Elasticsearch keeps indexing nested fields as text

Elastic Stack Elasticsearch
1

I've got some terribly nested log messages in JSON format. Somehow elasticsearch keeps mapping one of the field as text eventough it contains several subfields. Is there something wrong with my mapping ?

Message in Kibana:

Kibana
Kibana.png1498×432 23.7 KB

Message as JSON (in Kibana)

json

{
    "index_patterns": "azure-*",
    "version": 0,
    "mappings": {
        "doc": {
            "properties": { 
                "records": {
                    "type": "nested",
                    "properties": {
                        "requestbody": {
                            "properties": {
                                "properties": {
                                    "properties": {
                                        "encryption": {
                                            "properties": {
                                                "keySource": {
                                                    "type": "keyword"
                                                },
                                                "keyvaultproperties": {
                                                    "properties": {
                                                        "keyversion": {
                                                            "type": "keyword"
                                                        },
                                                        "keyname": {
                                                            "type": "keyword"
                                                        },
                                                        "keyvaulturi": {
                                                            "type": "keyword"
                                                        }
                                                    }
                                                },
                                                "services" : {
                                                    "properties":{
                                                        "blob" : {
                                                            "properties": {
                                                                "enabled":{
                                                            "type": "boolean"
                                                        }}},
                                                        "file" : {
                                                            "properties": {
                                                                "enabled":{
                                                            "type": "boolean"
                                                        }}}
                                                    }
                                                }
                                            }
                                        }
                                    }
                                }
                            }
                        },
2

Another problem is, that fields like records.minimum aren't filterable.
As soon as I create "exists" filter. Kibana says there are no documents.

3

Solved the problem. I deleted my index template. Indexed my data and used the automatically generated mapping as a template. Hope this helps some of you. Wish I would have thought of this earlier. :slight_smile:

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.