Okey, here is my question: if I define the parameter "size" in the query below, will it be faster? If not how can I make faster that query?
query: { bool: { must: [ { bool: { should: [ { match_phrase: { logTag: LOG1 } } { match_phrase: { logTag: LOG2 } } ] minimum_should_match: 1 } } ] filter: [ { range: { @timestamp: { lte: "2020-10-24T08:19:39.438Z" } } } ] should: [ ] must_not: [ ] } } aggs: { status: { top_hits: { docvalue_fields: [ { field: Severity format: use_field_mapping } ] _source: [ Severity ] size: 1 sort: [ { @timestamp: { order: desc } } ] } } }