I was recently hit by the fieldname-with-dots issue in ES2.X. Fortunately, it looks like ES5.0 solves these issues mostly, but I was hoping to get some clarification on an edge case. (NOTE: I don't think we will be designing the system around this edge case, but it would be nice to understand it better).
First, let's take an example document that I just inserted into a fresh ES 5.0 node. I have excluded some details for brevity. This JSON blob comes straight from the 'JSON' tab in Kibana:
{
"_source": {
"sequence": 0,
"@timestamp": "2016-11-02T18:40:32.463Z",
"meta.subField": "string-field",
"meta": {
"subField": "map-field"
},
"@version": "1",
"host": "0a414a7128bc",
"message": "Hello world!"
}
}
Now if I view that same document using the 'Table' tab in kibana, it shows this (again, fields excluded for brevity):
@timestamp November 2nd 2016, 14:40:32.463
@version 1
host 0a414a7128bc
message Hello world!
meta.subField string-field
sequence 0
Notice how the JSON representation properly shows me that meta.subField and meta["subField"] are 2 distinct fields? The 'Table' representation is not able to disambiguate those fields, and only shows one of the fields. This is mostly an annoyance, but is there any way to fix that?
Also, if I start querying ES through Kibana, both of these searches return the same document:
meta.subField:"string-field"
meta.subField:"map-field"
Is there some way to disambiguate the query? For example, is it possible to explicitly search the map instead of the string field, or vice versa?