In addition to reading this guide, we recommend you run the Elasticsearch Health Check-Up. It will detect issues and improve your Elasticsearch performance by analyzing your shard sizes, threadpools, memory, snapshots, disk watermarks and more.The Elasticsearch Check-Up is free and requires no installation.
Before you begin reading this guide, we recommend you try running the OpenSearch Error Check-Up which analyzes 2 JSON files to detect many configuration errors.
If you’re having trouble with expensive queries, you can try AutoOps for OpenSearch for an accurate analysis of your settings and to effortlessly fix issues in your deployment.
Overview
By default this setting is set to true. This means that users can use certain query types which require a lot of resources to return results, causing slow results for other users and possibly affecting the stability of the cluster. It is particularly appropriate in installations where you have no control over the queries being run (eg. where users have access to kibana or other graphical interface tools).
Setting this to false will prevent running the following queries:
- script queries (except on wildcard field mappings)
- fuzzy queries (except on wildcard field mappings)
- regexp queries (except on wildcard field mappings)
- prefix queries (except on wildcard field mappings)
- wildcard queries (except on wildcard field mappings)
- range queries on text fields
- joining queries
- script score queries
- percolate queries
However, you should note that:
- Some of the expensive queries prevented by this setting have perfectly valid use cases which you may not want to prevent.
- There are also other types of expensive queries which are not prevented by this setting, especially heavy aggregations.
How to resolve it
If you want to prevent users from running certain types of expensive queries, then you can add this setting to the cluster:
PUT _cluster/settings
{
"transient": {
"search.allow_expensive_queries": "false"
}
}
