Elasticsearch Elasticsearch Hot Threads: Identifying and Troubleshooting Performance Issues

By Opster Team

Updated: Nov 14, 2023

| 2 min read


Elasticsearch hot threads are a valuable diagnostic tool for identifying performance bottlenecks and troubleshooting issues in your Elasticsearch cluster. This article will discuss the importance of hot threads, how to analyze them and provide guidance on resolving common performance problems.

Understanding Hot Threads

Hot threads are a snapshot of the busiest threads in an Elasticsearch node at a given point in time. They provide insights into the internal workings of the node, helping you identify resource-intensive operations, slow queries, and other performance issues. By analyzing hot threads, you can pinpoint the root cause of problems and take appropriate action to optimize your cluster.

Retrieving Hot Threads

To retrieve hot threads, you can use the Elasticsearch REST API or the command-line interface. The following examples demonstrate both methods:


GET /_nodes/hot_threads

2. Command-line interface:

curl -XGET "http://localhost:9200/_nodes/hot_threads"

These commands will return a plain-text report containing the top 3 hot threads per node, sorted by CPU usage. You can customize the output by specifying additional parameters, such as the number of threads to display, the interval between samples, and the type of threads to include (e.g., search, indexing, or management).

Analyzing Hot Threads

When analyzing hot threads, you should focus on the following key aspects:

  1. Thread type: Determine whether the hot thread is related to search, indexing, or management operations. This information can help you narrow down the scope of your investigation and identify potential bottlenecks.
  1. Stack trace: Examine the stack trace to understand the code path that the thread is executing. Look for patterns or recurring elements that may indicate a specific issue or problematic query.
  1. CPU usage: Check the CPU usage of the hot thread to assess its impact on the overall performance of the node. High CPU usage may indicate resource contention, inefficient queries, or other issues that require optimization.
  1. Duration: Consider the duration of the hot thread, as longer-running threads may have a more significant impact on performance. Long-running threads can be a sign of slow queries, large aggregations, or other resource-intensive operations.

Troubleshooting Performance Issues

Once you have identified the hot threads in your Elasticsearch cluster, you can take the following steps to troubleshoot and resolve performance issues:

  1. Optimize queries: Review the queries associated with hot threads and look for opportunities to optimize them. This may include using more selective filters, reducing the number of fields returned, or leveraging query caching.
  2. Adjust thread pool settings: If you notice that a particular thread pool is consistently overwhelmed, consider adjusting its settings to better handle the workload. For example, you can increase the queue size or the number of threads allocated to the pool.
  3. Monitor resource usage: Keep an eye on the resource usage of your Elasticsearch nodes, including CPU, memory, and disk I/O. If you notice that a node is consistently under heavy load, consider adding more resources or redistributing the workload across the cluster.
  4. Rebalance shards: If hot threads are concentrated on a specific node or set of nodes, consider rebalancing your shards to distribute the workload more evenly. You can use the cluster reroute API or the shard allocation settings to control shard placement.
  1. Upgrade Elasticsearch: If you are running an older version of Elasticsearch, consider upgrading to the latest version to take advantage of performance improvements and bug fixes.


      Elasticsearch hot threads are a powerful diagnostic tool that can help you identify and resolve performance issues in your cluster. By regularly monitoring hot threads and taking appropriate action, you can ensure that your Elasticsearch deployment remains performant and reliable. Remember to analyze the thread type, stack trace, CPU usage, and duration of hot threads to pinpoint the root cause of problems and optimize your cluster accordingly.