elasticsearch" />
elasticsearch,Logging,Request,Logging 弹性搜索日志解释
我已经为我的elasticsearch服务器启用了slowlog,以查看我在上面获得的流量。Logging 弹性搜索日志解释,logging,request,
elasticsearch,Logging,Request,
以下是一些示例输出:
[2013-07-23 06:10:45,213][WARN ][index.search.slowlog.query] [Afari, Jamal] [index_3559_schema1][4] took[107.5micros], took_millis[0], types[some_type], stats[], search_type[QUERY_THEN_FETCH], total_shards[195], source[{"query":{"query_string":{"query":"*"}},"from":0,"size":"24","sort":{"updated_at":"desc"}}], extra_source[],
[2013-07-23 06:10:45,214][WARN ][index.search.slowlog.query] [Afari, Jamal] [index_3559_schema1][3] took[155.6micros], took_millis[0], types[some_type], stats[], search_type[QUERY_THEN_FETCH], total_shards[195], source[{"query":{"query_string":{"query":"*"}},"from":0,"size":"24","sort":{"updated_at":"desc"}}], extra_source[],
[2013-07-23 06:10:45,214][WARN ][index.search.slowlog.query] [Afari, Jamal] [index_3559_schema1][2] took[107.7micros], took_millis[0], types[some_type], stats[], search_type[QUERY_THEN_FETCH], total_shards[195], source[{"query":{"query_string":{"query":"*"}},"from":0,"size":"24","sort":{"updated_at":"desc"}}], extra_source[],
...
[2013-07-22 15:10:45,260][WARN ][index.search.slowlog.fetch] [Afari, Jamal] [index_42044_schema1][3] took[85.3micros], took_millis[0], types[some_type], stats[], search_type[QUERY_THEN_FETCH], total_shards[195], source[{"query":{"query_string":{"query":"*"}},"from":0,"size":"24","sort":{"updated_at":"desc"}}], extra_source[],
index_3559_schema1,index_3559_schema1,index_3559_schema1index.search.slowlog.queryindex.search.slowlog.fetch提取行指的是提取阶段。默认情况下,将使用query\u then\u fetch,这意味着如果查询由5个主碎片组成的索引(假设为0个副本以使其更简单),将对每个碎片执行查询,这将只返回相关信息,如文档ID及其分数。然后,使用搜索请求点击的节点将减少这些结果,以便只返回最前面的结果。在reduce部分确定需要返回哪些文档之后,只从它们的碎片中获取那些相关文档。这时,您可以在您的slowlog中看到fetch阶段。是否可以判断我的示例中的前3个日志是否来自不同的请求?没有给出这些单独的行,但您可以假设大约在同一时间发生了什么。对索引的每个查询(类型在这里不起任何作用)都将命中其所有碎片(除非指定路由)。如果您有相同的查询,例如命中5个碎片,并且查询的索引由5个碎片组成,那么您可以说这是一个http请求。当然,如果您在同一索引和同一碎片上有多个搜索,那么这些搜索很可能是由不同的http请求引起的。