In Kibana 5.2.2 I created an index pattern news-*. Now I would like to filter for language:english and show counts split up by real index names.
I thought about using the terms aggregation, but it only includes "internal" _type, but not _index. Is there a way to aggregate over _index in Kibana?
Hi
With _index, elasticsearch tells kibana, aggregating and searching on _index is not allowed as by default as it has no index property. If you have index.raw in your field mappings then you can aggregate over that field.
In my simple experiment I tried this .
{
"logstash-0" : {
"mappings" : {
"_default_" : {
"dynamic_templates" : [
{
"string_fields" : {
"match" : "*",
"match_mapping_type" : "string",
"mapping" : {
"fields" : {
"raw" : {
"type" : "keyword"
}
},
"type" : "text"
}
}
}
],
also there is a ref ticket you could get more info on https://github.com/elastic/kibana/issues/4027
Hope this helps.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
