Add a switch to disallow slow queries #29050
Comments
|
Pinging @elastic/es-search-aggs |
I talked to a user just recently and they built their own solution for sth. similar (I think it was a plugin) that basically intercepts each search request, inspects the query tree and then rejects some queries by a customizable rule that is application-dependent. Maybe this is too flexible for a start but might be worth thinking about later or as an alternative. |
|
We discussed this in the search meeting and agreed on the following points:
|
polyfractal
added
:Search/Search
|
How about a knob that requires user confirmation if a dashboard is opened with a time range larger than the knob specified date range? For example, I don't have any dashboards where looking back more than 3 weeks makes sense. I do have some indices where looking back 3 months makes sense. Another, orthogonal option is to have a cancel button for every Kibana visualization/dashboard. |
FYI this is being somehow handled via #43332, which we plan to integrate in Kibana so that e.g. moving to a different window would cancel the loading of visualizations. |
Add a new cluster setting `search.disallow_slow_queries` which by default is `false`. If set to `true` then certain queries (prefix, fuzzy, regexp and wildcard) that have usually slow performance cannot be executed and an exception is thrown. Closes: elastic#29050
|
Current status of slow queries guarded by disallowed_slow_queries setting, See #51385:
|
Add a new cluster setting `search.allow_expensive_queries` which by default is `true`. If set to `false`, certain queries that have usually slow performance cannot be executed and an error message is returned. - Queries that need to do linear scans to identify matches: - Script queries - Queries that have a high up-front cost: - Fuzzy queries - Regexp queries - Prefix queries (without index_prefixes enabled - Wildcard queries - Range queries on text and keyword fields - Joining queries - HasParent queries - HasChild queries - ParentId queries - Nested queries - Queries on deprecated 6.x geo shapes (using PrefixTree implementation) - Queries that may have a high per-document cost: - Script score queries - Percolate queries Closes: #29050
Add a new cluster setting `search.allow_expensive_queries` which by default is `true`. If set to `false`, certain queries that have usually slow performance cannot be executed and an error message is returned. - Queries that need to do linear scans to identify matches: - Script queries - Queries that have a high up-front cost: - Fuzzy queries - Regexp queries - Prefix queries (without index_prefixes enabled - Wildcard queries - Range queries on text and keyword fields - Joining queries - HasParent queries - HasChild queries - ParentId queries - Nested queries - Queries on deprecated 6.x geo shapes (using PrefixTree implementation) - Queries that may have a high per-document cost: - Script score queries - Percolate queries Closes: #29050 (cherry picked from commit a8b39ed)
It has been requested a couple times that we add a switch to disable the use of slow queries. This is typically useful to administrators who would like to prevent some users from using most resources on a cluster.
What a slow query is still needs to be refined but I think we could start with the following definition:
Basically this tries to include all queries that cannot efficiently skip and that need to collect all matches in a bitset to return an iterator. Plus the script query because if you run it on its own it will need to look at every single document of the index.
The threshold of 5 means that you could still run arbitrary prefix queries on fields that use the
index_prefixoptimization with default configuration.Relates #11511
The text was updated successfully, but these errors were encountered: