Although this thread is quite old, I'd still like to see if anyone out there is still experiencing this exact same issue?
We've been working with support for some time now to troubleshoot poor search performance on our (4) ES SH Cluster where a majority of our time is spent in command.search.lookups, where in our (6) Non ES SH Cluster running the exact same search produces lighting fast results.
We are obviously aware of the nature of how ES functions with the automatic lookups, but I"m curious as others experience with Enterprise Security searching vs non ES Search performance? Is it similar, better, worse, and how close is the experience between the environments for end users?
Thanks
... View more