Elasticsearch: slowlog settings should be dynamically updatable at the cluster level

Created on 1 Feb 2017  路  2Comments  路  Source: elastic/elasticsearch

Currently there is no simple way to enable and disable slow logging for all indices.

If using the following cluster level settings settings in elasticsearch.yml, nodes must be restarted:

index.search.slowlog.threshold.query.debug: 30s
index.search.slowlog.threshold.fetch.debug: 15s
index.search.slowlog.level: debug

If setting dynamically at the index level, then templates and code must also be adjusted to have the new settings, which doesn't usually make sense:

PUT /*/_settings
{
    "index.search.slowlog.level" : "debug"
    "index.search.slowlog.threshold.query.debug" : "30s",
    "index.search.slowlog.threshold.fetch.debug" : "15s"
}

Ideally, it would be great if we could do:

PUT /_cluster/settings
{
   "transient": {
     "index.search.slowlog.level" : "debug",
     "index.search.slowlog.threshold.query.debug" : "1ms",
     "index.search.slowlog.threshold.fetch.debug" : "1ms"
   }
}
picture PhaedrusTheGreek

Most helpful comment

I don't fully understand what you're asking. These settings are per index so if you want to update the settings for all indices you can just do:

PUT _settings { "index.search.slowlog.level" : "debug" "index.search.slowlog.threshold.query.debug" : "30s", "index.search.slowlog.threshold.fetch.debug" : "15s" }

If using the following cluster level settings settings in elasticsearch.yml, nodes must be restarted:

These settings are at the index level and since 5.x you cannot set index level settings in elasticsearch.yml.
So the best way to define values for all indices is to create a default template that contains these settings. Then when you want to update the values, you can update the settings for all indices and change your default template ?

picture jimczi on 1 Feb 2017
👍3

All 2 comments

I don't fully understand what you're asking. These settings are per index so if you want to update the settings for all indices you can just do:

PUT _settings { "index.search.slowlog.level" : "debug" "index.search.slowlog.threshold.query.debug" : "30s", "index.search.slowlog.threshold.fetch.debug" : "15s" }

If using the following cluster level settings settings in elasticsearch.yml, nodes must be restarted:

These settings are at the index level and since 5.x you cannot set index level settings in elasticsearch.yml.
So the best way to define values for all indices is to create a default template that contains these settings. Then when you want to update the values, you can update the settings for all indices and change your default template ?

jimczi picture jimczi on 1 Feb 2017
👍3

Agreed - we don't want to make these settings cluster level

clintongormley picture clintongormley on 2 Feb 2017
Was this page helpful?
0 / 5 - 0 ratings

Related issues

dadoonet picture dadoonet  路  3Comments
matthughes picture matthughes  路  3Comments
jasontedor picture jasontedor  路  3Comments
makeyang picture makeyang  路  3Comments
ttaranov picture ttaranov  路  3Comments