Kibana查询耗时

Kibana在进行查询时,对于大范围时间的聚合操作会导致显著的性能下降,例如对最近15分钟以30秒粒度聚合文档数。当文档数量庞大时,查询可能会耗时甚至报错。示例查询显示,5分钟的数据聚合耗时199秒,而15分钟的数据聚合耗时224秒,即使结果为0。若去除聚合操作,时间降至14秒,表明聚合是性能瓶颈。

kibana 查询,会对查询时间段,做聚合操作,最近15min,则会聚合每30秒的文档数:
这里写图片描述


当查询时间范围内的文档数特别大时,将非常耗时,有时会报错:
这里写图片描述

查询Request Payload:

{"index":"www_log-*","ignore_unavailable":true}
{"size":500,"sort":[{"@timestamp":{"order":"desc","unmapped_type":"boolean"}}],"query":{"filtered":{"query":{"query_string":{"analyze_wildcard":true,"query":"*"}},"filter":{"bool":{"must":[{"range":{"@timestamp":{"gte":1449469826877,"lte":1449470726877}}}],"must_not":[]}}}},"highlight":{"pre_tags":["@kibana-highlighted-field@"],"post_tags":["@/kibana-highlighted-field@"],"fields":{"*":{}},"fragment_size":2147483647},"aggs":{"2":{"date_histogram":{"field":"@timestamp","interval":"30s","pre_zone":"+08:00","pre_zone_adjust_large_interval":true,"min_doc_count":0,"extended_bounds":{"min":1449469826876,"max":1449470726876}}}},"fields":["*","_source"],"script_fields":{},"fielddata_fields":[“@timestamp”]}

如果没有时间格式字段:

{"index":"www_log-*","ignore_unavailable":true}
{"size":500,"sort":[{"_score":{"order":"desc","unmapped_type":"boolean"}}],"query":{"query_string":{"analyze_wildcard":true,"query":"*"}},"highlight":{"pre_tags":["@kibana-highlighted-field@"],"post_tags":["@/kibana-highlighted-field@"],"fields":{"*":{}},"fragment_size":2147483647},"fields":["*","_source"],"script_fields":{},"fielddata_fields":[]}

对索引www_log-*,2015-12-07 14:30:00 至 2015-12-07 14:35:00的5min数据,做聚合操作:

http://10.1.***:9200/www_log-*/logs/
{
  "query": {
"filtered": {
  "filter": {
    "range": {
      "request": {
        "gte": 1449469826877,
        "lte": 1449470126877
      }
    }
  }
}
  },
 "aggs": {
"request": {
  "date_histogram": {
    "field": "request",
    "interval": "30s",
    "pre_zone": "+08:00",
    "min_doc_count": 0
  }
}
  }
}

耗时199秒。

查询aguid=1447075650199_3724624的数据,并且对2015-12-07 14:30:00 至 2015-12-07 14:45:00的15min数据,做聚合操作,耗时224秒,虽然聚合结果为0。

{
  "query": {
"filtered": {
  "query": {
    "query_string": {
      "analyze_wildcard": true,
      "query": "aguid:\"1447075650199_3724624\""
    }
  },
  "filter": {
    "range": {
      "request": {
        "gte": 1441469826877,
        "lte": 1449470726877
      }
    }
  }
}
  },
  "aggs": {
"request": {
  "date_histogram": {
    "field": "request",
    "interval": "30s",
    "pre_zone": "+08:00",
    "min_doc_count": 0,
    "extended_bounds": {
      "min": 1449469826876,
      "max": 1449470726876
    }
  }
}
}

去掉聚合操作,耗时14秒。
这里写图片描述

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值