Skip to content

[9.2] Avoid rewrite round_to with expensive queries (#135987) #135992

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 4, 2025
Merged

[9.2] Avoid rewrite round_to with expensive queries (#135987) #135992

merged 1 commit into from
Oct 4, 2025
+153 −1

Conversation

dnhatn
Copy link
Member

@dnhatn dnhatn commented Oct 4, 2025

Backports the following commits to 9.2:

@dnhatn
Avoid rewrite round_to with expensive queries (elastic#135987)
a4b69fb 
Today, we use a threshold (defaults to 128) to avoid generating too many 
sub-queries when replacing round_to with sub-queries. However, we do not
account for cases where the main query is expensive. In such cases,
running many expensive queries is slower and more costly than running a
single query and then reading values and rounding. Our benchmark shows
that this query takes 800ms with query-and-tags, but only 40ms without
it.

TS metric* 
| WHERE host.name LIKE \"host-*\" 
  AND @timestamp >= \"2025-07-25T12:55:59.000Z\" AND @timestamp <= \"2025-07-25T17:25:59.000Z\"
| STATS AVG(AVG_OVER_TIME(`metrics.system.cpu.load_average.1m`)) BY host.name, TBUCKET(5 minutes)
And this query:

TS new_metrics* 
| WHERE host.name IN("host-0", "host-1", "host-2") 
  AND @timestamp >= "2025-07-25T12:55:59.000Z" AND @timestamp <= "2025-07-25T17:25:59.000Z"
| STATS AVG(AVG_OVER_TIME(`metrics.system.cpu.load_average.1m`)) BY host.name, TBUCKET(5 minutes)

reduces from 50ms to 10ms.

This change proposes using the threshold as the number of query clauses 
and assigning higher weights to expensive queries, such as wildcard or
prefix queries. This allows us to disable the rewrite when it is less
efficient, while still enabling it if the number of sub-queries is
small.
@dnhatn dnhatn added :Analytics/ES|QL AKA ESQL >bug auto-merge-without-approval Automatically merge pull request when CI checks pass (NB doesn't wait for reviews!) backport Team:Analytics Meta label for analytical engine team (ESQL/Aggs/Geo) labels Oct 4, 2025
@elasticsearchmachine elasticsearchmachine mentioned this pull request Oct 4, 2025
Merged
@elasticsearchmachine elasticsearchmachine merged commit 2fd160b into elastic:9.2 Oct 4, 2025
34 checks passed
@dnhatn dnhatn deleted the backport/9.2/pr-135987 branch October 4, 2025 16:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
:Analytics/ES|QL AKA ESQL auto-merge-without-approval Automatically merge pull request when CI checks pass (NB doesn't wait for reviews!) backport >bug Team:Analytics Meta label for analytical engine team (ESQL/Aggs/Geo) v9.2.1
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dnhatn @elasticsearchmachine