Hi
I have country field in my elastic search index with value : san francisco,mountain view
But when i visualize pie chart on kibana using country field then it give me chart for both 'san' and 'francisco' rather than giving single one for 'san francisco'.
Please help me out.
Thanks
Gaurav
The field name is analyzed, i.e. split into tokens. The field you use for such aggregations should be non-analyzed. If you don't want to make the field itself non-analyzed you can create subfields that are non-analyzed and use those for aggregations. Check the documentation.
input {
file {
path => "/home/logGenerator.log"
start_position => "beginning"
}
}
filter {
grok {
match => { "message" => '[%{TIMESTAMP_ISO8601:timestamp}] %{NUMBER:TxID} %{WORD:loglevel} (?\d{4}-\d{4}-\d{4}) %{BASE10NUM:amount} %{WORD:method} %{WORD:Merchant} %{NUMBER:pinCode} "(%{GREEDYDATA:msg})"'}
}
}
output {
stdout { codec => rubydebug }
elasticsearch {
hosts => "localhost:9200"
index => "fraud1"
}
}
Let suppose this is my conf file .How i will mention my columns as analysed or non anaylsed .
Thanks
That configuration needs to be done on the Elasticsearch side. As I said, read the documentation about mappings and index templates. I'm happy to help with questions but you have to do your part.
Thanks Magnus ! I got the solution and it is working fine.
Thanks for your support !
Regards
Gaurav
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.