Hello
I don't understand why when searching through kibana, it doesn't highlight the result for the log_message field.
"log_message" is the parsed "message" field, by grok.
I can only assume that the kibana is not looking around this field and therefore does not highlight it.
How to change it?
You can see what Kibana is exactly checking from the Inspect tool in the top right corner. There you will see the query and response from Elasticsearch.
My only idea is to confirm the mapping details from the log_message field. Is it maybe not indexed and only stored?
Take a look at this example just from the DevTools without creating a DataView or using Discover at all.
# Delete if exists
DELETE delete_text_keyword
# Define an index with a keyword and a non indexed text field
PUT delete_text_keyword
{
"mappings": {
"properties": {
"text_field": {
"type": "text",
"index": false
},
"keyword_field": {"type": "keyword"}
}
}
}
# Index a couple of records
POST delete_text_keyword/_bulk
{"index" : {}}
{ "text_field": "hola", "keyword_field": "hola"}
{"index" : {}}
{ "text_field": "mundo", "keyword_field": "mundo"}
# Minimal search and highlight
GET delete_text_keyword/_search
{
"_source": false,
"query": {
"bool": {
"must": [
{
"query_string": {
"query": "*hola*"
}
}
]
}
},
"highlight": {
"fields": {
"*": {}
}
}
}
Only the keyword field is retrieved and highlighted
Sorry if this is super-evident but with the details provided is hard to go further.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
