I want to visualize the data in Kibana. But, I always get Visualize: Field data loading is forbidden on [FieldName] for all my fields. These are the first two lines of the .csv file I am trying to visualize:
I've read some solutions like converting the values of the fields, but that didnt work (I did convert => { "No" => "integer" } and got the same error for that field).
I've also read about using .raw, but I am completely new to it, and couldn't get it done.
Can anyone help me (if possible, with an easy to follow step by step on how to solve it with .raw) or any other way to solve it?
The Field Data message is coming from Elasticsearch, and basically prevents you from doing aggregations on analyzed fields. It does this because those operations are very expensive. You can enable it in Elasticsearch, but it's not recommended. As you note, you're better off using a .raw version of the field, which is a non-analyzed version of the same field. This is something Logstash does for you automatically, but it's easy to do yourself if you aren't using Logstash.
The easiest way to and able the .raw field is to use Dynamic Templates. You can do something like Logstash does, and just add a .raw field for any String types, or you can get fancier to meet your specific needs.
The .raw field won't actually show up in Discover that way. We treat them weird, so you will only see the type field in the list.
You should see it in Visualize though, when you define the aggregations for your visualization. This is a screenshot from 5.0, but it works the same in 4.x. The only difference is you will see both fields, type and type.raw.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
