Fielddata is disabled, but I have added a keyword field

Terran · March 17, 2020, 10:50am

Sorry for the delay our office is working hard to manage our plan for working with the current crisis. Speaking of which, thank you so much for helping me, not sure how things are impacting you, but I appreciate it.

This should link to the mappings: https://gist.github.com/terrandfw/f4a474644ef5f6df5abba7b4d93e3f9f

dadoonet · March 17, 2020, 12:05pm

As you can see, inside the host object, you have:

        "name" : {
          "type" : "text",
          "fields" : {
            "keyword" : {
              "type" : "keyword",
              "ignore_above" : 256
            }
          }
        },

This means that you index does not have recreated or that the index template does not match the index name or that the index template does not have correctly created.

Until the mapping is correct, you need to fix that before moving forward.

My guess here is that you did not drop the existing data and recreate the data.

Terran · March 17, 2020, 2:04pm

I created the template and reindexed everything. I will just blow away my current indices and see what the results are.

rameshkr1994 · March 18, 2020, 9:21am

Hi @Terran

You need to map your index-

https://www.elastic.co/guide/en/elasticsearch/reference/current/mapping.html

Thanks
HadoopHelp

Terran · March 18, 2020, 4:54pm

I have been trying to do so. I will make another effort and report my results soon. We are still ironing out issues with moving everyone remote so I am tied up pretty solid. Thank you for keeping an eye on this though.

Terran · March 23, 2020, 12:19pm

Here is what I have under the mapping tab inside the template management section in kibana

    {
  "properties": {
    "host": {
      "properties": {
        "name": {
          "type": "keyword"
        }
      }
    }
  }
}

This doesn't seem to map host.name like I think it should, but I don't know why.

Terran · March 26, 2020, 2:38pm

Did I just do this wrong?

dadoonet · March 26, 2020, 3:09pm

Probably. But hard to know what you did so there is no way to comment more.

Terran · March 26, 2020, 4:49pm

I could supply the mappings from the index in question, then the above mappings I added via the kibana interface to the template. Is that the best way to do this?

dadoonet · March 26, 2020, 5:09pm

It would help to have the exact steps you followed.

Terran · March 27, 2020, 4:46pm

I know my query was malformed. Just not sure how or where. I am still trying to learn as I am new to the platform. I updated the mappings via Kibana UI and after the index rolled over this seemed to resolve the issue.

Thank you so much for sticking with this, but it seems I am in good shape. Just wish I had learned where my query was broken so I don't repeat the issue.

system · April 24, 2020, 4:46pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.