Elasticsearch Expensive Queries are Allowed to Run

Elasticsearch Expensive Queries are Allowed to Run

Opster Team

March 2021


In addition to reading this guide, we recommend you run the Elasticsearch Health Check-Up. It will detect issues and improve your Elasticsearch performance by analyzing your shard sizes, threadpools, memory, snapshots, disk watermarks and more.

The Elasticsearch Check-Up is free and requires no installation.

Run the Elasticsearch check-up to receive recommendations like this:

checklist Run Check-Up
error

Expensive queries are allowed to run on your cluster

error-img

Description

By default, this setting is set to true. This might slow down search operations and affect the stability of the cluster...

error-img

Recommendations

Based on your specific ES deployment, you should...

1

X-PUT curl -H "Content-Type: application/json" [customized reccomendation]

Overview

By default this setting is set to true. This means that users can use certain query types which require a lot of resources to return results, causing slow results for other users and possibly affecting the stability of the cluster. It is particularly appropriate in installations where you have no control over the queries being run (eg. where users have access to kibana or other graphical interface tools).

Setting this to false will prevent running the following queries:

  • script queries (except on wildcard field mappings)
  • fuzzy queries (except on wildcard field mappings)
  • regexp queries (except on wildcard field mappings)
  • prefix queries (except on wildcard field mappings)
  • wildcard queries (except on wildcard field mappings)
  • range queries on text fields
  • joining queries
  • script score queries
  • percolate queries

However, you should note that:

  • Some of the expensive queries prevented by this setting have perfectly valid use cases which you may not want to prevent.
  • There are also other types of expensive queries which are not prevented by this setting, especially heavy aggregations.

How to resolve it

If you want to prevent users from running certain types of expensive queries, then you can add this setting to the cluster:

PUT _cluster/settings
{
  "transient": {
	"search.allow_expensive_queries": "false"
  }
}

Expensive query settings are covered in Opster’s Elasticsearch Health Check-Up. The Check-Up analyzes your cluster to detect any errors or issues and provides you with recommendations to resolve them quickly and easily. If you’re having trouble with expensive queries, you can run the Check-Up for an accurate analysis of your settings and follow the instructions to ensure your operations continue running smoothly.



Run the Check-Up to get a customized report like this:

Analyze your cluster