I am confused with how keyword type work with aggregatable in Kibana

Ian_Huang · February 19, 2018, 2:32am

HI guys,

I am new to ELK stack. I am trying to understand how keyword type work with different setting. To test, I set following fields:

    "OS":     { "type": "text","fields":{
      "keyword":{
        "type":"keyword",
        "ignore_above":256
      }

    }},    
    "OS2":     { "type": "keyword",index: false  }, 
    "OS3":     { "type": "keyword",index: false,"ignore_above":256 }, 
    "OS4":     { "type": "keyword",index: true,"ignore_above":256 }, 
    "tt":     { "type": "keyword",index: true},

From management console in Kabana, I can see all fields above are aggregatable.

But only OS.keyword can return results as expected. The other fields always return zero results.

GET /logs3/visit3/_search?pretty
{
"aggs":{
"os2":{
"terms":{
"field": "OS2"
}
}
}
}

Can you help me to point what is correct way to set a non-indexed type but aggregatable field?

Possible values in fields are: Mac OS, IOS, Android....

Hanish_Bansal · February 19, 2018, 3:25am

If index is set to false then you would not be able to query on that field. Try running aggregation on OS4, it should give you results.
For Aggregations, index should be true and type should be keyword.

system · March 19, 2018, 3:25am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Mapping text field with keyword not aggregatable Elasticsearch	5	3629	February 1, 2017
Searchable, aggregatable Kibana	5	4627	May 19, 2017
Strange Logstash index fields in visualization Kibana	5	827	October 18, 2017
How aggregatable fields are defined in Kibana Kibana	2	266	March 18, 2020
How to set a string field as aggregable in ELK 5.0? Kibana	11	1545	July 6, 2017

I am confused with how keyword type work with aggregatable in Kibana

Related topics