Hi Boaz, Thanks for the reply. :) It's not a problem per-se. I'm working through performance/memory issues and turned on the slow log file and that one popped up. It's a problem because it's slow, but not causing cluster stability issues!
It's interesting that you think it is Kibana though. I removed the Head plugin for 3 days and didn't see that query logged once, so I was pretty sure it was the culprit! Maybe it was just coincidence that whatever in Kibana was doing it didn't happen then either. Just my luck. ;) Thanks again. Chris On Thu, Aug 28, 2014 at 3:48 PM, Boaz Leskes <[email protected]> wrote: > > Hi Chris, > > This is actually Kibana. The reason it uses query_string is to allow > people some kind of syntax in their query with no query parsing on the > client side. Just a decision which I guess was made long ago to keep things > simple. > > Is this a problem for you in any way? > > Cheers, > Boaz > > On Thursday, August 21, 2014 6:37:02 PM UTC+2, Chris Neal wrote: >> >> Done. Will report back. >> >> Thank you! >> >> >> >> On Thu, Aug 21, 2014 at 11:27 AM, Itamar Syn-Hershko <[email protected]> >> wrote: >> >>> I'm going to bet on Head. Disable it and see what happens. >>> >>> -- >>> >>> Itamar Syn-Hershko >>> http://code972.com | @synhershko <https://twitter.com/synhershko> >>> Freelance Developer & Consultant >>> Author of RavenDB in Action <http://manning.com/synhershko/> >>> >>> >>> On Thu, Aug 21, 2014 at 7:22 PM, Chris Neal <[email protected]> >>> wrote: >>> >>>> Thanks guys for the thoughts. Plugins didn't even occur to me, but >>>> they should have. >>>> >>>> We've got Marvel, Head, and ElasticHQ installed. >>>> >>>> Is there some way to tell where the search is coming from? Something >>>> like an HTTP access log or something? >>>> >>>> Thanks again for your time! >>>> Chris >>>> >>>> >>>> On Wed, Aug 20, 2014 at 3:57 PM, Itamar Syn-Hershko <[email protected] >>>> > wrote: >>>> >>>>> I thought of Kibana because there's a faceting operation on the _type >>>>> field. But I doubt neither Marvel nor Kibana would issue such an awful >>>>> query (notice the "fquery" bit, too). >>>>> >>>>> Any part of your system (plugin or other) which might want to look at >>>>> the types of documents added to an ES index? >>>>> >>>>> -- >>>>> >>>>> Itamar Syn-Hershko >>>>> http://code972.com | @synhershko <https://twitter.com/synhershko> >>>>> Freelance Developer & Consultant >>>>> Author of RavenDB in Action <http://manning.com/synhershko/> >>>>> >>>>> >>>>> On Wed, Aug 20, 2014 at 11:53 PM, Ivan Brusic <[email protected]> wrote: >>>>> >>>>>> Very strange query indeed. Wildcard search filtered by a match_all. >>>>>> What?!? >>>>>> >>>>>> It is not Elasticsearch, but perhaps some plugin. Itamar mentioned >>>>>> Kibana, although you did not mention it in your post. Any other plugins? >>>>>> Marvel? >>>>>> >>>>>> -- >>>>>> Ivan >>>>>> >>>>>> >>>>>> On Wed, Aug 20, 2014 at 12:43 PM, Itamar Syn-Hershko < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> There is no such thing as query "internal to ES", if you see this in >>>>>>> the logs you have a client making it. I would point to a Kibana instance >>>>>>> but I'm pretty sure Kibana won't use a query_string query like this. >>>>>>> >>>>>>> And yes this is quite an expensive query (and facets) to run on a >>>>>>> decent sized installation. >>>>>>> >>>>>>> -- >>>>>>> >>>>>>> Itamar Syn-Hershko >>>>>>> http://code972.com | @synhershko <https://twitter.com/synhershko> >>>>>>> Freelance Developer & Consultant >>>>>>> Author of RavenDB in Action <http://manning.com/synhershko/> >>>>>>> >>>>>>> >>>>>>> On Wed, Aug 20, 2014 at 10:14 PM, Chris Neal < >>>>>>> [email protected]> wrote: >>>>>>> >>>>>>>> Hi guys, >>>>>>>> >>>>>>>> I'm working through some performance concerns in my cluster, and I >>>>>>>> turned on the slow log feature. I'm seeing this in the >>>>>>>> index_search_slowlog.log log: >>>>>>>> >>>>>>>> [2014-08-20 06:37:52,734][INFO ][index.search.slowlog.query] >>>>>>>> [elasticsearch-ip-10-0-0-41] [index-20140731][0] took[6s], >>>>>>>> took_millis[6081], types[], stats[], search_type[QUERY_TH >>>>>>>> EN_FETCH], total_shards[86], source[{"facets":{"terms":{" >>>>>>>> terms":{"field":"_type","size":100,"order":"count","exclude" >>>>>>>> :[]},"facet_filter":{"fquery":{"query":{"filtered":{"query": >>>>>>>> {"bool":{"should":[{"query_string":{"query":"*"}}]}}," >>>>>>>> filter":{"bool":{"must":[{"match_all":{}}]}}}}}}}},"size":0}], >>>>>>>> extra_source[], >>>>>>>> >>>>>>>> Is that a user generated search, or something internal to ES maybe? >>>>>>>> I can't even tell what it's trying to do. It seems to hit every one >>>>>>>> of my >>>>>>>> indexes though, as the same search query is logged 63 times in a one >>>>>>>> minute >>>>>>>> period. >>>>>>>> >>>>>>>> Any ideas what this is? Is it something to be concerned about? >>>>>>>> >>>>>>>> Thanks for the help! >>>>>>>> Chris >>>>>>>> >>>>>>>> -- >>>>>>>> You received this message because you are subscribed to the Google >>>>>>>> Groups "elasticsearch" group. >>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>> send an email to [email protected]. >>>>>>>> To view this discussion on the web visit >>>>>>>> https://groups.google.com/d/msgid/elasticsearch/ >>>>>>>> CAND3Dpj7BzbaNva9B7JNFOeeaC9SrYWCEnvzTJgx2-AQeT478w%40mail. >>>>>>>> gmail.com >>>>>>>> <https://groups.google.com/d/msgid/elasticsearch/CAND3Dpj7BzbaNva9B7JNFOeeaC9SrYWCEnvzTJgx2-AQeT478w%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>>>>> . >>>>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>>>> >>>>>>> >>>>>>> -- >>>>>>> You received this message because you are subscribed to the Google >>>>>>> Groups "elasticsearch" group. >>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>> send an email to [email protected]. >>>>>>> To view this discussion on the web visit >>>>>>> https://groups.google.com/d/msgid/elasticsearch/CAHTr4ZvzAbbWYHP% >>>>>>> 3DEAWb4LgZ7XxiKMK6ES%2BrG_M%2BLGG%2BHjDgDQ%40mail.gmail.com >>>>>>> <https://groups.google.com/d/msgid/elasticsearch/CAHTr4ZvzAbbWYHP%3DEAWb4LgZ7XxiKMK6ES%2BrG_M%2BLGG%2BHjDgDQ%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>>>> . >>>>>>> >>>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>>> >>>>>> >>>>>> -- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "elasticsearch" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>> send an email to [email protected]. >>>>>> To view this discussion on the web visit https://groups.google.com/d/ >>>>>> msgid/elasticsearch/CALY%3DcQCtyAG3B7-uWU%2BuRa416c% >>>>>> 2Bz%2BDA3fEpSDDKW_r%2BdUv%3Dfhg%40mail.gmail.com >>>>>> <https://groups.google.com/d/msgid/elasticsearch/CALY%3DcQCtyAG3B7-uWU%2BuRa416c%2Bz%2BDA3fEpSDDKW_r%2BdUv%3Dfhg%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>>> . >>>>>> >>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>> >>>>> >>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "elasticsearch" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to [email protected]. >>>>> To view this discussion on the web visit https://groups.google.com/d/ >>>>> msgid/elasticsearch/CAHTr4Zsqcw9eDQS427E%2BwebLqhy%3DYa76M3DkPJ% >>>>> 3DxAJ5p1oCsXw%40mail.gmail.com >>>>> <https://groups.google.com/d/msgid/elasticsearch/CAHTr4Zsqcw9eDQS427E%2BwebLqhy%3DYa76M3DkPJ%3DxAJ5p1oCsXw%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>> . >>>>> >>>>> For more options, visit https://groups.google.com/d/optout. >>>>> >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "elasticsearch" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To view this discussion on the web visit https://groups.google.com/d/ >>>> msgid/elasticsearch/CAND3DpgYfDZfg7pJN%3DkJ%3D_R3Tvec%3D2fVu5mt%3DM7_ >>>> cg9hUhEJSg%40mail.gmail.com >>>> <https://groups.google.com/d/msgid/elasticsearch/CAND3DpgYfDZfg7pJN%3DkJ%3D_R3Tvec%3D2fVu5mt%3DM7_cg9hUhEJSg%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>> . >>>> >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "elasticsearch" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit https://groups.google.com/d/ >>> msgid/elasticsearch/CAHTr4ZsWP%3DhYvnoJiyy%3Dwy8% >>> 2Bhu9pRya-nqxFNBbKe_DrzbPKxA%40mail.gmail.com >>> <https://groups.google.com/d/msgid/elasticsearch/CAHTr4ZsWP%3DhYvnoJiyy%3Dwy8%2Bhu9pRya-nqxFNBbKe_DrzbPKxA%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> -- > You received this message because you are subscribed to the Google Groups > "elasticsearch" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/elasticsearch/fab653a3-ccde-4c5d-8a8f-52033c3db3f0%40googlegroups.com > <https://groups.google.com/d/msgid/elasticsearch/fab653a3-ccde-4c5d-8a8f-52033c3db3f0%40googlegroups.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAND3Dpg_nTa%2Bh%2BK3A-5_uhv%3DXfMJ6uf5iUb1G-RU_1ayQuyMUA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
