When I query 15 minutes of data, it takes 7 seconds, but when I adjust the query time range to 7 days, the query times out. How can I improve the efficiency of the query? The query size=10 is all used. Why does the commissioning time range affect the quer

{
    "highlight": {
        "fields": {
            "*": {
                "pre_tags": " [\"<span>\"],",
                "post_tags": "[\"<\/span>\"]"
            }
        },
        "fragment_size": 2147483647
    },
    "size": 10,
    "query": {
        "bool": {
            "filter": [
                {
                    "range": {
                        "@timestamp": {
                            "format": "strict_date_optional_time",
                            "gte": "2024-11-18T06:33:27.776Z",
                            "lte": "2024-11-18T06:48:27.776Z"
                        }
                    }
                }
            ],
            "must": [
                {
                    "query_string": {
                        "default_field": "*",
                        "query": "*",
                        "analyze_wildcard": true
                    }
                }
            ]
        }
    },
    "from": 0,
    "sort": [
        {
            "@timestamp": {
                "unmapped_type": "date",
                "order": "desc"
            }
        }
    ],
    "timeout": "30000ms"
}

Could you please explain, why do you have the "*" in query and default_field.
Even if we don't specify any default_field, it would do multi search across fields.
I think it applied to query as well.

"must": [
                {
                    "query_string": {
                        "default_field": "*",
                        "query": "*",
                        "analyze_wildcard": true
                    }
                }
            ]

I suspect, the "must" block with regex is causing the issue.
Could you try removing this block and cross verify the result set with this block in place.

Please correct me if my understanding is wrong.