Elasticsearch Elasticsearch Long Running UpdateByQuery Task 

By Opster Team

Updated: Mar 10, 2024

| 2 min read

What does this mean?

A long running UpdateByQuery task in Elasticsearch refers to a situation where an update by query operation is taking an unusually long time to complete. UpdateByQuery is an API that allows you to update multiple documents in an index that match a specific query. When this operation takes too long, it can lead to performance issues in the Elasticsearch cluster.

Why does this occur?

There could be several reasons for a long running UpdateByQuery task, including:

  1. The query used is not optimized, resulting in a large number of documents being matched and updated.
  2. The Elasticsearch cluster is experiencing high load or resource contention, causing the UpdateByQuery operation to take longer than usual.
  3. The index mappings and analysis settings are not optimized, leading to slower update operations.

Possible impact and consequences of long running UpdateByQuery tasks

The impact of a long running UpdateByQuery task can be significant, as it may affect the overall performance of the Elasticsearch cluster. This can manifest in various ways, such as:

  1. Slower search and indexing operations, as resources are being consumed by the UpdateByQuery task.
  2. Increased latency in response times for user queries and API calls.
  3. Potential timeouts or failures in other Elasticsearch operations due to resource contention.

How to resolve

To resolve the issue of a long running UpdateByQuery task, consider the following recommendations:

  1. Try to improve the query used in the UpdateByQuery API. Wherever possible, use the filter in the query and reduce the number of documents matched. If UpdateByQuery matches a huge number of documents, try to do it in multiple batches. Increase the refresh interval if applicable (if it is currently less than 30s, increase to 30s). 
  1. Review the index mappings and analysis, and optimize where possible. You can use the free Opster Template Analyzer tool to help you with this.
  1. Monitor the resource usage of your Elasticsearch cluster and ensure that it has adequate resources (CPU, memory, disk space, and I/O) to handle the UpdateByQuery operations. If necessary, consider scaling up your cluster or adding more nodes to distribute the load. Note that this is only applicable if the index being updated has more primary shards than data nodes, otherwise adding more nodes won’t help.
  2. Use the Elasticsearch Task Management API to monitor the progress of the UpdateByQuery task and identify any bottlenecks or issues. For example, you can run the UpdateByQuery task in the background with the following command:
POST /<index_name>/_update_by_query?wait_for_completion=false

The response from the previous command will include a <task_id> which you can then use in the following command to retrieve the status of the ongoing task:

GET /_tasks/<task_id

5. If the UpdateByQuery operation is still taking too long, you can kill it with the command below and you can consider breaking it down into smaller tasks using slicing:

POST /_tasks/<task_id>/_cancel

Conclusion

A long running UpdateByQuery task in Elasticsearch can have a significant impact on the performance of your cluster. By following the recommendations in this guide, you can optimize your queries, monitor your cluster’s resource usage, and take appropriate steps to resolve the issue and maintain optimal performance.