Aggrigation with a whole string as key

Elastic Stack Elasticsearch
1

Hi all,
I asked this question at Stack Overflow last week.

In Kibana I'm trying to aggregate the top errors in our log by aggregating
over a term we call LogMessage. This works well except that the aggregation
counts the number each word in the LogMessage appears.

Is it possible to aggregate over a whole string, or am I thinking about
this the wrong way?

/Jörgen

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/4b9d4ebf-1cf1-4204-8b70-739539552d23%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

2

You have to index it as a single token.

You can have the same string indexed twice using multi fields:

Then you can index the string "not analyzed" (as in the multi fields page's
example) or using keyword tokenizer if you need the field analyzed:

2014-11-18 11:46 GMT-02:00 Jörgen Lundberg jorgen.lundberg@gmail.com:

Hi all,
I asked this question at Stack Overflow last week.

elasticsearch - Is it possible to aggregate over a whole string in a Logstash query? - Stack Overflow

In Kibana I'm trying to aggregate the top errors in our log by aggregating
over a term we call LogMessage. This works well except that the aggregation
counts the number each word in the LogMessage appears.

Is it possible to aggregate over a whole string, or am I thinking about
this the wrong way?

/Jörgen

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/4b9d4ebf-1cf1-4204-8b70-739539552d23%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/4b9d4ebf-1cf1-4204-8b70-739539552d23%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAJp2533Gb5jQQLGmVAPykS4mYx9X7ewMVOD31awDYSU5NHBQKw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.