i am currently using the below Query. The search is taking lots of time and the query is against 400GB data. it is even slow when i do a regex query. can you pleas advise if i have to make some changes to the below query to make the search faster?
{
"size" : 0,
"query" : {
"bool" : {
"must" : [ {
"range" : {
"filetimestamp" : {
"from" : "2016-01-01T08:00:00.000Z",
"to" : "2016-11-28T23:41:40.280Z",
"include_lower" : true,
"include_upper" : true
}
}
}, {
"wildcard" : {
"filename" : "CQH"
}
}, {
"regexp" : {
"msg_ext" : {
"value" : ".MESSAGE.*",
"flags_value" : 65535
}
}
} ]
}
},
"fields" : "filename",
"sort" : [ {
"filetimestamp" : {
"order" : "desc"
}
} ],
"aggregations" : {
"file_time_stamp" : {
"date_histogram" : {
"field" : "filetimestamp",
"interval" : "1m",
"min_doc_count" : 1,
"order" : {
"_key" : "desc"
}
},
"aggregations" : {
"file_name" : {
"terms" : {
"field" : "filename",
"size" : 50
}
}
}
}
}
}
thanks