[DOC] Troubleshooting Expensive Searches (#92725)

* [DOC] Troubleshooting Expensive Searches 👋 re: https://github.com/elastic/elasticsearch/issues/73222 adds in content so we can link to users on how to find source of expensive searches. * Several edits * Apply suggestions from code review Co-authored-by: Abdon Pijpelink <abdon.pijpelink@elastic.co> Co-authored-by: Abdon Pijpelink <abdon.pijpelink@elastic.co>
2025-06-28 17:34:17 -04:00 · 2023-01-13 01:55:13 -07:00 · 2023-01-13 01:55:13 -07:00 · d9cbefc19c
commit d9cbefc19c
parent 854bfa67b8
1 changed files with 22 additions and 1 deletions
--- a/docs/reference/troubleshooting/troubleshooting-searches.asciidoc
+++ b/docs/reference/troubleshooting/troubleshooting-searches.asciidoc
@ -297,4 +297,25 @@ used by the data stream.
 For static settings, you need to create a new index with the correct settings.
 Next, you can reindex the data into that index. For data streams, refer to
 <<change-static-index-setting-for-a-data-stream,Change a static index setting
-for a data stream>>.
+for a data stream>>.
+
+[discrete]
+[[troubleshooting-slow-searches]]
+=== Find slow queries
+
+<<index-modules-slowlog,Slow logs>> can help pinpoint slow performing search 
+requests. Enabling <<auditing-settings,audit logging>> on top can help determine 
+query source. Add the following settings to the `elasticsearch.yml` configuration file
+to trace queries. The resulting logging is verbose, so disable these settings when not 
+troubleshooting.
+
+[source,yaml]
+----
+xpack.security.audit.enabled: true
+xpack.security.audit.logfile.events.include: _all
+xpack.security.audit.logfile.events.emit_request_body: true
+----
+
+Refer to
+https://www.elastic.co/blog/advanced-tuning-finding-and-fixing-slow-elasticsearch-queries[Advanced
+tuning: finding and fixing slow Elasticsearch queries] for more information.