Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

What is the use case for index closing in ElasticSearch?

Tags:

indexing

lucene

elasticsearch

I have found out that ES index could be closed. https://www.elastic.co/guide/en/elasticsearch/reference/6.3/indices-open-close.html

A closed index has almost no overhead on the cluster (except for maintaining its metadata), and is blocked for read/write operations.

I am trying to optimise ES for writing a lot of data, i.e. 100K messages per second. Every hour new index is created and older indexes are not used for writing anymore. However reading from older indexes is possible.

Should I close old indexes to optimise writing and the open them on demand if I need to perform search on them?

like image 995
Nikolay Kuznetsov Avatar asked Feb 04 '23 22:02

Nikolay Kuznetsov

2 Answers

If your index is closed, you obviously cannot read/search from it. Some operations, like changing index analyzers, require you to close the index before doing so and reopen it afterwards.

Other than that, if you know you'll need to read/search from your old indexes, then simply keep them open. It makes no sense to close/reopen them every time you need to read from them.

If you really want to optimize for writes, what you can do is implement hot/warm architecture and move your old indexes to warm nodes, while keeping the new one you're writing to on hot nodes.

You have a handful of other best practices you can implement if you want to optimize your indexing speed.

like image 62
Val Avatar answered Feb 15 '23 22:02

Val

The use-case for closed indices is quite niche. Besides changing some settings, like Val's answer, I don't see a wide (and correct) use of them. You might have problems when it comes to scaling the cluster (as shards of closed indices aren't moved around) or when you load N closed indices, you might end up putting too much pressure on the cluster.

In reality, the plumbing that's needed to effectively open and close indices on demand isn't justified. Or at least I didn't see one. That's why frozen indices are deprecated now.

You might consider alternatives, like force-merge, snapshot/restore or, depending on your Elasticsearch license, a searchable snapshot.

If you're using time-series data, you might also consider a hosted solution, like Sematext Logs (bias alert: I work for Sematext).

like image 37
Radu Gheorghe Avatar answered Feb 15 '23 23:02

Radu Gheorghe
Sign in to Comment

Related questions

Analytics in Elasticsearch
Troubles creating an index with custom analyzer using Jest
elasticsearch sort error using script
How to add multiple fields to a common terms query in ElasticSearch?
ElasticSearch in Spring with @Query
Elasticsearch: how to make an aggregation field not change the case of values
Elasticsearch histogram, multiple interval types?
How to execute an IP Range Query/Filter
Is it possible to use Spring's annotations to define Completion Suggester for a mapping in Elasticsearch?
Elasticsearch Pagination - Last Page Returning Too Many Results
ElasticSearch map two sql tables with a foreign key
elasticsearch range filter for array field
How to match multiple words as token prefixes
Elasticsearch sort parent by inner hits doc count
How to use elasticsearch to get JOIN functionality as in SQL?
Elasticsearch insensitive search accents
Combining Index Templates with Dynamic Templates
How to check current size of the ealastisearch queues defined in threadpool.XXX.queue_size?
Elasticsearch Unreachable: Connection refused
Elasticsearch URI Search multiple fields

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!