We have some users that are killing our performance because they're not putting a field in their Discover searches...rather they are just putting a single value only so elasticsearch has to search through everything.
There used to be an _all field but that was deprecated in 6.0. We're running 8.6. How do I restrict users from doing this, or at least force their queries to hit a certain field instead of every field in the index?
I'm looking into the default_field setting described here: Add default field API | Kibana Guide [8.6] | Elastic but it's not even recognizing the handler when I try it. I don't think the URI is correct.
What vesion are you on?
There is a setting you can put in the template
"settings" : {
"index" : {
"query" : {
"default_field" : ["message"]
That is the upgrade assistant... are you trying to use the upgrade assistant?
Look here
index.query.default_field(string or array of strings) Wildcard (
*) patterns matching one or more fields. The following query types search these matching fields by default:
8.6.1
What I showed above should work, I use it all the time.
It is even dynamic which means you can change it on existing indices!
This worked perfectly and was exactly what we needed. Thanks!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.