Keep Strings when Labeling

yeikel · August 30, 2016, 6:19pm

I have the following sample Json file:

`{"id":1,"name":"Rachel Moreno","street":"Kinsman","gender":"Female","email":"rmoreno0@huffingtonpost.com","username":"rmoreno0","credit_card_type":"mastercard","balance":"$65306.75","credit_card_number":"5100137085196689","currency_code":"MNT","job_title":"Senior Financial Analyst","company_name":"Vidoo"}`

I ingested it with logstash and generated the following document :

{
  "_index": "mockdata",
  "_type": "logs",
  "_id": "AVbckgRz8F8VRgCfhXm7",
  "_score": null,
  "_source": {
    "@version": "1",
    "@timestamp": "2016-08-30T17:49:30.629Z",
    "id": 1,
    "name": "Rachel Moreno",
    "street": "Kinsman",
    "gender": "Female",
    "email": "rmoreno0@huffingtonpost.com",
    "username": "rmoreno0",
    "credit_card_type": "mastercard",
    "balance": "$65306.75",
    "credit_card_number": "5100137085196689",
    "currency_code": "MNT",
    "job_title": "Senior Financial Analyst",
    "company_name": "Vidoo"
  },
  "fields": {
    "@timestamp": [
      1472579370629
    ]
  },
  "highlight": {
    "name": [
      "@kibana-highlighted-field@Rachel@/kibana-highlighted-field@ @kibana-highlighted-field@Moreno@/kibana-highlighted-field@"
    ]
  },
  "sort": [
    1472579370629
  ]
}

I am trying to build a graph that connects fields in a structure like the following :

Name
job_title

The very first query that I ran is the following :

GET mockdata/_graph/explore
{
	"query": {
		"query_string": {
			"default_field": "_all",
			"query": "\"Rachel Moreno\""
		}
	},
	"controls": {
		"use_significance": true,
		"sample_size": 2000,
		"timeout": 5000
	},
	"connections": {
		"vertices": [
			{
				"field": "job_title",
				"size": 1,
				"min_doc_count": 1
			}
		]
	},
	"vertices": [
		{
			"field": "job_title",
			"size": 1,
			"min_doc_count": 1
		}
	]
}

And this is the response that I received

{
  "took": 0,
  "timed_out": false,
  "failures": [],
  "vertices": [
    {
      "field": "job_title",
      "term": "analyst",
      "weight": 1,
      "depth": 0
    },
    {
      "field": "job_title",
      "term": "financial",
      "weight": 0.95,
      "depth": 1
    }
  ],
  "connections": [
    {
      "source": 0,
      "target": 1,
      "weight": 0.95,
      "doc_count": 17
    }
  ]
}

The problem is that this creates two vertices Analyst and Financial when what I am looking for is to produce just one vertice.

My desired result should be

Name \ Rachel Moreno
job_title Senior Financial Analyst

Mark_Harwood · August 30, 2016, 9:25pm

You've hit the classic new and york problem when you really want to see just new york.

This is addressed using mappings and the following is a useful guide to preparing content for both search and analytics: https://www.elastic.co/guide/en/elasticsearch/guide/master/aggregations-and-analysis.html

yeikel · August 31, 2016, 3:07am

That's indeed the problem. Thank you