Raw field in top N query not working


(Eitan Vesely) #1

Hi all,

i have a field named "msg" in my index that holds an error message string.
when trying to count the top N errors i set the field to msg.raw yet i
still see that the terms are all the words comprising the strings rather
than the whole string as i would expect.
(i did not set this field to be "not_analyzed and if i understand correctly
logstash does that and puts it under the "raw" tag...)
this is my input, configuration and output
[image: image]
https://cloud.githubusercontent.com/assets/8070047/3785753/b6d09b46-19c9-11e4-8eba-5036e867b265.png

[image: image]
https://cloud.githubusercontent.com/assets/8070047/3785744/7b0566f0-19c9-11e4-9227-01efff20a812.png

[image: image]
https://cloud.githubusercontent.com/assets/8070047/3785736/62d79f1c-19c9-11e4-93cf-f5dd89ffc8e7.png

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/b7d9b1bd-7cbc-4fc9-820c-a88eb6c56078%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


(Eitan Vesely) #2

Anyone? please?

On Saturday, August 2, 2014 1:26:51 AM UTC+3, Eitan Vesely wrote:

Hi all,

i have a field named "msg" in my index that holds an error message string.
when trying to count the top N errors i set the field to msg.raw yet i
still see that the terms are all the words comprising the strings rather
than the whole string as i would expect.
(i did not set this field to be "not_analyzed and if i understand
correctly logstash does that and puts it under the "raw" tag...)
this is my input, configuration and output
[image: image]
https://cloud.githubusercontent.com/assets/8070047/3785753/b6d09b46-19c9-11e4-8eba-5036e867b265.png

[image: image]
https://cloud.githubusercontent.com/assets/8070047/3785744/7b0566f0-19c9-11e4-9227-01efff20a812.png

[image: image]
https://cloud.githubusercontent.com/assets/8070047/3785736/62d79f1c-19c9-11e4-93cf-f5dd89ffc8e7.png

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/9c869767-8119-45b0-a3b8-58f5389c01a7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


(system) #3