Is it possible to count each term of a text instead of the complete text to display in Kibana?

DrBatoon · February 2, 2017, 4:11pm

Hi! Im completely new to ES. I have the time and text of tweets stored in a CSV file. I'am using logstash to get them over ES. When I'm using Kibana's Tag Cloud to display the most common words in the tweets, every tweet is considered one term. Is it possible to make Kibana count every term in every tweet instead of just every tweet?

EXAMPLE:
[2017-02-01, foo foo bar]
[2017-02-01, foo bar]
[2017-02-01, foo bar]

RESULT:
2 counts: foo bar
1 count: foo foo bar

WHAT I ACTUALLY WANT:
4 counts: foo
3 counts: bar

and then display this in Kibana

Deuneuv · February 2, 2017, 5:13pm

I think you need to modifiy your index file configuration and choose the specify analyzer for your need

Elasticsearch Reference [5.2] » Analysis » Analyzers

Ivan · February 2, 2017, 5:56pm

The field should be a normal text field, which is analyzed, and not a
keyword field, which is not. You can define further analysis if you want,
but the standard analyzer should be good for most scenarios.

After that, you simply run a terms aggregation over the field, but the
field needs to have fielddata enabled:
https://www.elastic.co/guide/en/elasticsearch/reference/current/fielddata.html

I do not use kibana or logstash, so I do not know how those systems are
configured.

DrBatoon · February 3, 2017, 9:21am

I am trying with

PUT twitter/_mapping/twitter_text

{
   "twitter_text": {
      "properties": {
        "publisher": {
          "type": "text",
          "fielddata": false
        }
      }
   }
}

And the mapping says

GET /twitter/_mapping
"twitter": {
      "mappings": {
         "twitter_text": {
            "_all": {
               "enabled": true,
               "norms": false
            },
            "dynamic_templates": [
               {
                  "message_field": {
                     "path_match": "message",
                     "match_mapping_type": "string",
                     "mapping": {
                        "norms": false,
                        "type": "text"
                     }
                  }
               },
               {
                  "string_fields": {
                     "match": "*",
                     "match_mapping_type": "string",
                     "mapping": {
                        "fields": {
                           "keyword": {
                              "type": "keyword"
                           }
                        },
                        "norms": false,
                        "type": "text"
                     }
                  }
               }
            ],

And twitter_text is still not aggregatable. What am I doing wrong?

DrBatoon · February 3, 2017, 11:04am

Figured I had to build the index before populating it. Build it like

PUT twitter666
{
  "mappings": {
    "tweet": { 
      "_all":       { "enabled": false  }, 
      "properties": {  
        "twitter_text":     { "type": "text", "fielddata": true  }, 
        "user":      { "type": "text" },
        "country":      { "type": "text" },
        "longitude": {"type":"float"},
        "longitude": {"type":"float"}
      }
    }
  }
}

system · March 3, 2017, 11:04am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Counting Terms In Text Field Kibana	3	26	August 6, 2024
How to make Kibana Terms panel to count complete string frequencies, rather than separate words frequencies? Elasticsearch	4	2181	July 6, 2017
Kibana words histogram Kibana	3	2638	July 6, 2017
Count Each word in a text Field Elasticsearch	8	1599	April 12, 2022
Exessive field mapping Twitter to Elasticsearch Logstash	4	1198	June 16, 2017

Is it possible to count each term of a text instead of the complete text to display in Kibana?

Related topics