Before you dig into the details of this technical guide, have you tried asking OpsGPT?
You'll receive concise answers that will help streamline your Elasticsearch/OpenSearch operations.
Try OpsGPT now for step-by-step guidance and tailored insights into your Elasticsearch/ OpenSearch operation.
Before you dig into the details of this guide, have you tried asking OpsGPT? You’ll receive concise answers that will help streamline your OpenSearch/Elasticsearch operation.
Try OpsGPT now for step-by-step guidance and tailored insights into your search operation.
Overview
By default this setting is set to true. This means that users can use certain query types which require a lot of resources to return results, causing slow results for other users and possibly affecting the stability of the cluster. It is particularly appropriate in installations where you have no control over the queries being run (eg. where users have access to kibana or other graphical interface tools).
Setting this to false will prevent running the following queries:
- script queries (except on wildcard field mappings)
- fuzzy queries (except on wildcard field mappings)
- regexp queries (except on wildcard field mappings)
- prefix queries (except on wildcard field mappings)
- wildcard queries (except on wildcard field mappings)
- range queries on text fields
- joining queries
- script score queries
- percolate queries
However, you should note that:
- Some of the expensive queries prevented by this setting have perfectly valid use cases which you may not want to prevent.
- There are also other types of expensive queries which are not prevented by this setting, especially heavy aggregations.
How to resolve it
If you want to prevent users from running certain types of expensive queries, then you can add this setting to the cluster:
PUT _cluster/settings
{
"transient": {
"search.allow_expensive_queries": "false"
}
}
