Overview
By default this setting is set to true. This means that users can use certain query types which require a lot of resources to return results, causing slow results for other users and possibly affecting the stability of the cluster. It is particularly appropriate in installations where you have no control over the queries being run (eg. where users have access to kibana or other graphical interface tools).
Setting this to false will prevent running the following queries:
- script queries (except on wildcard field mappings)
- fuzzy queries (except on wildcard field mappings)
- regexp queries (except on wildcard field mappings)
- prefix queries (except on wildcard field mappings)
- wildcard queries (except on wildcard field mappings)
- range queries on text fields
- joining queries
- script score queries
- percolate queries
However, you should note that:
- Some of the expensive queries prevented by this setting have perfectly valid use cases which you may not want to prevent.
- There are also other types of expensive queries which are not prevented by this setting, especially heavy aggregations.
How to resolve it
If you want to prevent users from running certain types of expensive queries, then you can add this setting to the cluster:
PUT _cluster/settings
{
"transient": {
"search.allow_expensive_queries": "false"
}
}