Hi,
i indexed around 60 GB of logfiles using logstash.
i used the below filtered query to get results. it is taking more than 3mins to get back the results. the result set is also not a big list, a count of 40.
i made the fields "not analysed" to gain some indexing space. will it be a real problem or do i have to improve the query? please suggest.
{
"query" : {
"filtered": {
"query": { "regexp": { "msg_ext": ".testing Version:.(ABC.) duil." }},
"filter": {
"bool": {
"must" : [
{
"regexp" : {
"path" : {
"value" : ".BONCAT.",
"flags_value" : 65535
}
}
}
]
}
}
}
}
}
thanks