how can I extend scrolling hits #1432
-
I have an index with at least 600,000 hits every minute. When I use elastalert2 to perform scrolling every minute, it takes about two seconds to scroll 10,000 hits each time. The scrolling index will take more than 1 minute to complete, causing the memory usage to increase. how can I optimize it? The following is the template config of my elastalert2
rule.yaml
Thanks. |
Beta Was this translation helpful? Give feedback.
Answered by
jertel
May 14, 2024
Replies: 1 comment 1 reply
-
For that much log/event volume you may need to use the |
Beta Was this translation helpful? Give feedback.
1 reply
Answer selected by
YTS85205107
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
For that much log/event volume you may need to use the
use_count_query
option, which will return counts, instead of all 10,000 records.