I remember doing this once upon a time but can't figure it out anymore....
I have a field that is stored as both text and keyword. I would like to aggregate and visualize on a table the frequency of terms within the field. However, using the Bar graph visualizations, both horizontal and vertical, I only see the field as .keyword. If I go to Index Patterns under Advanced Settings, I see both the text field and keyword field rows, but the text row says it's not aggregatable. What am I doing wrong here?
As far as what specifically I want. I have a bunch of URLs that look like default.aspx?search=pollling%20places. I want to identify top search requests, for example, this would be pollling and places. Perhaps this doesn't work here because Elasticsearch/Kibana doesn't see more than one term?
What kind of data type would be ideal for what I'm trying to accomplish? Would it be better to, using logstash, remove the junk data, in this case default.aspx?search= and build a separate field that contains an array of words to be analyzed?
Looking at the Elasticsearch documentation, it looks like a Simple Pattern Tokenizer would do what I want. Can Kibana access this data or aggregate and display it? I've setup many index templates, but never used anything in them beyond basic data types so I'm unsure of how that data can be accessed after ingest.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.