Cannot query nested field

omgeng · March 29, 2020, 10:50pm

Halo,

I am using elastic cloud ELK. I have created an index with a mapping containing several nested fields. I checked on Kibana and it looks fine. However when I try to write a query in KQL for the nested field, it does not behave the way it should. According to this merge request, and the screenshot below, the autocomplete suggestion should start suggesting a nested syntax while I start to type in the nested field, but it didn't.

https://user-images.githubusercontent.com/6239176/65991057-b9fbfe80-e45a-11e9-907c-827bb2c6e453.gif(image larger than 4096KB)

My index mapping shown in Kibana is as this:

>     "field_1": {
>             "type": "nested",
>             "properties": {
>               "sub-field_1": {
>                 "type": "text",
>                 "fields": {
>                   "keyword": {
>                     "type": "keyword",
>                     "ignore_above": 256
>                   }
>                 }
>               },
>               "sub-field_2": {
>                 "type": "text",
>                 "fields": {
>                   "keyword": {
>                     "type": "keyword",
>                     "ignore_above": 256
>                   }
>                 }
>               },

Also I have tried querying the sub-field directly with a wildcard search, like field_1.sub-field_1: *, but not a single result returned.

Does anyone know what went wrong? Thanks!

mikecote · March 30, 2020, 7:42pm

Hi @omgeng,

This mapping seems to work for me by providing suggestions in the Discover app.

Can you provide the following?

Kibana version
Are you using an index pattern?
Sample data

system · April 27, 2020, 7:46pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.