Kibana search pattern help

Hello there, I am using ELK6.4 stack, I have data like the attached picture, and the search works only if I give like this "headers.direction:external" , but i need it to work when i give "direction:external", I am searching from Kibana.Please advice.

Thanks
Pradeep!

hi @pradeepbill7

The search looks at the field name. so it seems you like to change the headers.direction field to be renamed as direction. You'll likely want to index your documents with the correct fieldname direction.

thanks thomas, I can not upate the index, as it is being used by many other applications, Can I update the elastic template to somehow search direction:value , when headers.direction:value is used ?, like a pattern saying , when headers.* is searched , either strip "headers" from the query, or go look under headers.

hi @pradeepbill7,

If you cannot reindex, I would look at adding a field alias to your index. https://www.elastic.co/guide/en/elasticsearch/reference/master/alias.html. You can add one for the fields you would like to rename.

thanks Thomas, we are using elastic 6.3 , I tried the example at https://www.elastic.co/guide/en/elasticsearch/reference/master/alias.html , and it throws error like below, is there something I have to enable to get the field level aliases to work ?

{

· "error": {

o "root_cause": [

§ {

§ "type": "mapper_parsing_exception",

§ "reason": "No handler for type [alias] declared on field [route_length_miles]"

}

o ],

o "type": "mapper_parsing_exception",

o "reason": "Failed to parse mapping [_doc]: No handler for type [alias] declared on field [route_length_miles]",

o "caused_by": {

§ "type": "mapper_parsing_exception",

§ "reason": "No handler for type [alias] declared on field [route_length_miles]"

}

· },

· "status": 400

}

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.