We have had several examples recently where scheduled searches appear to run in the _internal log, complete successfully, and find no results when results were available. Using _indextime vs _time to determine the lag on the results it seems like there is no reason why the results were not found by the search.
We have an open case with support but this makes me wonder:
Where does _indextime fall in the indexing process? Is it when the event is written to the first bucket? Is it when the first searchable copy is written? Is it when the full replication/search factors have been met across the cluster (unlikely)? As you can probably guess I'm wondering if we can get into a state where data is written/indexed but not actually searchable.
For reference, we have a multisite peer cluster with 8 members over 2 sites (2 AZs in the same AWS region).
Thanks!
↧