Hi,
It seems that .raw fields are not displayed in search results output (both discover and dashboard) and Kibana throws an error if I try to sort based on analyzed field.
For example I would like to sort by host, but this is not possible. If I use host.raw Kibana shows - instead of text. And if I use host field, it will throw "Field data loading is forbidden on host" error.
So what should I do? Disable analyze on fields that I want to sort? Or some other approach to sort logs?