Hi,
so that is basically the right and only query to use if you want to visualize TOP 5 / per day. ES is actually bucketing all your data into 1h buckets, and than it applies the term aggregation.
It's slow because it first looks at all your data, aggregate everything by 1h buckets and than apply the other agg.
That speed depends also on various factors: time window of your query, data volume, and for sure on you actual cluster configuration. Can you tell me a bit more of those 3 factors?