Inspecting Search Slow Logs on Elasticsearch and OpenSearch

Inspecting Search Slow Logs on Elasticsearch and OpenSearch

Elasticsearch Slow Logs can help identify issues and highlight slow queries. In this tip we show how to enable Elasticsearch slow logs, and how to access them on several platforms including OpenSearch.

Elasticsearch and Opensearch are highly scalable search and analytics engines, and as such they are often expected to respond to many concurrent requests, and still respond with a very low query latency.

Optimizing query performance in Elasticsearch and OpenSearch is a demanding task, but there absolutely are some clear guidelines one can follow, for example by avoiding expensive queries.

In order to identify and troubleshoot slow queries you can use the Search Slow Logs. When a search query takes longer than a specified threshold to execute, Elasticsearch will log information such as the query text, the time it took to execute, and the node that executed it.

Luckily, Elasticsearch supports logging slow operations, often called Slow Logs, for three key operations:

  • Search Slow Log, for the query phase – logs shard-level slow queries with their full query source and additional information.
  • Search Slow Log, for the fetch phase, where matching documents are retrieved.
  • Indexing Slow Log – logs slow indexing operations.

To find and debug slow queries, we are interested in the Search Slow Logs, query phase.

Identifying Slow Queries in Elasticsearch & OpenSearch