Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Could _search sort on @timestamp by default when the index pattern only matches data streams? #71186

Open
jpountz opened this issue Apr 1, 2021 · 5 comments
Assignees
Labels
>enhancement :Search Foundations/Search Catch all for Search Foundations Team:Search Foundations Meta label for the Search Foundations team in Elasticsearch

Comments

@jpountz
Copy link
Contributor

jpountz commented Apr 1, 2021

Not only is sorting by descending @timestamp what users usually want when querying data streams, but it's also faster than sorting by _score when querying large amounts of data thanks to optimizations to skip shards that only contain old data. Could we make it the default?

@jpountz jpountz added >enhancement :Search/Search Search-related issues that do not fall into other categories team-discuss labels Apr 1, 2021
@elasticmachine elasticmachine added the Team:Search Meta label for search team label Apr 1, 2021
@elasticmachine
Copy link
Collaborator

Pinging @elastic/es-search (Team:Search)

@jimczi
Copy link
Contributor

jimczi commented Apr 12, 2021

We discussed offline and agreed that this is something we want to implement.
It will also benefit queries with size: 0 since we sort shards based on the primary sort.

@mayya-sharipova
Copy link
Contributor

Is the plan to always add sort on @timestamp?

  • Should we remove timestamp values from the "sort" section in the resulting hits?
  • If a search contains a scoring query, should we rewrite to sort on [_score, @timestamp]?
  • If a search contains other sorts, should we add an extra sort on @timestamp?

Or is this only for cases when no query and sort provided?

@mayya-sharipova mayya-sharipova self-assigned this May 6, 2021
@jpountz
Copy link
Contributor Author

jpountz commented May 10, 2021

These are good questions, I had not thought about that.

Should we remove timestamp values from the "sort" section in the resulting hits?

My initial take on this is that I'd rather keep them so that the response is the same whether explicitly sorting by @timestamp or relying on the default sort order.

If a search contains a scoring query, should we rewrite to sort on [_score, @timestamp]?
If a search contains other sorts, should we add an extra sort on @timestamp?

Since we don't automatically use _score as a tie-breaker when sorting by field today, I wouldn't always use @timestamp as a tie-breaker. That said I haven't thought much about it.

I think that there is another question that is important, which is should we only do this on data streams, or on any index that deals with time-based data? For instance, some users are still using regular time-based indices if they need updates, and these indices would also benefit from a different default sort. But I don't know how we can identify time-based indices from non-time-based indices.

@javanna javanna added :Search Foundations/Search Catch all for Search Foundations and removed :Search/Search Search-related issues that do not fall into other categories labels Jul 17, 2024
@elasticsearchmachine elasticsearchmachine added the Team:Search Foundations Meta label for the Search Foundations team in Elasticsearch label Jul 17, 2024
@elasticsearchmachine
Copy link
Collaborator

Pinging @elastic/es-search-foundations (Team:Search Foundations)

@elasticsearchmachine elasticsearchmachine removed the Team:Search Meta label for search team label Jul 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
>enhancement :Search Foundations/Search Catch all for Search Foundations Team:Search Foundations Meta label for the Search Foundations team in Elasticsearch
Projects
None yet
Development

No branches or pull requests

6 participants