I would like to increase my the search speed in kibana.
Since I am not that familar with lucene indexes / elasticsearch yet, I would like to ask you for your opinion.
Searching is real easy via kibana. Just type in a word and all events containing the word are given back.
Now my events have several fields, just like type, payload, message, username, etc.
For example, if I am searching for a username, does it improve the speed if I search for:
username: xyz instead of searching for xyz?
I mean, now ES would know, that it only needs to search within that field, but I am not sure, if the indexing is based on fields or on top level of the document.
I just want to optimize my saved queries and want to give the other team members hints to query as resource nicest as possible
PS:
I am aware of the fact, that I may get also additional events, where the username may occur in a different filed, if not setting the filter for the name. Just think of an example where xyz is ONLY found in the username.
Thanks Andreas
@asp specifying the field that you are searching for text within will generally increase performance. When you don't specify a field, it uses the Default Field of the index which defaults to _all.
The difference in performance between the two really depends on your data. To see how your queries are performing, you can use the "Spy Panel" highlighted below
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
