High cpu usage after ES update to 7.17.7

Ossenfeld · December 15, 2022, 10:10am

Elasticsearch version: 7.17.7

Server OS version: SUSE Linux Enterprise Server 15 SP3

Kibana version (if relevant): 7.17.7

Describe the issue:

Hello,

after an update from 7.16.2 to 7.17.7, we’re experiencing about double the CPU usage without changing anything else. This happens during all time and the usage basically never dropped below the new baseline. When looking into the hot_threads on a node, I receive the following:

https://pastebin.com/raw/zV8zzy0n

Can someone please tell me what the transport_worker does and how I may be able to fix this?

Thanks in advance

nils · December 15, 2022, 10:14am

What version of Search Guard are you using?

Ossenfeld · December 15, 2022, 1:00pm

Sorry, my bad. We’re using search-guard-suite-plugin-7.17.7-53.5.0.

nils · December 16, 2022, 8:30am

This should be fixed by Search Guard FLX:

Would it be possible for you to update to FLX?

Ossenfeld · December 16, 2022, 8:55am

Well, we bought 2 licenses, but I’m not sure if that would include FLX.
Also, we don’t have any experience with it, yet, so it would take some time to actually update to FLX.
Is there any chance of a quick fix?

nils · December 16, 2022, 9:04am

Search Guard FLX does not require any new licenses.

For a quick fix, we need to check a couple of things - so it would be only medium quick. But we will try to come back to you ASAP.

Just a quick checkup: Are you having any index privileges set for aliases? (if you have an alias A for indices I1, I2, I3, do you define the privileges for A or for I*?)

Ossenfeld · December 16, 2022, 9:26am

No, we don’t have any index privileges set for aliases.

searchguard · December 21, 2022, 5:50pm

We have released a new Search Guard version for 7.17.7 and 7.17.8 which should fix your issue by making it possible to turn off index alias resolution: Search Guard 53.6 for Elasticsearch 7.17.8 released

Ossenfeld · January 2, 2023, 7:47am

Hi,

thanks for the help. The follow site refers to the Kibana Plugin Version 53.0.0: Latest Releases | Security for Elasticsearch | Search Guard
On the other hand, here it says 53.5.0: Latest Releases | Security for Elasticsearch | Search Guard

Which Kibana Plugin Version should be used with the latest release for Elasticsearch 7.17.7?

nils · January 3, 2023, 12:27pm

The Kibana plugin was not updated, so just use 53.0.0.

system · January 24, 2023, 12:28pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Search Guard 53.6 for Elasticsearch 7.17.8 released Announcements	1	441	January 4, 2023
Severe performance problems caused by SearchGuard Search Guard	22	1058	June 28, 2022
Security Release: FLX 1.4.0 and Classic 53.8 Announcements	1	430	December 14, 2023
Now available: Search Guard FLX 1.2.0 Announcements	1	706	June 23, 2023
Search Guard for Elasticsearch 7.17.7 available Announcements	1	397	November 10, 2022

High cpu usage after ES update to 7.17.7

Related topics