Hi!
I am playing with new ELK Stack, after a few bumps I got it working.
I want to create avisualization based on a string field (program) but mostly string fields are marked as "no aggreable" so don't show up in visalizaiton UI.
How can I set a field as "aggregable"?
Thanks
You need to set the field itself as not analysed - or keyword as it's known now.
See https://www.elastic.co/guide/en/elasticsearch/reference/5.0/analysis-keyword-analyzer.html
thanks @warkolm, but there is something I dont understand. This is a portion of default logstash mapping:
"mappings": {
"_default_": {
"dynamic_templates": [
{
"message_field": {
"path_match": "message",
"mapping": {
"norms": false,
"type": "text"
},
"match_mapping_type": "string"
}
},
{
"string_fields": {
"mapping": {
"norms": false,
" fields": {
"keyword": {
"type": "keyword"
}
},
"type": "text"
},
"match_mapping_type": "string",
"match": "*"
}
}
],
So if I understand correctly, it's including a keyword subfield to string fields (foo.keyword), I will prefer to use that subfield because is already there. How can it be used in kibana visualization?
You should be able to pick that field for the visualisation.
no, no string field is showing up
So what is the actual mapping being applied then?
The one I previously posted, the default one set by logstash when there is
not mapping.
The main problem is kibana is not showing up subfields like foo.keyword in
the visualization config
Is that the /indexname/_mapping you receive when issuing a get? Or is it the template.
is the one I get using GET in the kibana REST client.
I am going crazy here
Have you tried refreshing the fields in KB?
after recreating everything it works, so I yet don't know what happened.
Thanks for the help
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.