Strange Logstash index fields

Diggy · September 15, 2017, 1:23pm

Good morning or afternoon, folks.

I hope I present my issue understandably, and in the right forum.

I'm running Elastic Stack 5.6, and most things are working well. However, when I try to create a Logstash-based visualization in Kibana, and use "Terms" or "Significant Terms" for aggregation, I'm presented with fields in the pick list, which are strange to me. They look like this:

AccountType.keyword
Action.keyword
ActivityID.keyword

So, ".keyword" seems to be appended to all of the fields. I see the same fields in the "Index Patterns" in Kibana, and they list as "Aggregatable". But, they don't seem to be.

What am I doing wrong?

Thanks.

Diggy · September 15, 2017, 1:59pm

Oh, my config files: https://pastebin.com/9cmeXGEU

NerdSec · September 16, 2017, 3:02am

There is absolutely nothing wrong that you are doing.
This question should ideally fall under kibana or elasticsearch. The keyword that you see appended is because of something called as analyzers.

https://www.elastic.co/guide/en/elasticsearch/reference/current/keyword.html

Regards,
N

Diggy · September 16, 2017, 2:20pm

Thanks, NerdSec. I'll try in another forum.

system · October 14, 2017, 2:20pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Strange Logstash index fields in visualization Kibana	5	827	October 18, 2017
Visualizing Terms In A Field Kibana	4	346	February 7, 2020
Trouble to add new index Kibana	3	723	December 30, 2016
Field_name.keyword appended to fields after upgrading to 6.5.x Elasticsearch	6	630	January 15, 2019
Issue with keyword aggregation following update to 6.0 Kibana	10	2657	January 4, 2018

Strange Logstash index fields

Related topics