Elastic packetbeat, log elasticsearch search query took time.

gistfile1.txt

setup:
  # elasticsearch index template
  template:
    enabled: true
    overwrite: true
  # kibana
  dashboards.enabled: true
  kibana.host: '${KIBANA_HOST}'

http:
  enabled: false
  host: 0.0.0.0
  port: 5066

packetbeat:
  interfaces:
    device: any
    type: af_packet
    buffer_size_mb: 50

  protocols:
  - type: http
    ports: [80, 8080, 5000,9200,5601]
    send_headers: true
    send_all_headers: true
    send_response: true
    include_body_for: ["application/json"]
    decode_body: false
    max_body_length: 50766777
    max_message_size: 50766777
    processors:
    - drop_event:
        when:
          not:
            equals:
              url.path: "/_search"
    - decode_json_fields:
        fields: ["http.response.body.content"]
        process_array: true
        max_depth: 1000
        target: "response_as_json"
        overwrite_keys: true
        add_error_key: true
    - convert:
        fields:
        - {from: "response_as_json.took", to: "elasticsearch.took", type: "integer"}
        - {from: "response_as_json.hits.total.value", to: "elasticsearch.total", type: "integer"}
        - {from: "response_as_json.hits.max_score", to: "elasticsearch.max_score", type: "float"}
        ignore_missing: true
        fail_on_error: false
    - drop_fields:
        fields: ["response", "response_as_json", "http.response.body.content"]
        ignore_missing: false


  flows:
    timeout: 30s
    period: 5s

- add_docker_metadata:
   host: "unix:///var/run/docker.sock"

processors:
-  drop_event:
    when:
      not:
        equals:
          type: http

strict.perms: false

output:
  elasticsearch:
    hosts: '${ELASTICSEARCH_HOSTS}'

xpack.monitoring:
  enabled: true
  elasticsearch: '${ELASTICSEARCH_HOSTS}'

  #console:
  #  pretty: true