Combining filters to optimize query?

Elastic Stack Elasticsearch
1

Hello.

Let's assume I have two fields: Event source and event type.
Types of events are unique to sources. Meaning, a specific event type always comes from the same event source.

I am creating a "must" filter, to get specific events.
I can create two filters inside it - one for the event type, and the other for the event source.
What's better?

  1. Use the two filters (Under the assumption adding a logical condition will help speed up the filtering)
  2. Only use the more specific filter of the event type (Under the assumption less filters mean less work because one filter's resultset is a subset of the other filter's resultset)
  3. Forget about this, because the impact is negligible :slight_smile:

Thanks!

2

2 or 3. The only time its useful to include a less selective filter just to
pare down the input to a more selective one is with filters that don't use
the inverted index. That'd mostly be scripts.

1 Like