elasticsearch version: 5.0
Use date sort:
GET /logstash-spider-user-*/525983/_search
{
"from":0,
"size":10,
"query": {
"bool": {
"must": [
{
"match": {
"level": "INFO"
}
}
],
"filter": [
{
"range": {
"@timestamp": {
"gte": "2017-08-30 10:00:00",
"lte": "now",
"format": "yyyy-MM-dd HH:mm:ss",
"time_zone": "+08:00"
}
}
}
]
}
},
"sort": [
{
"@timestamp": {
"order": "desc"
}
}
],
"highlight":{
"pre_tags" : ["<tag>"],
"post_tags" : ["</tag>"],
"fields":{
"message":{}
}
}
}
result:
{
"took": 36685,
"timed_out": false,
"_shards": {
"total": 4,
"successful": 4,
"failed": 0
},
"hits": {
"total": 26153559,
"max_score": null,
Use default sort:
GET /logstash-spider-user-*/525983/_search
{
"from":0,
"size":10,
"query": {
"bool": {
"must": [
],
"filter": [
{
"range": {
"@timestamp": {
"gte": "2017-08-30 10:00:00",
"lte": "now",
"format": "yyyy-MM-dd HH:mm:ss",
"time_zone": "+08:00"
}
}
}
]
}
},
"highlight":{
"pre_tags" : ["<tag>"],
"post_tags" : ["</tag>"],
"fields":{
"message":{}
}
}
}
result:
{
"took": 4459,
"timed_out": false,
"_shards": {
"total": 4,
"successful": 4,
"failed": 0
},
"hits": {
"total": 26153559,
"max_score": 0,
Why the difference so big ?