Home Explore Help
Sign In
lqb
/
elasticsearch
mirror of https://gitee.com/mirrors/elasticsearch.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: c9e285c1e6
Branches Tags
elasticsearch
/
docs
/
reference
/
index-modules
/
slowlog.asciidoc

slowlog.asciidoc 8.3 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186 
  1. [[index-modules-slowlog]]
    2. 

  2. == Slow Log
    3. 

  3. 

  4. [float]
    5. 

  5. [[search-slow-log]]
    6. 

  6. === Search Slow Log
    7. 

  7. 

  8. Shard level slow search log allows to log slow search (query and fetch
    9. 

  9. phases) into a dedicated log file.
    10. 

  10. 

  11. Thresholds can be set for both the query phase of the execution, and
    12. 

  12. fetch phase, here is a sample:
    13. 

  13. 

  14. [source,yaml]
    15. 

  15. --------------------------------------------------
    16. 

  16. index.search.slowlog.threshold.query.warn: 10s
    17. 

  17. index.search.slowlog.threshold.query.info: 5s
    18. 

  18. index.search.slowlog.threshold.query.debug: 2s
    19. 

  19. index.search.slowlog.threshold.query.trace: 500ms
    20. 

  20. 

  21. index.search.slowlog.threshold.fetch.warn: 1s
    22. 

  22. index.search.slowlog.threshold.fetch.info: 800ms
    23. 

  23. index.search.slowlog.threshold.fetch.debug: 500ms
    24. 

  24. index.search.slowlog.threshold.fetch.trace: 200ms
    25. 

  25. 

  26. index.search.slowlog.level: info
    27. 

  27. --------------------------------------------------
    28. 

  28. 

  29. All of the above settings are _dynamic_ and can be set for each index using the
    30. 

  30. <<indices-update-settings, update indices settings>> API. For example: 
    31. 

  31. 

  32. [source,console]
    33. 

  33. --------------------------------------------------
    34. 

  34. PUT /twitter/_settings
    35. 

  35. {
    36. 

  36.     "index.search.slowlog.threshold.query.warn": "10s",
    37. 

  37.     "index.search.slowlog.threshold.query.info": "5s",
    38. 

  38.     "index.search.slowlog.threshold.query.debug": "2s",
    39. 

  39.     "index.search.slowlog.threshold.query.trace": "500ms",
    40. 

  40.     "index.search.slowlog.threshold.fetch.warn": "1s",
    41. 

  41.     "index.search.slowlog.threshold.fetch.info": "800ms",
    42. 

  42.     "index.search.slowlog.threshold.fetch.debug": "500ms",
    43. 

  43.     "index.search.slowlog.threshold.fetch.trace": "200ms",
    44. 

  44.     "index.search.slowlog.level": "info"
    45. 

  45. }
    46. 

  46. --------------------------------------------------
    47. 

  47. // TEST[setup:twitter]
    48. 

  48. 

  49. By default, none are enabled (set to `-1`). Levels (`warn`, `info`,
    50. 

  50. `debug`, `trace`) allow to control under which logging level the log
    51. 

  51. will be logged. Not all are required to be configured (for example, only
    52. 

  52. `warn` threshold can be set). The benefit of several levels is the
    53. 

  53. ability to quickly "grep" for specific thresholds breached.
    54. 

  54. 

  55. The logging is done on the shard level scope, meaning the execution of a
    56. 

  56. search request within a specific shard. It does not encompass the whole
    57. 

  57. search request, which can be broadcast to several shards in order to
    58. 

  58. execute. Some of the benefits of shard level logging is the association
    59. 

  59. of the actual execution on the specific machine, compared with request
    60. 

  60. level.
    61. 

  61. 

  62. The logging file is configured by default using the following
    63. 

  63. configuration (found in `log4j2.properties`):
    64. 

  64. 

  65. [source,properties]
    66. 

  66. --------------------------------------------------
    67. 

  67. appender.index_search_slowlog_rolling.type = RollingFile
    68. 

  68. appender.index_search_slowlog_rolling.name = index_search_slowlog_rolling
    69. 

  69. appender.index_search_slowlog_rolling.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_index_search_slowlog.log
    70. 

  70. appender.index_search_slowlog_rolling.layout.type = PatternLayout
    71. 

  71. appender.index_search_slowlog_rolling.layout.pattern = [%d{ISO8601}][%-5p][%-25c] [%node_name]%marker %.-10000m%n
    72. 

  72. appender.index_search_slowlog_rolling.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_index_search_slowlog-%i.log.gz
    73. 

  73. appender.index_search_slowlog_rolling.policies.type = Policies
    74. 

  74. appender.index_search_slowlog_rolling.policies.size.type = SizeBasedTriggeringPolicy
    75. 

  75. appender.index_search_slowlog_rolling.policies.size.size = 1GB
    76. 

  76. appender.index_search_slowlog_rolling.strategy.type = DefaultRolloverStrategy
    77. 

  77. appender.index_search_slowlog_rolling.strategy.max = 4
    78. 

  78. 

  79. logger.index_search_slowlog_rolling.name = index.search.slowlog
    80. 

  80. logger.index_search_slowlog_rolling.level = trace
    81. 

  81. logger.index_search_slowlog_rolling.appenderRef.index_search_slowlog_rolling.ref = index_search_slowlog_rolling
    82. 

  82. logger.index_search_slowlog_rolling.additivity = false
    83. 

  83. --------------------------------------------------
    84. 

  84. 

  85. [float]
    86. 

  86. ==== Identifying search slow log origin
    87. 

  87. 

  88. It is often useful to identify what triggered a slow running query. If a call was initiated with an `X-Opaque-ID` header, then the user ID
    89. 

  89. is included in Search Slow logs as an additional **id** field (scroll to the right).
    90. 

  90. [source,txt]
    91. 

  91. ---------------------------
    92. 

  92. [2030-08-30T11:59:37,786][WARN ][i.s.s.query              ] [node-0] [index6][0] took[78.4micros], took_millis[0], total_hits[0 hits], stats[], search_type[QUERY_THEN_FETCH], total_shards[1], source[{"query":{"match_all":{"boost":1.0}}}], id[MY_USER_ID],
    93. 

  93. ---------------------------
    94. 

  94. // NOTCONSOLE
    95. 

  95. The user ID is also included in JSON logs.
    96. 

  96. [source,js]
    97. 

  97. ---------------------------
    98. 

  98. {
    99. 

  99.   "type": "index_search_slowlog",
    100. 

  100.   "timestamp": "2030-08-30T11:59:37,786+02:00",
    101. 

  101.   "level": "WARN",
    102. 

  102.   "component": "i.s.s.query",
    103. 

  103.   "cluster.name": "distribution_run",
    104. 

  104.   "node.name": "node-0",
    105. 

  105.   "message": "[index6][0]",
    106. 

  106.   "took": "78.4micros",
    107. 

  107.   "took_millis": "0",
    108. 

  108.   "total_hits": "0 hits",
    109. 

  109.   "stats": "[]",
    110. 

  110.   "search_type": "QUERY_THEN_FETCH",
    111. 

  111.   "total_shards": "1",
    112. 

  112.   "source": "{\"query\":{\"match_all\":{\"boost\":1.0}}}",
    113. 

  113.   "id": "MY_USER_ID",
    114. 

  114.   "cluster.uuid": "Aq-c-PAeQiK3tfBYtig9Bw",
    115. 

  115.   "node.id": "D7fUYfnfTLa2D7y-xw6tZg"
    116. 

  116. }
    117. 

  117. ---------------------------
    118. 

  118. // NOTCONSOLE
    119. 

  119. 

  120. [float]
    121. 

  121. [[index-slow-log]]
    122. 

  122. === Index Slow log
    123. 

  123. 

  124. The indexing slow log, similar in functionality to the search slow
    125. 

  125. log. The log file name ends with `_index_indexing_slowlog.log`. Log and
    126. 

  126. the thresholds are configured in the same way as the search slowlog.
    127. 

  127. Index slowlog sample:
    128. 

  128. 

  129. [source,yaml]
    130. 

  130. --------------------------------------------------
    131. 

  131. index.indexing.slowlog.threshold.index.warn: 10s
    132. 

  132. index.indexing.slowlog.threshold.index.info: 5s
    133. 

  133. index.indexing.slowlog.threshold.index.debug: 2s
    134. 

  134. index.indexing.slowlog.threshold.index.trace: 500ms
    135. 

  135. index.indexing.slowlog.level: info
    136. 

  136. index.indexing.slowlog.source: 1000
    137. 

  137. --------------------------------------------------
    138. 

  138. 

  139. All of the above settings are _dynamic_ and can be set for each index using the
    140. 

  140. <<indices-update-settings, update indices settings>> API. For example: 
    141. 

  141. 

  142. [source,console]
    143. 

  143. --------------------------------------------------
    144. 

  144. PUT /twitter/_settings
    145. 

  145. {
    146. 

  146.     "index.indexing.slowlog.threshold.index.warn": "10s",
    147. 

  147.     "index.indexing.slowlog.threshold.index.info": "5s",
    148. 

  148.     "index.indexing.slowlog.threshold.index.debug": "2s",
    149. 

  149.     "index.indexing.slowlog.threshold.index.trace": "500ms",
    150. 

  150.     "index.indexing.slowlog.level": "info",
    151. 

  151.     "index.indexing.slowlog.source": "1000"
    152. 

  152. }
    153. 

  153. --------------------------------------------------
    154. 

  154. // TEST[setup:twitter]
    155. 

  155. 

  156. By default Elasticsearch will log the first 1000 characters of the _source in
    157. 

  157. the slowlog. You can change that with `index.indexing.slowlog.source`. Setting
    158. 

  158. it to `false` or `0` will skip logging the source entirely an setting it to
    159. 

  159. `true` will log the entire source regardless of size. The original `_source` is
    160. 

  160. reformatted by default to make sure that it fits on a single log line. If preserving
    161. 

  161. the original document format is important, you can turn off reformatting by setting
    162. 

  162. `index.indexing.slowlog.reformat` to `false`, which will cause the source to be
    163. 

  163. logged "as is" and can potentially span multiple log lines.
    164. 

  164. 

  165. The index slow log file is configured by default in the `log4j2.properties`
    166. 

  166. file:
    167. 

  167. 

  168. [source,properties]
    169. 

  169. --------------------------------------------------
    170. 

  170. appender.index_indexing_slowlog_rolling.type = RollingFile
    171. 

  171. appender.index_indexing_slowlog_rolling.name = index_indexing_slowlog_rolling
    172. 

  172. appender.index_indexing_slowlog_rolling.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_index_indexing_slowlog.log
    173. 

  173. appender.index_indexing_slowlog_rolling.layout.type = PatternLayout
    174. 

  174. appender.index_indexing_slowlog_rolling.layout.pattern = [%d{ISO8601}][%-5p][%-25c] [%node_name]%marker %.-10000m%n
    175. 

  175. appender.index_indexing_slowlog_rolling.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_index_indexing_slowlog-%i.log.gz
    176. 

  176. appender.index_indexing_slowlog_rolling.policies.type = Policies
    177. 

  177. appender.index_indexing_slowlog_rolling.policies.size.type = SizeBasedTriggeringPolicy
    178. 

  178. appender.index_indexing_slowlog_rolling.policies.size.size = 1GB
    179. 

  179. appender.index_indexing_slowlog_rolling.strategy.type = DefaultRolloverStrategy
    180. 

  180. appender.index_indexing_slowlog_rolling.strategy.max = 4
    181. 

  181. 

  182. logger.index_indexing_slowlog.name = index.indexing.slowlog.index
    183. 

  183. logger.index_indexing_slowlog.level = trace
    184. 

  184. logger.index_indexing_slowlog.appenderRef.index_indexing_slowlog_rolling.ref = index_indexing_slowlog_rolling
    185. 

  185. logger.index_indexing_slowlog.additivity = false
    186. 

  186. --------------------------------------------------
    187.