0

On Elasticsearch 5.6.

We've got a requirement to implement a context free search (a simple google like search anything) feature that could operate over an index with 1000 fields. The index itself can be big (1 million docs per day).

I was looking at the query_string query with a fields as '*'. I came across this section

https://www.elastic.co/guide/en/elasticsearch/reference/master/tune-for-search-speed.html#_search_as_few_fields_as_possible

where it says searching over multiple fields will slow down the search and a general pattern is to have an "all like field with all the values munged and run a search on it.

While this is perfectly possible, my requirement is a bit more complex that these 1000 fields are protected by document level security by using x-pack security. Therefore if I search only for the "all like" field, I might be bringing the top result as the one for which the user actually didn't have any fields relevant to their permission settings. Somewhere there's a gap here is what I foresee. Any thoughts and possible solutions?

user1189332
  • 1,773
  • 4
  • 26
  • 46
  • Is it conceivable to have multiple all fields depending on different security levels? – Val Jul 15 '18 at 08:04
  • That's a hard thing for us because, we're constrained by storage space and if we introduce a new permission and/or include a new field in an existing permission (which could happen), this requires re-indexing isn't it? – user1189332 Jul 15 '18 at 08:20
  • Yes, indeed, if the permissions change that's not ideal. – Val Jul 15 '18 at 08:35

0 Answers0