Adding additional aggregation causes 15x performance degradation despite small result set

mmiliauskas · July 15, 2025, 10:11am

I have an Elasticsearch query that returns only 107 documents but takes 1.5 seconds to execute. When I remove one specific aggregation (values_brand), the same query completes in 100ms. The brand field only contains 8 unique values (although it is a high cardinality field in general, ~200k unique values) in the result set, so I'm confused why this aggregation is causing such a significant performance impact.

Query:

{
  "track_total_hits": true,
  "size": 100,
  "query": {
    "query_string": {
      "query": "<some query>",
      "default_field": "<some default field>"
    }
  },
  "aggs": {
    "values_retailer": {
      "terms": {
        "size": 5,
        "field": "retailer"
      }
    },
    "values_brand": {
      "terms": {
        "size": 5,
        "field": "brand"
      }
    },
    "values_subindustry": {
      "terms": {
        "size": 5,
        "field": "subindustry"
      }
    }
  }
}

retailer, brand and subindustry are all mapped to keyword field type. Elasticsearch version is 9.0.3.

I have also noticed that if I add "execution_hint": "map" to values_brand aggregation, the speed is greatly improved. However, only for the cases with a handful search results.

carly.richmond · July 15, 2025, 2:31pm

Hi @mmiliauskas,

Welcome to the community! Have you run the query through the Search profiler to confirm which clauses are taking the most time?

mmiliauskas · July 18, 2025, 10:09am

I can only get the output from the profiler if it is helpful:

{
    "type": "GlobalOrdinalsStringTermsAggregator",
    "description": "values_brand",
    "time_in_nanos": 2267874863,
    "breakdown": {
        "reduce": 0,
        "build_aggregation_count": 1,
        "post_collection": 404,
        "reduce_count": 0,
        "initialize_count": 1,
        "collect_count": 638,
        "post_collection_count": 1,
        "build_leaf_collector": 2262322739,
        "build_aggregation": 4493671,
        "build_leaf_collector_count": 935,
        "initialize": 498,
        "collect": 1057551
    },
    "debug": {
        "segments_with_multi_valued_ords": 0,
        "collection_strategy": "dense",
        "segments_with_single_valued_ords": 935,
        "total_buckets": 183121,
        "built_buckets": 1,
        "result_strategy": "terms",
        "has_filter": false
    }
}

carly.richmond · July 18, 2025, 2:30pm

Ok, what about the Kibana query profiler as shown in the screenshot in the documentation?

Topic		Replies	Views
Nested aggregation slows query from ~400ms to 10s Elasticsearch	11	1539	October 8, 2018
Slow terms aggregations Elasticsearch	14	6002	July 5, 2017
Slow aggregation no matter the size of the result set Elasticsearch	3	510	October 26, 2018
What is the impact of aggregated queries on performance Elasticsearch	4	201	September 21, 2023
Aggregation Search Query is slow Elasticsearch	3	485	January 15, 2019

Adding additional aggregation causes 15x performance degradation despite small result set

Related topics