diff --git a/src/main/java/org/opensearch/securityanalytics/SecurityAnalyticsPlugin.java b/src/main/java/org/opensearch/securityanalytics/SecurityAnalyticsPlugin.java
index df6d0b6cc..dd119dfc1 100644
--- a/src/main/java/org/opensearch/securityanalytics/SecurityAnalyticsPlugin.java
+++ b/src/main/java/org/opensearch/securityanalytics/SecurityAnalyticsPlugin.java
@@ -12,6 +12,7 @@
 import java.util.function.Supplier;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
+import org.opensearch.cluster.routing.Preference;
 import org.opensearch.core.action.ActionListener;
 import org.opensearch.action.ActionRequest;
 import org.opensearch.core.action.ActionResponse;
@@ -293,6 +294,7 @@ public void onFailure(Exception e) {
         // Trigger initialization of prepackaged rules by calling SearchRule API
         SearchRequest searchRequest = new SearchRequest(Rule.PRE_PACKAGED_RULES_INDEX);
         searchRequest.source(new SearchSourceBuilder().query(QueryBuilders.matchAllQuery()).size(0));
+        searchRequest.preference(Preference.PRIMARY_FIRST.type());
         client.execute(
                 SearchRuleAction.INSTANCE,
                 new SearchRuleRequest(true, searchRequest),
diff --git a/src/main/java/org/opensearch/securityanalytics/correlation/JoinEngine.java b/src/main/java/org/opensearch/securityanalytics/correlation/JoinEngine.java
index 6921f096c..4d6f463d1 100644
--- a/src/main/java/org/opensearch/securityanalytics/correlation/JoinEngine.java
+++ b/src/main/java/org/opensearch/securityanalytics/correlation/JoinEngine.java
@@ -9,6 +9,7 @@
 import org.apache.logging.log4j.Logger;
 import org.apache.lucene.search.join.ScoreMode;
 import org.opensearch.OpenSearchStatusException;
+import org.opensearch.cluster.routing.Preference;
 import org.opensearch.core.action.ActionListener;
 import org.opensearch.action.search.MultiSearchRequest;
 import org.opensearch.action.search.MultiSearchResponse;
@@ -85,6 +86,7 @@ public void onSearchDetectorResponse(Detector detector, Finding finding) {
         SearchRequest searchRequest = new SearchRequest();
         searchRequest.indices(CorrelationRule.CORRELATION_RULE_INDEX);
         searchRequest.source(searchSourceBuilder);
+        searchRequest.preference(Preference.PRIMARY_FIRST.type());
 
         client.search(searchRequest, new ActionListener<>() {
             @Override
@@ -144,6 +146,7 @@ private void getValidDocuments(String detectorType, List<String> indices, List<C
                 SearchRequest searchRequest = new SearchRequest();
                 searchRequest.indices(indices.toArray(new String[]{}));
                 searchRequest.source(searchSourceBuilder);
+                searchRequest.preference(Preference.PRIMARY_FIRST.type());
 
                 validCorrelationRules.add(rule);
                 mSearchRequest.add(searchRequest);
@@ -221,6 +224,7 @@ private void searchFindingsByTimestamp(String detectorType, Map<String, List<Cor
             SearchRequest searchRequest = new SearchRequest();
             searchRequest.indices(DetectorMonitorConfig.getAllFindingsIndicesPattern(categoryToQueries.getKey()));
             searchRequest.source(searchSourceBuilder);
+            searchRequest.preference(Preference.PRIMARY_FIRST.type());
             mSearchRequest.add(searchRequest);
             categoryToQueriesPairs.add(new Pair<>(categoryToQueries.getKey(), categoryToQueries.getValue()));
         }
@@ -291,6 +295,7 @@ private void searchDocsWithFilterKeys(String detectorType, Map<String, DocSearch
             SearchRequest searchRequest = new SearchRequest();
             searchRequest.indices(docSearchCriteria.getValue().indices.toArray(new String[]{}));
             searchRequest.source(searchSourceBuilder);
+            searchRequest.preference(Preference.PRIMARY_FIRST.type());
 
             categories.add(docSearchCriteria.getKey());
             mSearchRequest.add(searchRequest);
@@ -359,6 +364,7 @@ private void getCorrelatedFindings(String detectorType, Map<String, List<String>
             SearchRequest searchRequest = new SearchRequest();
             searchRequest.indices(DetectorMonitorConfig.getAllFindingsIndicesPattern(relatedDocIds.getKey()));
             searchRequest.source(searchSourceBuilder);
+            searchRequest.preference(Preference.PRIMARY_FIRST.type());
 
             categories.add(relatedDocIds.getKey());
             mSearchRequest.add(searchRequest);
diff --git a/src/main/java/org/opensearch/securityanalytics/correlation/VectorEmbeddingsEngine.java b/src/main/java/org/opensearch/securityanalytics/correlation/VectorEmbeddingsEngine.java
index 82698325f..db0a44e56 100644
--- a/src/main/java/org/opensearch/securityanalytics/correlation/VectorEmbeddingsEngine.java
+++ b/src/main/java/org/opensearch/securityanalytics/correlation/VectorEmbeddingsEngine.java
@@ -7,6 +7,7 @@
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 import org.opensearch.OpenSearchStatusException;
+import org.opensearch.cluster.routing.Preference;
 import org.opensearch.core.action.ActionListener;
 import org.opensearch.action.bulk.BulkRequest;
 import org.opensearch.action.bulk.BulkResponse;
@@ -74,6 +75,7 @@ public void insertCorrelatedFindings(String detectorType, Finding finding, Strin
         SearchRequest searchRequest = new SearchRequest();
         searchRequest.indices(CorrelationIndices.CORRELATION_INDEX);
         searchRequest.source(searchSourceBuilder);
+        searchRequest.preference(Preference.PRIMARY_FIRST.type());
 
         client.search(searchRequest, new ActionListener<>() {
             @Override
@@ -103,6 +105,7 @@ public void onResponse(SearchResponse response) {
                     SearchRequest searchRequest = new SearchRequest();
                     searchRequest.indices(CorrelationIndices.CORRELATION_INDEX);
                     searchRequest.source(searchSourceBuilder);
+                    searchRequest.preference(Preference.PRIMARY_FIRST.type());
 
                     mSearchRequest.add(searchRequest);
                 }
@@ -240,6 +243,7 @@ public void insertOrphanFindings(String detectorType, Finding finding, float tim
         SearchRequest searchRequest = new SearchRequest();
         searchRequest.indices(CorrelationIndices.CORRELATION_INDEX);
         searchRequest.source(searchSourceBuilder);
+        searchRequest.preference(Preference.PRIMARY_FIRST.type());
 
         client.search(searchRequest, new ActionListener<>() {
             @Override
@@ -415,6 +419,7 @@ public void onFailure(Exception e) {
                             SearchRequest searchRequest = new SearchRequest();
                             searchRequest.indices(CorrelationIndices.CORRELATION_INDEX);
                             searchRequest.source(searchSourceBuilder);
+                            searchRequest.preference(Preference.PRIMARY_FIRST.type());
 
                             client.search(searchRequest, new ActionListener<>() {
                                 @Override
diff --git a/src/main/java/org/opensearch/securityanalytics/logtype/LogTypeService.java b/src/main/java/org/opensearch/securityanalytics/logtype/LogTypeService.java
index c8901d0dc..40ec8db74 100644
--- a/src/main/java/org/opensearch/securityanalytics/logtype/LogTypeService.java
+++ b/src/main/java/org/opensearch/securityanalytics/logtype/LogTypeService.java
@@ -23,6 +23,7 @@
 import org.opensearch.ExceptionsHelper;
 import org.opensearch.OpenSearchStatusException;
 import org.opensearch.ResourceAlreadyExistsException;
+import org.opensearch.cluster.routing.Preference;
 import org.opensearch.core.action.ActionListener;
 import org.opensearch.action.DocWriteRequest;
 import org.opensearch.action.admin.indices.create.CreateIndexRequest;
@@ -113,7 +114,7 @@ public void getAllLogTypes(ActionListener<List<String>> listener) {
                     .field(LOG_TYPES)
                     .size(MAX_LOG_TYPE_COUNT)
             ));
-            searchRequest.preference("_primary");
+            searchRequest.preference(Preference.PRIMARY_FIRST.type());
             client.search(
                 searchRequest,
                 ActionListener.delegateFailure(
@@ -371,6 +372,7 @@ public void getAllFieldMappings(ActionListener<List<FieldMappingDoc>> listener)
         SearchRequest searchRequest = new SearchRequest(LOG_TYPE_INDEX);
         searchRequest.source(new SearchSourceBuilder().query(QueryBuilders.boolQuery()
                 .mustNot(QueryBuilders.existsQuery("source"))).size(10000));
+        searchRequest.preference(Preference.PRIMARY_FIRST.type());
         client.search(
             searchRequest,
             ActionListener.delegateFailure(
@@ -404,6 +406,7 @@ public void getFieldMappingsByLogTypes(List<String> logTypes, ActionListener<Lis
                 QueryBuilders.termsQuery(LOG_TYPES, logTypes.toArray(new String[0])))
                 .size(10000)
         );
+        searchRequest.preference(Preference.PRIMARY_FIRST.type());
         client.search(
                 searchRequest,
                 ActionListener.delegateFailure(
diff --git a/src/main/java/org/opensearch/securityanalytics/resthandler/RestSearchCorrelationRuleAction.java b/src/main/java/org/opensearch/securityanalytics/resthandler/RestSearchCorrelationRuleAction.java
index 5b5f0fffa..578743aad 100644
--- a/src/main/java/org/opensearch/securityanalytics/resthandler/RestSearchCorrelationRuleAction.java
+++ b/src/main/java/org/opensearch/securityanalytics/resthandler/RestSearchCorrelationRuleAction.java
@@ -11,6 +11,7 @@
 import org.apache.logging.log4j.Logger;
 import org.opensearch.action.search.SearchRequest;
 import org.opensearch.client.node.NodeClient;
+import org.opensearch.cluster.routing.Preference;
 import org.opensearch.index.query.QueryBuilder;
 import org.opensearch.index.query.QueryBuilders;
 import org.opensearch.rest.BaseRestHandler;
@@ -53,7 +54,8 @@ protected RestChannelConsumer prepareRequest(RestRequest request, NodeClient cli
                 .version(true);
         SearchRequest searchRequest = new SearchRequest()
                 .source(searchSourceBuilder)
-                .indices(CorrelationRule.CORRELATION_RULE_INDEX);
+                .indices(CorrelationRule.CORRELATION_RULE_INDEX)
+                .preference(Preference.PRIMARY_FIRST.type());
 
         SearchCorrelationRuleRequest searchCorrelationRuleRequest = new SearchCorrelationRuleRequest(searchRequest);
         return channel -> client.execute(SearchCorrelationRuleAction.INSTANCE, searchCorrelationRuleRequest, new RestToXContentListener<>(channel));
diff --git a/src/main/java/org/opensearch/securityanalytics/resthandler/RestSearchDetectorAction.java b/src/main/java/org/opensearch/securityanalytics/resthandler/RestSearchDetectorAction.java
index c1ccd7ea9..a47c7a954 100644
--- a/src/main/java/org/opensearch/securityanalytics/resthandler/RestSearchDetectorAction.java
+++ b/src/main/java/org/opensearch/securityanalytics/resthandler/RestSearchDetectorAction.java
@@ -10,6 +10,7 @@
 import org.opensearch.action.search.SearchResponse;
 import org.opensearch.action.search.SearchRequest;
 import org.opensearch.client.node.NodeClient;
+import org.opensearch.cluster.routing.Preference;
 import org.opensearch.core.common.bytes.BytesReference;
 import org.opensearch.common.xcontent.LoggingDeprecationHandler;
 import org.opensearch.common.xcontent.XContentFactory;
@@ -69,6 +70,7 @@ protected RestChannelConsumer prepareRequest(RestRequest request, NodeClient cli
         SearchRequest searchRequest = new SearchRequest();
         searchRequest.source(searchSourceBuilder);
         searchRequest.indices(Detector.DETECTORS_INDEX);
+        searchRequest.preference(Preference.PRIMARY_FIRST.type());
 
         SearchDetectorRequest searchDetectorRequest = new SearchDetectorRequest(searchRequest);
 
diff --git a/src/main/java/org/opensearch/securityanalytics/resthandler/RestSearchRuleAction.java b/src/main/java/org/opensearch/securityanalytics/resthandler/RestSearchRuleAction.java
index bd01eb2b7..a4ba93d17 100644
--- a/src/main/java/org/opensearch/securityanalytics/resthandler/RestSearchRuleAction.java
+++ b/src/main/java/org/opensearch/securityanalytics/resthandler/RestSearchRuleAction.java
@@ -9,6 +9,7 @@
 import org.opensearch.action.search.SearchRequest;
 import org.opensearch.action.search.SearchResponse;
 import org.opensearch.client.node.NodeClient;
+import org.opensearch.cluster.routing.Preference;
 import org.opensearch.core.common.bytes.BytesReference;
 import org.opensearch.common.xcontent.LoggingDeprecationHandler;
 import org.opensearch.common.xcontent.XContentFactory;
@@ -68,7 +69,8 @@ protected RestChannelConsumer prepareRequest(RestRequest request, NodeClient cli
                 .version(true);
         SearchRequest searchRequest = new SearchRequest()
                 .source(searchSourceBuilder)
-                .indices(isPrepackaged ? Rule.PRE_PACKAGED_RULES_INDEX: Rule.CUSTOM_RULES_INDEX);
+                .indices(isPrepackaged ? Rule.PRE_PACKAGED_RULES_INDEX: Rule.CUSTOM_RULES_INDEX)
+                .preference(Preference.PRIMARY_FIRST.type());
 
         SearchRuleRequest searchRuleRequest = new SearchRuleRequest(isPrepackaged, searchRequest);
         return channel -> client.execute(SearchRuleAction.INSTANCE, searchRuleRequest, searchRuleResponse(channel));
diff --git a/src/main/java/org/opensearch/securityanalytics/transport/TransportCorrelateFindingAction.java b/src/main/java/org/opensearch/securityanalytics/transport/TransportCorrelateFindingAction.java
index ef4e19949..790cd53fa 100644
--- a/src/main/java/org/opensearch/securityanalytics/transport/TransportCorrelateFindingAction.java
+++ b/src/main/java/org/opensearch/securityanalytics/transport/TransportCorrelateFindingAction.java
@@ -8,6 +8,7 @@
 import org.apache.logging.log4j.Logger;
 import org.apache.lucene.search.join.ScoreMode;
 import org.opensearch.OpenSearchStatusException;
+import org.opensearch.cluster.routing.Preference;
 import org.opensearch.core.action.ActionListener;
 import org.opensearch.action.ActionRequest;
 import org.opensearch.action.ActionRunnable;
@@ -212,6 +213,7 @@ void start() {
                 SearchRequest searchRequest = new SearchRequest();
                 searchRequest.indices(Detector.DETECTORS_INDEX);
                 searchRequest.source(searchSourceBuilder);
+                searchRequest.preference(Preference.PRIMARY_FIRST.type());
 
                 client.search(searchRequest, new ActionListener<>() {
                     @Override
@@ -291,6 +293,7 @@ public void getTimestampFeature(String detectorType, Map<String, List<String>> c
             SearchRequest searchRequest = new SearchRequest();
             searchRequest.indices(CorrelationIndices.CORRELATION_INDEX);
             searchRequest.source(searchSourceBuilder);
+            searchRequest.preference(Preference.PRIMARY_FIRST.type());
 
             client.search(searchRequest, new ActionListener<>() {
                 @Override
diff --git a/src/main/java/org/opensearch/securityanalytics/transport/TransportDeleteRuleAction.java b/src/main/java/org/opensearch/securityanalytics/transport/TransportDeleteRuleAction.java
index 44cb7ae56..d5be2a420 100644
--- a/src/main/java/org/opensearch/securityanalytics/transport/TransportDeleteRuleAction.java
+++ b/src/main/java/org/opensearch/securityanalytics/transport/TransportDeleteRuleAction.java
@@ -8,6 +8,7 @@
 import org.apache.logging.log4j.Logger;
 import org.apache.lucene.search.join.ScoreMode;
 import org.opensearch.OpenSearchStatusException;
+import org.opensearch.cluster.routing.Preference;
 import org.opensearch.core.action.ActionListener;
 import org.opensearch.action.ActionRunnable;
 import org.opensearch.action.get.GetRequest;
@@ -144,7 +145,8 @@ private void onGetResponse(Rule rule) {
                                 .seqNoAndPrimaryTerm(true)
                                 .version(true)
                                 .query(queryBuilder)
-                                .size(10000));
+                                .size(10000))
+                        .preference(Preference.PRIMARY_FIRST.type());
 
                 client.search(searchRequest, new ActionListener<>() {
                     @Override
diff --git a/src/main/java/org/opensearch/securityanalytics/transport/TransportGetAlertsAction.java b/src/main/java/org/opensearch/securityanalytics/transport/TransportGetAlertsAction.java
index e664e75ae..f01929fc9 100644
--- a/src/main/java/org/opensearch/securityanalytics/transport/TransportGetAlertsAction.java
+++ b/src/main/java/org/opensearch/securityanalytics/transport/TransportGetAlertsAction.java
@@ -11,6 +11,7 @@
 import org.apache.logging.log4j.Logger;
 import org.apache.lucene.search.join.ScoreMode;
 import org.opensearch.OpenSearchStatusException;
+import org.opensearch.cluster.routing.Preference;
 import org.opensearch.core.action.ActionListener;
 import org.opensearch.action.search.SearchRequest;
 import org.opensearch.action.search.SearchResponse;
@@ -111,6 +112,7 @@ protected void doExecute(Task task, GetAlertsRequest request, ActionListener<Get
             SearchRequest searchRequest = new SearchRequest();
             searchRequest.indices(Detector.DETECTORS_INDEX);
             searchRequest.source(searchSourceBuilder);
+            searchRequest.preference(Preference.PRIMARY_FIRST.type());
 
             transportSearchDetectorAction.execute(new SearchDetectorRequest(searchRequest), new ActionListener<>() {
                 @Override
diff --git a/src/main/java/org/opensearch/securityanalytics/transport/TransportGetFindingsAction.java b/src/main/java/org/opensearch/securityanalytics/transport/TransportGetFindingsAction.java
index e84f028fe..f9e7856db 100644
--- a/src/main/java/org/opensearch/securityanalytics/transport/TransportGetFindingsAction.java
+++ b/src/main/java/org/opensearch/securityanalytics/transport/TransportGetFindingsAction.java
@@ -11,6 +11,7 @@
 import org.apache.logging.log4j.Logger;
 import org.apache.lucene.search.join.ScoreMode;
 import org.opensearch.OpenSearchStatusException;
+import org.opensearch.cluster.routing.Preference;
 import org.opensearch.core.action.ActionListener;
 import org.opensearch.action.search.SearchRequest;
 import org.opensearch.action.search.SearchResponse;
@@ -128,6 +129,7 @@ protected void doExecute(Task task, GetFindingsRequest request, ActionListener<G
             SearchRequest searchRequest = new SearchRequest();
             searchRequest.indices(Detector.DETECTORS_INDEX);
             searchRequest.source(searchSourceBuilder);
+            searchRequest.preference(Preference.PRIMARY_FIRST.type());
 
             transportSearchDetectorAction.execute(new SearchDetectorRequest(searchRequest), new ActionListener<>() {
                 @Override
diff --git a/src/main/java/org/opensearch/securityanalytics/transport/TransportIndexDetectorAction.java b/src/main/java/org/opensearch/securityanalytics/transport/TransportIndexDetectorAction.java
index 5126b8796..72c46d794 100644
--- a/src/main/java/org/opensearch/securityanalytics/transport/TransportIndexDetectorAction.java
+++ b/src/main/java/org/opensearch/securityanalytics/transport/TransportIndexDetectorAction.java
@@ -9,6 +9,7 @@
 import org.apache.logging.log4j.Logger;
 import org.apache.lucene.search.join.ScoreMode;
 import org.opensearch.OpenSearchStatusException;
+import org.opensearch.cluster.routing.Preference;
 import org.opensearch.core.action.ActionListener;
 import org.opensearch.action.ActionRunnable;
 import org.opensearch.action.StepListener;
@@ -202,7 +203,9 @@ private void checkIndicesAndExecute(
         User user
     ) {
         String [] detectorIndices = request.getDetector().getInputs().stream().flatMap(detectorInput -> detectorInput.getIndices().stream()).toArray(String[]::new);
-        SearchRequest searchRequest =  new SearchRequest(detectorIndices).source(SearchSourceBuilder.searchSource().size(1).query(QueryBuilders.matchAllQuery()));;
+        SearchRequest searchRequest =  new SearchRequest(detectorIndices)
+                .source(SearchSourceBuilder.searchSource().size(1).query(QueryBuilders.matchAllQuery()))
+                .preference(Preference.PRIMARY_FIRST.type());
         client.search(searchRequest, new ActionListener<>() {
             @Override
             public void onResponse(SearchResponse searchResponse) {
@@ -1130,7 +1133,8 @@ public void importRules(IndexDetectorRequest request, ActionListener<List<IndexM
                             .seqNoAndPrimaryTerm(true)
                             .version(true)
                             .query(queryBuilder)
-                            .size(10000));
+                            .size(10000))
+                    .preference(Preference.PRIMARY_FIRST.type());
 
             client.search(searchRequest, new ActionListener<>() {
                 @Override
@@ -1189,7 +1193,8 @@ public void importCustomRules(Detector detector, DetectorInput detectorInput, Li
                             .seqNoAndPrimaryTerm(true)
                             .version(true)
                             .query(queryBuilder)
-                            .size(10000));
+                            .size(10000))
+                    .preference(Preference.PRIMARY_FIRST.type());
 
             client.search(searchRequest, new ActionListener<>() {
                 @Override
diff --git a/src/main/java/org/opensearch/securityanalytics/transport/TransportIndexRuleAction.java b/src/main/java/org/opensearch/securityanalytics/transport/TransportIndexRuleAction.java
index d13d499d8..60b067011 100644
--- a/src/main/java/org/opensearch/securityanalytics/transport/TransportIndexRuleAction.java
+++ b/src/main/java/org/opensearch/securityanalytics/transport/TransportIndexRuleAction.java
@@ -19,6 +19,7 @@
 import org.opensearch.action.support.HandledTransportAction;
 import org.opensearch.action.support.master.AcknowledgedResponse;
 import org.opensearch.client.Client;
+import org.opensearch.cluster.routing.Preference;
 import org.opensearch.cluster.service.ClusterService;
 import org.opensearch.common.inject.Inject;
 import org.opensearch.common.settings.Settings;
@@ -316,7 +317,8 @@ private void searchDetectors(String ruleId, ActionListener<SearchResponse> liste
                             .seqNoAndPrimaryTerm(true)
                             .version(true)
                             .query(queryBuilder)
-                            .size(10000));
+                            .size(10000))
+                    .preference(Preference.PRIMARY_FIRST.type());
 
             client.search(searchRequest, listener);
         }
diff --git a/src/main/java/org/opensearch/securityanalytics/transport/TransportListCorrelationAction.java b/src/main/java/org/opensearch/securityanalytics/transport/TransportListCorrelationAction.java
index 6e8a84296..a0bc5b8bb 100644
--- a/src/main/java/org/opensearch/securityanalytics/transport/TransportListCorrelationAction.java
+++ b/src/main/java/org/opensearch/securityanalytics/transport/TransportListCorrelationAction.java
@@ -7,6 +7,7 @@
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 import org.opensearch.OpenSearchStatusException;
+import org.opensearch.cluster.routing.Preference;
 import org.opensearch.core.action.ActionListener;
 import org.opensearch.action.ActionRunnable;
 import org.opensearch.action.search.SearchRequest;
@@ -112,6 +113,7 @@ void start() {
             SearchRequest searchRequest = new SearchRequest();
             searchRequest.indices(CorrelationIndices.CORRELATION_INDEX);
             searchRequest.source(searchSourceBuilder);
+            searchRequest.preference(Preference.PRIMARY_FIRST.type());
 
             client.search(searchRequest, new ActionListener<>() {
                 @Override
diff --git a/src/main/java/org/opensearch/securityanalytics/transport/TransportSearchCorrelationAction.java b/src/main/java/org/opensearch/securityanalytics/transport/TransportSearchCorrelationAction.java
index b23b61396..596f16c2a 100644
--- a/src/main/java/org/opensearch/securityanalytics/transport/TransportSearchCorrelationAction.java
+++ b/src/main/java/org/opensearch/securityanalytics/transport/TransportSearchCorrelationAction.java
@@ -8,6 +8,7 @@
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 import org.opensearch.OpenSearchStatusException;
+import org.opensearch.cluster.routing.Preference;
 import org.opensearch.core.action.ActionListener;
 import org.opensearch.action.ActionRunnable;
 import org.opensearch.action.search.MultiSearchRequest;
@@ -117,6 +118,7 @@ void start() {
             SearchRequest searchRequest = new SearchRequest();
             searchRequest.indices(DetectorMonitorConfig.getAllFindingsIndicesPattern(detectorType));
             searchRequest.source(searchSourceBuilder);
+            searchRequest.preference(Preference.PRIMARY_FIRST.type());
 
             client.search(searchRequest, new ActionListener<>() {
                 @Override
@@ -133,6 +135,7 @@ public void onResponse(SearchResponse response) {
                     SearchRequest scoreSearchRequest = new SearchRequest();
                     scoreSearchRequest.indices(CorrelationIndices.CORRELATION_INDEX);
                     scoreSearchRequest.source(scoreSearchSourceBuilder);
+                    scoreSearchRequest.preference(Preference.PRIMARY_FIRST.type());
 
                     client.search(scoreSearchRequest, new ActionListener<>() {
                         @Override
@@ -155,6 +158,7 @@ public void onResponse(SearchResponse response) {
                             SearchRequest searchRequest = new SearchRequest();
                             searchRequest.indices(CorrelationIndices.CORRELATION_INDEX);
                             searchRequest.source(searchSourceBuilder);
+                            searchRequest.preference(Preference.PRIMARY_FIRST.type());
 
                             client.search(searchRequest, new ActionListener<>() {
                                 @Override
@@ -186,6 +190,7 @@ public void onResponse(SearchResponse response) {
                                         SearchRequest searchRequest = new SearchRequest();
                                         searchRequest.indices(CorrelationIndices.CORRELATION_INDEX);
                                         searchRequest.source(searchSourceBuilder);
+                                        searchRequest.preference(Preference.PRIMARY_FIRST.type());
 
                                         mSearchRequest.add(searchRequest);
                                     }
diff --git a/src/main/java/org/opensearch/securityanalytics/util/DetectorUtils.java b/src/main/java/org/opensearch/securityanalytics/util/DetectorUtils.java
index d7f205c89..5e9d25c38 100644
--- a/src/main/java/org/opensearch/securityanalytics/util/DetectorUtils.java
+++ b/src/main/java/org/opensearch/securityanalytics/util/DetectorUtils.java
@@ -5,6 +5,7 @@
 package org.opensearch.securityanalytics.util;
 
 import org.apache.lucene.search.TotalHits;
+import org.opensearch.cluster.routing.Preference;
 import org.opensearch.core.action.ActionListener;
 import org.opensearch.action.search.SearchRequest;
 import org.opensearch.action.search.SearchResponse;
@@ -69,6 +70,7 @@ public static void getAllDetectorInputs(Client client, NamedXContentRegistry xCo
         SearchRequest searchRequest = new SearchRequest();
         searchRequest.source(searchSourceBuilder);
         searchRequest.indices(Detector.DETECTORS_INDEX);
+        searchRequest.preference(Preference.PRIMARY_FIRST.type());
 
         client.search(searchRequest, new ActionListener<>() {
             @Override
diff --git a/src/main/java/org/opensearch/securityanalytics/util/RuleIndices.java b/src/main/java/org/opensearch/securityanalytics/util/RuleIndices.java
index 4bf1c6a14..89e322e6a 100644
--- a/src/main/java/org/opensearch/securityanalytics/util/RuleIndices.java
+++ b/src/main/java/org/opensearch/securityanalytics/util/RuleIndices.java
@@ -8,6 +8,7 @@
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 import org.opensearch.OpenSearchStatusException;
+import org.opensearch.cluster.routing.Preference;
 import org.opensearch.core.action.ActionListener;
 import org.opensearch.action.admin.indices.create.CreateIndexRequest;
 import org.opensearch.action.admin.indices.create.CreateIndexResponse;
@@ -223,7 +224,8 @@ public void deleteRules(ActionListener<BulkByScrollResponse> listener) {
 
     public void countRules(ActionListener<SearchResponse> listener) {
         SearchRequest request = new SearchRequest(Rule.PRE_PACKAGED_RULES_INDEX)
-                .source(new SearchSourceBuilder().size(0));
+                .source(new SearchSourceBuilder().size(0))
+                .preference(Preference.PRIMARY_FIRST.type());
         client.search(request, listener);
     }
 
diff --git a/src/main/java/org/opensearch/securityanalytics/util/RuleValidator.java b/src/main/java/org/opensearch/securityanalytics/util/RuleValidator.java
index d5927088b..534d38675 100644
--- a/src/main/java/org/opensearch/securityanalytics/util/RuleValidator.java
+++ b/src/main/java/org/opensearch/securityanalytics/util/RuleValidator.java
@@ -8,6 +8,8 @@
 import java.util.ArrayList;
 import java.util.List;
 import java.util.stream.Collectors;
+
+import org.opensearch.cluster.routing.Preference;
 import org.opensearch.core.action.ActionListener;
 import org.opensearch.action.StepListener;
 import org.opensearch.action.search.SearchRequest;
@@ -58,7 +60,8 @@ public void validateCustomRules(List<String> ruleIds, String indexName, ActionLi
                         .fetchSource(FetchSourceContext.FETCH_SOURCE)
                         .size(MAX_RULES_TO_VALIDATE)
                 )
-                .indices(Rule.CUSTOM_RULES_INDEX);
+                .indices(Rule.CUSTOM_RULES_INDEX)
+                .preference(Preference.PRIMARY_FIRST.type());
 
         StepListener<SearchResponse> searchRuleResponseListener = new StepListener();
         searchRuleResponseListener.whenComplete(searchRuleResponse -> {