By default, I have a field that is set to not_analyzed. The field contains a string but when using Kibana to do generic searches I have to type the below to find "something" in the string:
fieldLog:(*something*)
I'm thinking that if I create this as analyzed then searching will be a lot simpler?
Does that mean I should use .RAW as a not_analyzed field and fieldLog as Analyzed?
Is there a link on how to enable this?
Thanks
Link to raw field: String Sorting and Multifields | Elasticsearch: The Definitive Guide [2.x] | Elastic
Yes, then no need for wildcard unless you search for part of a word like penc*
Yes if you will do aggregation on fieldLog. If you use only Kibana, it may be more convenient for end users to let fieldLog as not_analyzed and include it in the _all field so that users do not have to use this syntax field:value to search.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.