> >>>>>> Freelance Developer & Consultant >>>>>> Author of RavenDB in Action <http://manning.com/synhershko/> >>>>>> >>>>>> >>>>>> On Wed, Aug 20, 2014 at 10:14 PM, Chris Neal < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> Hi guys, >>>>>>> >>>>>>> I'm working through some performance concerns in my cluster, and I >>>>>>> turned on the slow log feature. I'm seeing this in the >>>>>>> index_search_slowlog.log log: >>>>>>> >>>>>>> [2014-08-20 06:37:52,734][INFO ][index.search.slowlog.query] >>>>>>> [elasticsearch-ip-10-0-0-41] [index-20140731][0] took[6s], >>>>>>> took_millis[6081], types[], stats[], search_type[QUERY_TH >>>>>>> EN_FETCH], total_shards[86], >>>>>>> source[{"facets":{"terms":{"terms":{"field":"_type","size":100,"order":"count","exclude":[]},"facet_filter":{"fquery":{"query":{"filtered":{"query":{"bool":{"should":[{"query_string":{"query":"*"}}]}},"filter":{"bool":{"must":[{"match_all":{}}]}}}}}}}},"size":0}], >>>>>>> >>>>>>> extra_source[], >>>>>>> >>>>>>> Is that a user generated search, or something internal to ES maybe? >>>>>>> I can't even tell what it's trying to do. It seems to hit every one >>>>>>> of my >>>>>>> indexes though, as the same search query is logged 63 times in a one >>>>>>> minute >>>>>>> period. >>>>>>> >>>>>>> Any ideas what this is? Is it something to be concerned about? >>>>>>> >>>>>>> Thanks for the help! >>>>>>> Chris >>>>>>> >>>>>>> -- >>>>>>> You received this message because you are subscribed to the Google >>>>>>> Groups "elasticsearch" group. >>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>> send an email to [email protected]. >>>>>>> To view this discussion on the web visit >>>>>>> https://groups.google.com/d/msgid/elasticsearch/CAND3Dpj7BzbaNva9B7JNFOeeaC9SrYWCEnvzTJgx2-AQeT478w%40mail.gmail.com >>>>>>> >>>>>>> <https://groups.google.com/d/msgid/elasticsearch/CAND3Dpj7BzbaNva9B7JNFOeeaC9SrYWCEnvzTJgx2-AQeT478w%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>>>> . >>>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>>> >>>>>> >>>>>> -- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "elasticsearch" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>> send an email to [email protected]. >>>>>> To view this discussion on the web visit >>>>>> https://groups.google.com/d/msgid/elasticsearch/CAHTr4ZvzAbbWYHP%3DEAWb4LgZ7XxiKMK6ES%2BrG_M%2BLGG%2BHjDgDQ%40mail.gmail.com >>>>>> >>>>>> <https://groups.google.com/d/msgid/elasticsearch/CAHTr4ZvzAbbWYHP%3DEAWb4LgZ7XxiKMK6ES%2BrG_M%2BLGG%2BHjDgDQ%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>>> . >>>>>> >>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>> >>>>> >>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "elasticsearch" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to [email protected]. >>>>> To view this discussion on the web visit >>>>> https://groups.google.com/d/msgid/elasticsearch/CALY%3DcQCtyAG3B7-uWU%2BuRa416c%2Bz%2BDA3fEpSDDKW_r%2BdUv%3Dfhg%40mail.gmail.com >>>>> >>>>> <https://groups.google.com/d/msgid/elasticsearch/CALY%3DcQCtyAG3B7-uWU%2BuRa416c%2Bz%2BDA3fEpSDDKW_r%2BdUv%3Dfhg%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>> . >>>>> >>>>> For more options, visit https://groups.google.com/d/optout. >>>>> >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "elasticsearch" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To view this discussion on the web visit >>>> https://groups.google.com/d/msgid/elasticsearch/CAHTr4Zsqcw9eDQS427E%2BwebLqhy%3DYa76M3DkPJ%3DxAJ5p1oCsXw%40mail.gmail.com >>>> >>>> <https://groups.google.com/d/msgid/elasticsearch/CAHTr4Zsqcw9eDQS427E%2BwebLqhy%3DYa76M3DkPJ%3DxAJ5p1oCsXw%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>> . >>>> >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "elasticsearch" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/elasticsearch/CAND3DpgYfDZfg7pJN%3DkJ%3D_R3Tvec%3D2fVu5mt%3DM7_cg9hUhEJSg%40mail.gmail.com >>> >>> <https://groups.google.com/d/msgid/elasticsearch/CAND3DpgYfDZfg7pJN%3DkJ%3D_R3Tvec%3D2fVu5mt%3DM7_cg9hUhEJSg%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "elasticsearch" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/elasticsearch/CAHTr4ZsWP%3DhYvnoJiyy%3Dwy8%2Bhu9pRya-nqxFNBbKe_DrzbPKxA%40mail.gmail.com >> >> <https://groups.google.com/d/msgid/elasticsearch/CAHTr4ZsWP%3DhYvnoJiyy%3Dwy8%2Bhu9pRya-nqxFNBbKe_DrzbPKxA%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> >> For more options, visit https://groups.google.com/d/optout. >> > > -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/fab653a3-ccde-4c5d-8a8f-52033c3db3f0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
