I sometimes notice the same behavior with much lesser data in ES.
Op zaterdag 24 oktober 2015 19:33:01 UTC+2 schreef Jesse Skrivseth: > > In one instance running 1.2.1 we have 3.8TB of data, which holds roughly > 30 days of data. When I do a simple "*" query across the last 14 days, the > ES query finishes in about 6 seconds. Notice these 14 day queries returned: > Found *1,111,506,619 messages* in 5,869 ms, searched in 987 indices > <https://jarden.sylint.com/search?rangetype=relative&fields=message%2Csource&width=1280&relative=1209600&q=#> > . > But the page took 52.01s to load > > Found *1,111,516,915 messages* in 6,650 ms, searched in 987 indices > <https://jarden.sylint.com/search?rangetype=relative&fields=message%2Csource&width=1280&relative=1209600&q=#> > . > But the page took 46.12s to load > > When I try to do a query for the last 30 days, I end up with timeouts > (HTTP 504). We're running 3 ES nodes - r3.2xlarge (8 core, 64gb RAM, SSD > EBS volumes) in AWS. I think the cluster is up to the task of doing such > queries, but it seems that maybe Graylog is doing some processing of the > result set that might be slow. > > Any pointers here? Thanks! > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/8f82aec6-bedc-4ef4-8098-11ad669494ec%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
