Type keyword in mapping but not able to aggregate on field kibana

ankush_goswami · March 13, 2017, 12:07pm

Hi All,

I have updated mapping for my logs in Elasticsearch. Below is the mapping I have:-

      "beat" : {
        "properties" : {
          "hostname" : {
            "type" : "keyword"
          },
          "name" : {
            "type" : "keyword"
          },
          "version" : {
            "type" : "text",
            "index" : false,
            "norms" : false
          }
        }
      },

Now when I am trying to aggregate on beat.name in kibana. i am not able to see the field in Visualization aside to this i am seeing another field beat.name.keyword which is not even defined in my mapping. How to correct this as far as I know defining type as keyword will make this field aggregatable.

But I am able to do aggregation in elasticsearch. Please find below.
curl localhost:9200/userserver-logs-2017.03.11/_search?pretty -d '{
"query": {
"match": {
"beat.name": "us-05"
}
},
"sort": {
"beat.name": "asc"
},
"aggs": {
"Name": {
"terms": {
"field": "beat.name"
}
}
}
}'
{
"took" : 14,
"timed_out" : false,
"_shards" : {
"total" : 5,
"successful" : 5,
"failed" : 0
},
"hits" : {
"total" : 117853,
"max_score" : null

ankush_goswami · March 13, 2017, 1:39pm

Guys I have fixed this issue as I can see somehow my mapping was wrong. Corrected the same and it started working _field_stats api helped me to debug this issue.

rashmi · March 15, 2017, 6:59pm

Hi Ankush,

Glad it worked after resolving the mapping issue. I will go ahead and close this ticket for now.

Thanks
Rashmi