Hi,
elasticsearch and kibana version: 7.0
We are experiencing mapping explosion with number of fields upto 4500 and increasing. Then the first thing which came to our mind was to implement nested fields to reduce the number of fields. With the help of nested fields we could reduce that number to 100 and hardly will increase beyond this.
But nested fields comes with it's own disadvantages like,
- number of documents will increase
- Kibana doesn't support it. so no simple visualization and cannot search on that field from Kibana (Discover tab)
- Performance problems because every query on nested fields involve a join.
- Limit on number of nested objects (10000) across nested fields of an index.
This seems like a lot of side effects of using nested fields to solve our problem.
In search of an ideal solution, we realised that all our documents doesn't have all the fields! So we are tempted to index the similar documents( in terms of similar fields) in a specific index and rolling over to new index when the limit is hit. And each time we index a document we could check what's the best destination (index) for it. (In terms of similar fields).
But the thing is some of our documents alone has more that 1000 fields. So in this scenario we would hit the limit no matter in which index they end up in.
So what could be the ideal solution without many major side effects like inability to visualize/search from Kibana?
And also if we implement the above solution we thought of, does searching on an index pattern fail? As even though the number of fields of an index will be under 1000 but the index pattern will span on many indices thus resulting in many fields per an index pattern. Is this a issue we are supposed to be concerned about?
Thanks,