This is the marvel sense query i ran which i assume is the equivalent of running * search on kibana
GET logstash-2015.07.21,logstash-2015.07.20,logstash-2015.07.19,logstash-2015.07.18,logstash-2015.07.17,logstash-2015.07.16,logstash-2015.07.15/_search
{
"query": {
"match_all": {
}
}
}
Result came back really fast
"took": 2969,
"timed_out": false,
"_shards": {
"total": 56,
"successful": 56,
"failed": 0
},
"hits": {
"total": 9140358688,
"max_score": 1,
Might the slowness be because kibana by default does all searches against the message field?