Why would you use the '_all' field?

spuder · May 20, 2015, 5:45pm

According to the documentation, the _all field is useful if you want to search without knowing exactly which field to search on.

The idea of the _all field is that it includes the text of one or more other fields within the document indexed. It can come very handy especially for search requests, where we want to execute a search query against the content of a document, without knowing which fields to search on.

https://www.elastic.co/guide/en/elasticsearch/reference/1.4//mapping-all-field.html

Under what circumstances would you want to turn this off?

The reason I ask, is I am using ELK for logging and I'm having performance problems, and an apache solr expert recommended that I turn '_all' off. I want to understand before I make any changes.

jpountz · May 20, 2015, 9:36pm

In short, _all makes your index a bit larger and slower to index. However at search time it makes it convenient to not have to know which field to search on, it is also likely faster to search on the _all field than running a multi-match query on several fields.

That said, _all is mostly about ease of use of elasticsearch. If you know what you are doing, you can disable it and specify explicitly fields that you want to search on.

Topic		Replies	Views
[just pushed] _all field Elasticsearch	2	267	July 6, 2017
Dazzled and confused with the _all field in 6.+ Elasticsearch	2	664	September 8, 2017
Searching on _all vs bool query on a (large) number of fields Elasticsearch	4	491	July 6, 2017
Elasticsearch 6 and the disappearing _all field Elasticsearch	7	12947	June 14, 2017
About the _all field and full-text search Elasticsearch	8	398	June 4, 2018

Why would you use the '_all' field?

Related topics