Elasticsearch keeps indexing nested fields as text

Mugen · June 12, 2018, 1:17pm

I've got some terribly nested log messages in JSON format. Somehow elasticsearch keeps mapping one of the field as text eventough it contains several subfields. Is there something wrong with my mapping ?

Message in Kibana:

Message as JSON (in Kibana)

json

{
    "index_patterns": "azure-*",
    "version": 0,
    "mappings": {
        "doc": {
            "properties": { 
                "records": {
                    "type": "nested",
                    "properties": {
                        "requestbody": {
                            "properties": {
                                "properties": {
                                    "properties": {
                                        "encryption": {
                                            "properties": {
                                                "keySource": {
                                                    "type": "keyword"
                                                },
                                                "keyvaultproperties": {
                                                    "properties": {
                                                        "keyversion": {
                                                            "type": "keyword"
                                                        },
                                                        "keyname": {
                                                            "type": "keyword"
                                                        },
                                                        "keyvaulturi": {
                                                            "type": "keyword"
                                                        }
                                                    }
                                                },
                                                "services" : {
                                                    "properties":{
                                                        "blob" : {
                                                            "properties": {
                                                                "enabled":{
                                                            "type": "boolean"
                                                        }}},
                                                        "file" : {
                                                            "properties": {
                                                                "enabled":{
                                                            "type": "boolean"
                                                        }}}
                                                    }
                                                }
                                            }
                                        }
                                    }
                                }
                            }
                        },

Mugen · June 12, 2018, 1:39pm

Another problem is, that fields like records.minimum aren't filterable.
As soon as I create "exists" filter. Kibana says there are no documents.

Mugen · June 12, 2018, 3:03pm

Solved the problem. I deleted my index template. Indexed my data and used the automatically generated mapping as a template. Hope this helps some of you. Wish I would have thought of this earlier.

system · July 10, 2018, 3:03pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.