Slow Query Pattern Detection

warning

latencyUpdated Feb 18, 2026

Search request slow logs capture queries exceeding configured thresholds per phase (query, fetch), enabling identification of inefficient query patterns that degrade cluster performance over time.

Sources

Logs - OpenSearch Documentationopensearch.org

Query insightsdocs.opensearch.org

Top N queries - OpenSearch Documentationopensearch.org

Technologies:

OpenSearchSymptoms of this issue are visible in OpenSearch metrics and logs

How to detect:

Enable search request slow logs via cluster.search.request.slowlog.threshold settings. Monitor for queries exceeding warn/info/debug thresholds. Correlate with phase_latency_map showing which phase (query vs fetch) contributes most latency.

Recommended action:

Use Top N queries API to identify slowest queries by latency, CPU, or memory. Enable query grouping to find common slow query patterns. Optimize identified queries through query rewriting, adding filters, using more selective queries, or adjusting index mappings.