Which versions are you running?
Also, if your old indices still have 5 shards (e.g., you didn't reindex them), then it's still going to be slow whenever it touches those day's indexes. A 3 GB shard is pretty small, so you could even look at reindexing an entire month (after it's done) into a single 1 or 2 shard index to improve query performance.
Thinking about what ES has to do whenever Kibana sends it a time range request:
- Lookup each index being requested (e.g., let's say 7 days).
- Find all of their shards.
- If each index has 5 shards, then that's 5 * 7 (35) shards that need to be queried. Even if it's fast, that's going to take some time to do all of the communication.
- Even worse, each shard needs to return back a minimum number of documents. Let's say each shard needs to return 10 documents (it's more), then that's 350 documents that need to be passed around the cluster wastefully.
All of that adds up to a slower response because there are too many shards, which is why fixing the sharding will improve things. Similarly, once you have finished writing to yesterday's index, you should look into "optimizing" that index by force merging it.