Sorting by .raw fields

Hi guys,

I'm trying to sort rows in a discover section in Kibana 4.5/ES 2.3.2. I have a customer_name field which is analyzed using ngrams, so sorting by it is meaningless. I've added another subfield - customer_name.raw which is not analyzed.

Unfortunately this field does not appear under "Discover section" in Kibana.

So what's the Kibana approach for sorting on analyzed fields?

Thanks,
Zaar

Hi Zaar,

Kibana only shows the analyzed fields on the discover tab. I think this is because Elasticsearch stores the analyzed fields in an inverted index and can return search results very quickly compared to the unanalyzed field.

But you can still filter results on Discover tab on the unanalyzed raw field. So for example, you can still put customer_name.raw:"John Smith" in the search bar.

And the .raw fields are available on the Visualization tab. So you can make a Vertical Bar Chart which looks very similar to the Discover tab and use aggregations on raw fields.

Regards,
Lee

Hi Lee,

Not analyzed fields are stored in inverted index as well. There is no performance consideration here. I'm aware about searching and visualizations, but my question was specifically about sorting.

I guess Kibana's problem in Discover is with multifields and not not_analyzed fields (which are shown BTW).

This would not be a very user-friendly solution but it looks like you could change the sort field in the URL. For example, in the URL below I could change by current sort on "host" to "host.raw"

http://localhost:5601/app/kibana#/discover?_g=()&_a=(columns:!(host),filters:!(),index:'logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'*')),sort:!(host,desc),vis:(aggs:!((params:(field:referer,orderBy:'2',size:20),schema:segment,type:terms),(id:'2',schema:metric,type:count)),type:histogram))&indexPattern=logstash-*&type=histogram

I'll look into some other solutions...

Yes, this works, but indeed very geeky as you say. Looks like a candidate for feature request