Problem in Elasticsearch Wildcard filtered Query

Hi all,

I am trying to write elasticsearch wildcard filtered query for aggregation and below is what I have written. It is working fine but taking so long sometime more than a minute. But if I am searching through kibana results are coming instantly within few seconds. Also CPU load on data node gets higher when running the elastic query but not happening with kibana search.

Elasticsearch query-
{
"query": {
"bool" : {
"must" : [
{ "wildcard" : { "request_url.raw" : "serverstatus*" } }
,{ "range" : { "@timestamp" : { "from" : "now-1800s", "to" : "now-0s" } } }
]
}
},
"aggs" : {
"level" : {
"terms" : {
"field" : "response",
"size" : 300000
}
}
}
}

Kibana Query:
request_url.raw : serverstatus*

Is there a way I can optimize elasticsearch this query like kibana using in background?

@danielmitterdorfer @fcza @issiaka @Allwyn @forloop @dadoonet @warkolm

Please read

Specifically the "be patient" part.

Don't ping people like this unless there are already participating in this thread. It breaks the code of conduct IMO.

A couple of recommendations:

1. Move the range query to a bool query filter clause. The query is a predicate so does not require scoring
2. Instead of asking for 300,000 terms in the aggregation, consider using partitions to return the results over several responses.

If you want exactly the same query as Kibana, then you could also get it in the Request tab

Screenshot 2017-08-11 19.09.14.png2875×1627 394 KB

@dadoonet Pardon me. I tagged few people thinking it would attract their kind attention towards my problem and could help me solving the problem. Also I was not aware of the code of conduct. Anyway thanks for the suggestion.

Thank you for your help. I think this will solve my problem. I was unaware that it is possible to see the query in kibana background.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.