We have 6.8 million data in an index with only single shard. We found that a simple sum query on a filed just takes few milliseconds.
To have a confidence on going forward with elasticsearch cluster we wanted to confirm the technique used to perform such aggregation on the fly.
Our postulate is : when a document is getting ingested into the index, the metrices like count, sum, average are pre-calculated for each field value and stored as a part of the index entry itself.
Please clarify if our assumption is wrong.
In that case please suggest on what parameters we decide our capacity planning for aggregations.
I tried to search for similar answers but could not find any satisfactory answers. Some links might also be helpful.