In the process of query using date sorting, why so time-consuming?

elasticsearch version: 5.0

Use date sort:
GET /logstash-spider-user-*/525983/_search 
{
  "from":0,
  "size":10,
  "query": {
    "bool": {
      "must": [
        {
        "match": {
          "level": "INFO"
        }
        }
      ],
      "filter": [
        {
          "range": {
           "@timestamp": {
              "gte": "2017-08-30 10:00:00",
              "lte": "now",
              "format": "yyyy-MM-dd HH:mm:ss",
              "time_zone": "+08:00"
            }
          }
        }
      ]
    }
  },
  "sort": [
    {
      "@timestamp": {
        "order": "desc"
      }
    }
  ],
 "highlight":{ 
    "pre_tags" : ["<tag>"],
    "post_tags" : ["</tag>"],
    "fields":{
    "message":{}
    }
   }
}

result:

{
  "took": 36685,
  "timed_out": false,
  "_shards": {
    "total": 4,
    "successful": 4,
    "failed": 0
  },
  "hits": {
    "total": 26153559,
    "max_score": null,

Use default sort:
GET /logstash-spider-user-*/525983/_search 
{
  "from":0,
  "size":10,
  "query": {
    "bool": {
      "must": [
      ],
      "filter": [
        {
          "range": {
           "@timestamp": {
              "gte": "2017-08-30 10:00:00",
              "lte": "now",
              "format": "yyyy-MM-dd HH:mm:ss",
              "time_zone": "+08:00"
            }
          }
        }
      ]
    }
  },

 "highlight":{ 
    "pre_tags" : ["<tag>"],
    "post_tags" : ["</tag>"],
    "fields":{
    "message":{}
    }
   }
}

result:

{
  "took": 4459,
  "timed_out": false,
  "_shards": {
    "total": 4,
    "successful": 4,
    "failed": 0
  },
  "hits": {
    "total": 26153559,
    "max_score": 0,

Why the difference so big ?

date sort:
cost time : 30+s
default sort:
cost time: 4+s

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.