Add live queries doc and update top queries doc (#9658)

* Add live queries doc and update top queries doc

Signed-off-by: Jason Chenyang Ji <[email protected]>

* Doc review

Signed-off-by: Fanit Kolchina <[email protected]>

* Apply suggestions from code review

Co-authored-by: Nathan Bower <[email protected]>
Signed-off-by: kolchfa-aws <[email protected]>

---------

Signed-off-by: Jason Chenyang Ji <[email protected]>
Signed-off-by: Fanit Kolchina <[email protected]>
Signed-off-by: kolchfa-aws <[email protected]>
Co-authored-by: Fanit Kolchina <[email protected]>
Co-authored-by: kolchfa-aws <[email protected]>
Co-authored-by: Nathan Bower <[email protected]>

Author: 3 people

_install-and-configure/configuring-opensearch/plugin-settings.md

@@ -85,7 +85,7 @@ The Notifications plugin supports the following settings. All settings in this l
 
 ## Query Insights plugin settings
 
-For information about Query Insights plugin settings, see [Query insights settings]({{site.url}}{{site.baseurl}}/observing-your-data/query-insights/index#query-insights-settings).
+For information about Query Insights plugin settings, see [Query Insights features and settings]({{site.url}}{{site.baseurl}}/observing-your-data/query-insights/index#query-insights-features-and-settings).
 
 ## Security plugin settings
 

_observing-your-data/query-insights/index.md

@@ -16,8 +16,10 @@ To monitor and analyze the search queries within your OpenSearch cluster, you ca
 
 Typical use cases for query insights features include the following:
 
-- Identifying top queries by latency within specific time frames
-- Debugging slow search queries and latency spikes
+- Identify the slowest or most resource-intensive queries impacting your cluster.
+- Debug latency spikes and understand query performance patterns.
+- Analyze common slow query structures to find optimization opportunities.
+- Monitor live, in-flight queries to diagnose immediate search performance issues.
 
 Query insights features are supported by the Query Insights plugin. At a high level, query insights features comprise the following components:
 
@@ -35,13 +37,15 @@ bin/opensearch-plugin install query-insights
 ```
 For information about installing plugins, see [Installing plugins]({{site.url}}{{site.baseurl}}/install-and-configure/plugins/).
 
-## Query Insights settings
+## Query Insights features and settings
 
-You can obtain the following information using Query Insights:
+Query Insights provides several ways to monitor and analyze your search queries:
 
-- [Top n queries]({{site.url}}{{site.baseurl}}/observing-your-data/query-insights/top-n-queries/)
-- [Grouping top N queries]({{site.url}}{{site.baseurl}}/observing-your-data/query-insights/grouping-top-n-queries/)
-- [Query metrics]({{site.url}}{{site.baseurl}}/observing-your-data/query-insights/query-metrics/)
+-   **[Top N queries]({{site.url}}{{site.baseurl}}/observing-your-data/query-insights/top-n-queries/)**: Identify the most resource-intensive or slowest queries over specific time frames based on various performance metrics.
+-   **[Grouping top N queries]({{site.url}}{{site.baseurl}}/observing-your-data/query-insights/grouping-top-n-queries/)**: Discover patterns and analyze similar slow queries by grouping them based on query source structure.
+-   **[Live queries monitoring]({{site.url}}{{site.baseurl}}/observing-your-data/query-insights/live-queries/)**: Get real-time visibility into search queries currently executing within your cluster to identify and debug queries that are currently long running or resource heavy.
+-   **[Query insights dashboards]({{site.url}}{{site.baseurl}}/observing-your-data/query-insights/query-insights-dashboard/)**: Visualize and configure top query insights interactively in OpenSearch Dashboards.
+-   **[Query metrics]({{site.url}}{{site.baseurl}}/observing-your-data/query-insights/query-metrics/)**: Understand the specific performance metrics per query type.
 
 ## Query Insights plugin health
 

_observing-your-data/query-insights/live-queries.md

@@ -0,0 +1,107 @@
+---
+layout: default
+title: Live queries
+parent: Query insights
+nav_order: 20
+---
+
+# Live queries
+**Introduced 3.0**
+
+Use the Live Queries API to retrieve currently running search queries across the cluster or on specific nodes. Monitoring live queries using Query Insights allows you to get real-time visibility into the search queries that are currently executing within your OpenSearch cluster. This is useful for identifying and debugging queries that might be running for an unexpectedly long time or consuming significant resources at the moment.
+
+The API returns a list of currently executing search queries, sorted by a specified metric (defaulting to `latency`) in descending order. The response includes the details for each live query, such as the query source, search type, involved indexes, node ID, start time, latency, and resource usage (on the coordinator node) so far.
+
+## Endpoints
+
+```json
+GET /_insights/live_queries
+```
+
+## Query parameters
+
+The following table lists the available query parameters. All query parameters are optional.
+
+| Parameter | Data type | Description |
+| :--- | :--- | :--- |
+| `verbose` | Boolean | Whether to include detailed query information in the output. Default is `true`. |
+| `nodeId` | String | A comma-separated list of node IDs used to filter the results. If omitted, queries from all nodes are returned. |
+| `sort` | String | The metric to sort the results by. Valid values are `latency`, `cpu`, or `memory`. Default is `latency`. |
+| `size` | Integer | The number of query records to return. Default is 100. |
+
+## Example request
+
+The following example request fetches the top 10 queries sorted by CPU usage, with verbose output disabled:
+
+```json
+GET /_insights/live_queries?verbose=false&sort=cpu&size=10
+```
+{% include copy-curl.html %}
+
+## Example response
+
+```json
+{
+  "live_queries" : [
+    {
+      "timestamp" : 1745359226777,
+      "id" : "troGHNGUShqDj3wK_K5ZIw:512",
+      "description" : "indices[my-index-*], search_type[QUERY_THEN_FETCH], source[{\"size\":20,\"query\":{\"term\":{\"user.id\":{\"value\":\"userId\",\"boost\":1.0}}}}]",
+      "node_id" : "troGHNGUShqDj3wK_K5ZIw",
+      "measurements" : {
+        "latency" : {
+          "number" : 13959364458,
+          "count" : 1,
+          "aggregationType" : "NONE"
+        },
+        "memory" : {
+          "number" : 3104,
+          "count" : 1,
+          "aggregationType" : "NONE"
+        },
+        "cpu" : {
+          "number" : 405000,
+          "count" : 1,
+          "aggregationType" : "NONE"
+        }
+      }
+    },
+    {
+      "timestamp" : 1745359229158,
+      "id" : "Y6eBnbdISPO6XaVfxCBRgg:454",
+      "description" : "indices[my-index-*], search_type[QUERY_THEN_FETCH], source[{\"size\":20,\"query\":{\"term\":{\"user.id\":{\"value\":\"userId\",\"boost\":1.0}}}}]",
+      "node_id" : "Y6eBnbdISPO6XaVfxCBRgg",
+      "measurements" : {
+        "latency" : {
+          "number" : 11579097209,
+          "count" : 1,
+          "aggregationType" : "NONE"
+        },
+        "memory" : {
+          "number" : 3104,
+          "count" : 1,
+          "aggregationType" : "NONE"
+        },
+        "cpu" : {
+          "number" : 511000,
+          "count" : 1,
+          "aggregationType" : "NONE"
+        }
+      }
+    }
+  ]
+}
+```
+
+## Response fields
+
+| Field               | Data type | Description                                                                                                |
+| :------------------ | :-------- | :--------------------------------------------------------------------------------------------------------- |
+| `timestamp`         | Long      | The time at which the query task started, in milliseconds since the epoch.                                          |
+| `id`          | String    | The unique identifier of the search request (the search task ID associated with the query).                                     |
+| `description`| String | A description of the query, including the indexes on which it runs, search type, and query source. Only included if `verbose` is `true` (default).          |
+| `node_id`| String    | The coordinator node ID of the node on which the query task is running.                                                        |
+| `measurements`      | Object    | An object containing performance metrics gathered so far for the query.                                     |
+| `measurements.LATENCY` | Object    | Contains the `value` (current running time in nanoseconds) and `unit` (`nanos`).                           |
+| `measurements.CPU`    | Object    | Contains the `value` (CPU time consumed so far in nanoseconds) and `unit` (`nanos`).                      |
+| `measurements.MEMORY` | Object    | Contains the `value` (heap memory used so far in bytes) and `unit` (`bytes`).                             |

_observing-your-data/query-insights/top-n-queries.md

@@ -91,6 +91,184 @@ Parameter | Data type     | Description
 `id`      | String   | The ID of a specific top query record to retrieve.
 `verbose` | Boolean  | Indicates whether to return verbose output. Default is `true`.
 
+### Example response
+
+<details markdown="block">
+  <summary>
+    Response
+  </summary>
+  {: .text-delta}
+
+```json
+{
+  "top_queries" : [
+    {
+      "timestamp" : 1745021834451,
+      "id" : "36506bd2-7bca-4a0a-a6b8-f3e7db2b0745",
+      "group_by" : "NONE",
+      "indices" : [
+        "my-index-0"
+      ],
+      "source" : {
+        "size" : 20,
+        "query" : {
+          "bool" : {
+            "must" : [
+              {
+                "match_phrase" : {
+                  "message" : {
+                    "query" : "document",
+                    "slop" : 0,
+                    "zero_terms_query" : "NONE",
+                    "boost" : 1.0
+                  }
+                }
+              },
+              {
+                "match" : {
+                  "user.id" : {
+                    "query" : "userId",
+                    "operator" : "OR",
+                    "prefix_length" : 0,
+                    "max_expansions" : 50,
+                    "fuzzy_transpositions" : true,
+                    "lenient" : false,
+                    "zero_terms_query" : "NONE",
+                    "auto_generate_synonyms_phrase_query" : true,
+                    "boost" : 1.0
+                  }
+                }
+              }
+            ],
+            "adjust_pure_negative" : true,
+            "boost" : 1.0
+          }
+        }
+      },
+      "task_resource_usages" : [
+        {
+          "action" : "indices:data/read/search[phase/query]",
+          "taskId" : 28,
+          "parentTaskId" : 27,
+          "nodeId" : "BBgWzu8QR0qDkR0G45aw8w",
+          "taskResourceUsage" : {
+            "cpu_time_in_nanos" : 22664000,
+            "memory_in_bytes" : 6604536
+          }
+        },
+        {
+          "action" : "indices:data/read/search",
+          "taskId" : 27,
+          "parentTaskId" : -1,
+          "nodeId" : "BBgWzu8QR0qDkR0G45aw8w",
+          "taskResourceUsage" : {
+            "cpu_time_in_nanos" : 119000,
+            "memory_in_bytes" : 3920
+          }
+        }
+      ],
+      "node_id" : "BBgWzu8QR0qDkR0G45aw8w",
+      "phase_latency_map" : {
+        "expand" : 0,
+        "query" : 23,
+        "fetch" : 0
+      },
+      "labels" : {
+        "X-Opaque-Id" : "query-label-1"
+      },
+      "search_type" : "query_then_fetch",
+      "total_shards" : 1,
+      "measurements" : {
+        "memory" : {
+          "number" : 6608456,
+          "count" : 1,
+          "aggregationType" : "NONE"
+        },
+        "latency" : {
+          "number" : 24,
+          "count" : 1,
+          "aggregationType" : "NONE"
+        },
+        "cpu" : {
+          "number" : 22783000,
+          "count" : 1,
+          "aggregationType" : "NONE"
+        }
+      }
+    },
+    {
+      "timestamp" : 1745021826937,
+      "id" : "86e161d0-e982-48c2-b8da-e3a3763f2e36",
+      "group_by" : "NONE",
+      "indices" : [
+        "my-index-*"
+      ],
+      "source" : {
+        "size" : 20,
+        "query" : {
+          "term" : {
+            "user.id" : {
+              "value" : "userId",
+              "boost" : 1.0
+            }
+          }
+        }
+      },
+      "task_resource_usages" : [
+        {
+          "action" : "indices:data/read/search[phase/query]",
+          "taskId" : 26,
+          "parentTaskId" : 25,
+          "nodeId" : "BBgWzu8QR0qDkR0G45aw8w",
+          "taskResourceUsage" : {
+            "cpu_time_in_nanos" : 11020000,
+            "memory_in_bytes" : 4292272
+          }
+        },
+        {
+          "action" : "indices:data/read/search",
+          "taskId" : 25,
+          "parentTaskId" : -1,
+          "nodeId" : "BBgWzu8QR0qDkR0G45aw8w",
+          "taskResourceUsage" : {
+            "cpu_time_in_nanos" : 1032000,
+            "memory_in_bytes" : 115816
+          }
+        }
+      ],
+      "node_id" : "BBgWzu8QR0qDkR0G45aw8w",
+      "phase_latency_map" : {
+        "expand" : 0,
+        "query" : 15,
+        "fetch" : 1
+      },
+      "labels" : { },
+      "search_type" : "query_then_fetch",
+      "total_shards" : 1,
+      "measurements" : {
+        "memory" : {
+          "number" : 4408088,
+          "count" : 1,
+          "aggregationType" : "NONE"
+        },
+        "latency" : {
+          "number" : 23,
+          "count" : 1,
+          "aggregationType" : "NONE"
+        },
+        "cpu" : {
+          "number" : 12052000,
+          "count" : 1,
+          "aggregationType" : "NONE"
+        }
+      }
+    }
+  ]
+}
+```
+
+</details>
+
 If your query returns no results, ensure that top N query monitoring is enabled for the target metric type and that search requests were made within the current [time window](#configuring-the-window-size).
 {: .important}