Kibana Queries - depends on the order of the fields?

Jan_Kabelka · March 8, 2021, 10:41am

Hi, I did not find answer on the Internet:( I would like to know - from cluster utilization perspective - if depends on order of fields in query. Specifically, lets say I have index and data below:

"_index": "firewall"

There are more blades sending logs on my firewalls (it means "blade" logs are subset of all logs in index "firewall"), e.g.:

"firewall.blade" : "firewall"
"firewall.blade" : "application"
"firewall.blade" : "ips"

Which query is more effective?

"source.ip" : "10.1.1.2" OR "source.ip" : "10.45.2.5"

("source.ip" : "10.1.1.2" OR "source.ip" : "10.45.2.5") AND "firewall.blade" : "application"

"firewall.blade" : "application" AND ("source.ip" : "10.1.1.2" OR "source.ip" : "10.45.2.5")

Thank you! Jan

system · April 5, 2021, 10:41am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Kibana: Filtering Results Field Order Kibana	3	871	July 11, 2018
Does word order matter in my query? Elasticsearch	2	2235	September 9, 2018
Question About Field order in Discover Kibana	2	201	September 20, 2022
Does csv field order matter when indexing? Logstash	2	477	April 4, 2018
Ordering ES Document Fields like SQL Elasticsearch	5	1344	March 18, 2019

Kibana Queries - depends on the order of the fields?

Related topics