Search Query Based on Nested Fields

Elastic Stack Elasticsearch
1

I have this kind of data:

"1655184519597531137": {
            "reply_depth": 1,
            "gather_likes": false,
            "gather_user_data": "false",
            "keyword": "galatasaray",
            "gather_retweets": false,
            "user_id": "Hatice_GS1905"
          },
          "@version": "1",
          "@timestamp": "2023-05-07T13:42:26.252138737Z",
          "1655160784605913090": {
            "reply_depth": 1,
            "gather_likes": false,
            "gather_user_data": "false",
            "keyword": "galatasaray",
            "gather_retweets": false,
            "user_id": "MrEnnyG"
          },
          "1655171782498713601": {
            "reply_depth": 1,
            "gather_likes": false,
            "gather_user_data": "false",
            "keyword": "galatasaray",
            "gather_retweets": false,
            "user_id": "salvareyiz"
          },

I want to find the number of data whose keyword=galatasaray. How can I do that? Thanks in advance.

2

This looks like a field name that represents a timestamp in nanoseconds. If this is the case it is very bad and will result in mapping explosion. If this is indeed the case I would recommend you change how you index data.

3

It is tweet id, not timestamp actually.

4

That is still likely to grow almost linearly over time so is still very bad. You will hit system limits and if you just increase these as a workaround the cluster will eventually grind to a halt. It would be better to move it into a field, e.g. "tweet_id": "1655160784605913090". I suspect this would also solve your query problem as you would then know the full path of the field to query.

5

Yes, you are absolutely right. Thank you so much!

6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.