Search Query Based on Nested Fields

I have this kind of data:

"1655184519597531137": {
            "reply_depth": 1,
            "gather_likes": false,
            "gather_user_data": "false",
            "keyword": "galatasaray",
            "gather_retweets": false,
            "user_id": "Hatice_GS1905"
          },
          "@version": "1",
          "@timestamp": "2023-05-07T13:42:26.252138737Z",
          "1655160784605913090": {
            "reply_depth": 1,
            "gather_likes": false,
            "gather_user_data": "false",
            "keyword": "galatasaray",
            "gather_retweets": false,
            "user_id": "MrEnnyG"
          },
          "1655171782498713601": {
            "reply_depth": 1,
            "gather_likes": false,
            "gather_user_data": "false",
            "keyword": "galatasaray",
            "gather_retweets": false,
            "user_id": "salvareyiz"
          },

I want to find the number of data whose keyword=galatasaray. How can I do that? Thanks in advance.

This looks like a field name that represents a timestamp in nanoseconds. If this is the case it is very bad and will result in mapping explosion. If this is indeed the case I would recommend you change how you index data.

It is tweet id, not timestamp actually.

That is still likely to grow almost linearly over time so is still very bad. You will hit system limits and if you just increase these as a workaround the cluster will eventually grind to a halt. It would be better to move it into a field, e.g. "tweet_id": "1655160784605913090". I suspect this would also solve your query problem as you would then know the full path of the field to query.

Yes, you are absolutely right. Thank you so much!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.