Timeseries optimization and non-aggregatable fields

Hi,
using ElasticSearch and Kibana 5.1.1 for timeseries data. I've made field mapping according to https://www.elastic.co/blog/elasticsearch-as-a-time-series-data-store, where author encourages not to use index on those fields, as they wont be queryable, but aggregations should be fine.

But with this mapping, or even if I use type=keyword and index=false (to be up to date with ES 5.x), all the index=false/no fields Kibana displays as non-searchable and non-aggregatable.

Is this mapping wrong or is it Kibana? Because I can run aggregations for those data without any problem.

Did you specify "doc_values": true for the fields not being indexed like in the mappings in the blog post? Can you share your mappings?

Yes, here it is

"mappings": {
    "log": {
      "dynamic_templates": [
        {
          "strings": {
            "match": "*",
            "match_mapping_type": "string",
            "mapping": {
              "type": "keyword",
              "doc_values": true,
              "index": "not_analyzed"
            }
          }
        }
      ],
      "_all":            { "enabled": false },
      "_source":         { "enabled": false },
      "properties": {
        "@timestamp":    { "type": "date",     "doc_values": true },
        "c":             { "type": "keyword",  "doc_values": true, "index": false },
        "s":             { "type": "integer",  "doc_values": true, "index": false },
        "t":             { "type": "integer",  "doc_values": true, "index": false },
        "cnt":           { "type": "integer",  "doc_values": true, "index": false },
        "a":             { "type": "keyword",  "doc_values": true, "index": false },
        "b":             { "type": "keyword",  "doc_values": true, "index": false },
        "tr":            { "type": "keyword",  "doc_values": true, "index": false }
      }
    }
  }

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.