Performance uuid的索引和查询列表

数据中的某些字段将UUID列表作为值。例如：

{
 "name": "pupkin",
 "group": "admins",
 "assets": ["d1f84400-91b6-425c-a11b-9ba7e59930ce",
            "99478356-f6b3-49e2-8cae-f408d5a24492"],
 "action": "login",
 "children": ["2637833e-1017-4d82-bc65-951fffc09c7d",
              "c30f7c34-7a50-4031-bf74-94d413acec15",
              "cffef4ef-df9e-4079-ac2f-50bbe332e223"],
 "level": 20
}

我们对数据的大多数查询都涉及到对UUID长列表的检查（扩展后有几十个，有时数百个，可能数千个）。列表会不时更改，因此无法预计算x∈所有事件中的L代表x，所有列表中的L代表写入时的L

我们目前的e。G使用

\u search？search\u type=count

获取直方图的数据是：

 {"query":
  {"bool":
   {"must": [
    {"query_string": {"query": "user:pupkin AND (assets:d1f84400-91b6-425c-a11b-9ba7e59930ce OR assets:99478356-f6b3-49e2-8cae-f408d5a24492 OR assets:2637833e-1017-4d82-bc65-951fffc09c7d OR assets:c30f7c34-7a50-4031-bf74-94d413acec15)"}},
    {"range": {"time": {"gt": "2014-11-01T00:00:00Z", "lte": "2014-11-01T00:20:00.0001Z"}}},
   ]}},
  "aggs": {"counts": {"date_histogram": {"field": "time", "interval": "minute", "min_doc_count": 0}}}}

---

但这是无效的：60个UUID的列表将查询速度降低了10倍。如何降低该系数？

我会尝试，而不是

query\u string

，过滤器只利用缓存的过滤器功能，从而在后续请求时使其更快：

{
  "query": {
    "filtered": {
      "filter": {
        "bool": {
          "must": [
            {
              "terms": {
                "assets": [
                  "d1f84400-91b6-425c-a11b-9ba7e59930ce",
                  "99478356-f6b3-49e2-8cae-f408d5a24492",
                  "2637833e-1017-4d82-bc65-951fffc09c7d",
                  "c30f7c34-7a50-4031-bf74-94d413acec15"
                ]
              }
            },
            {
              "range": {
                "time": {
                  "gt": "2014-11-01T00:00:00Z",
                  "lte": "2014-11-01T00:20:00.0001Z"
                }
              }
            }
          ]
        }
      }
    }
  },
  "aggs": {
    "counts": {
      "date_histogram": {
        "field": "time",
        "interval": "minute",
        "min_doc_count": 0
      }
    }
  }
}