Hi,
I've been trying out X-Pack Rollup (in 6.7) and cannot use Kibana to perform any terms queries for exact matches on terms that I configured Rollup for. I'm not sure whether I've done something wrong or it's just not supported or not supported yet. Is there a way to use either the Kibana search bar or the little filter panes to filter rolled-up data using terms groups that were configured in the rollup job?
Below is just more elaboration in case the question is not clear.
I am able to run aggregations on the terms using data tables with rows split by the relevant term, which is currently explicitly supported by Rollup. A data table that runs the following type of agg, for example, works.
"aggs": {
"2": {
"terms": {
"field": "my_text_field.raw",
"size": 5,
"order": {
"_count": "desc"
}
}
}
}
But if I go to apply my_text_field.raw as a filter using the (+) magnifying glass (which instead uses the match_phrase query) the query fails as:
Rollup search error: [illegal_argument_exception] Unsupported Query in search request: [match_phrase]
Using the search bar with exact terms matches, which uses a query_string, also fails. For example, searching for
my_text_field.raw:"my_text_val"
where "my_text_val" is an exact match for a data table row value, gives:
Rollup search error: [illegal_argument_exception] Unsupported Query in search request: [query_string]