Top N queries

Monitoring the top N queries in query insights features can help you gain real-time insights into the top queries with high latency within a certain time frame (for example, the last hour).

Getting started

To enable monitoring of the top N queries, configure the following dynamic settings:

It’s important to exercise caution when enabling this feature because it can consume system resources.

For detailed information about enabling and configuring this feature, see the following sections.

Enabling the top N queries feature

After installing the query-insights plugin, you can enable the top N queries feature (which is disabled by default) by using the following dynamic setting. This setting enables the corresponding collectors and aggregators in the running cluster:

  1. PUT _cluster/settings
  2. {
  3.   "persistent" : {
  4.     "search.insights.top_queries.latency.enabled" : true
  5.   }
  6. }

copy

Configuring window size

You can configure the window size for the top N queries by latency with search.insights.top_queries.latency.window_size. For example, a cluster with the following configuration will collect top N queries in a 60-minute window:

  1. PUT _cluster/settings
  2. {
  3.   "persistent" : {
  4.     "search.insights.top_queries.latency.window_size" : "60m"
  5.   }
  6. }

copy

Configuring the value of N

You can configure the value of N in the search.insights.top_queries.latency.top_n_size parameter. For example, a cluster with the following configuration will collect the top 10 queries in the specified window size:

  1. PUT _cluster/settings
  2. {
  3.   "persistent" : {
  4.     "search.insights.top_queries.latency.top_n_size" : 10
  5.   }
  6. }

copy

Monitoring the top N queries

You can use the Insights API endpoint to obtain top N queries by latency:

  1. GET /_insights/top_queries

copy

Specify a metric type to filter the response by metric type (latency is the only supported type as of 2.12):

  1. GET /_insights/top_queries?type=latency

copy