Hi
We've setup ELK/Kibana for one of our applications and using the Discover "Top 5" feature we could quickly identify a specific issue:
I wanted to get this exact same thing (top 5 of field "message") in a Visualization e.g. pie so I could add it to our dashboard but was a bit surprised that I couldn't find back that field in the Visualization.
Anybody any idea what could be the reason?
I did notice this field isn't flagged as aggregatable, could it be linked?
Thx
Wim
You should have another field with the name message.keyword which is aggregateable.
You can use message.keyword in you visualizations
Hi Nathan
thanks for your reply, however I don't have the message.keyword unfortunately
Is this something which needs to be configured?
Brgds
Wim
up... anybody able to help out or point me in the right direction?
thx!
Wim
anyone?
if you are indexing the data Elasticsearch uses a dynamic mapping to assign the right field type based on the data it sees. It does not always map fields to be aggregatable in visualizations. You can make it use any mapping you want it to. Maybe give this a try by using an Explicit mapping | Elasticsearch Guide [7.15] | Elastic
try mapping it as a keyword field
Thank you Graham, we will look into the explicit mapping
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
