Hi,
using ElasticSearch and Kibana 5.1.1 for timeseries data. I've made field mapping according to https://www.elastic.co/blog/elasticsearch-as-a-time-series-data-store, where author encourages not to use index on those fields, as they wont be queryable, but aggregations should be fine.
But with this mapping, or even if I use type=keyword and index=false (to be up to date with ES 5.x), all the index=false/no fields Kibana displays as non-searchable and non-aggregatable.
Is this mapping wrong or is it Kibana? Because I can run aggregations for those data without any problem.
Did you specify "doc_values": true for the fields not being indexed like in the mappings in the blog post? Can you share your mappings?
Yes, here it is
"mappings": {
"log": {
"dynamic_templates": [
{
"strings": {
"match": "*",
"match_mapping_type": "string",
"mapping": {
"type": "keyword",
"doc_values": true,
"index": "not_analyzed"
}
}
}
],
"_all": { "enabled": false },
"_source": { "enabled": false },
"properties": {
"@timestamp": { "type": "date", "doc_values": true },
"c": { "type": "keyword", "doc_values": true, "index": false },
"s": { "type": "integer", "doc_values": true, "index": false },
"t": { "type": "integer", "doc_values": true, "index": false },
"cnt": { "type": "integer", "doc_values": true, "index": false },
"a": { "type": "keyword", "doc_values": true, "index": false },
"b": { "type": "keyword", "doc_values": true, "index": false },
"tr": { "type": "keyword", "doc_values": true, "index": false }
}
}
}