Why index_patterns add join datatype, but show string in kibana

cythwell · January 10, 2019, 2:15am

I add a join datatype for parent-child relationship
{
"mappings" : {
"test_data" : {
"properties" : {
"levelStatus" : {
"type" : "join",
"relations" : {
"user" : "unique",
"unique" : "report"
}
}

My point is that user has child unique, while unique also has his child report.
Then I used logstash mutate to add this join field:
mutate {
add_field => {
"levelStatus" => "user"
}
}

mutate {
add_field => {
"[levelStatus][name]" => "unique"
"[levelStatus][parent]" => "hbouser-%{[usageReports][userID]}"
}
}

And first I post parent to elasticsearch , seems all fine.
But when I post child to it, it fails to index to ealsticsearch:
"reason"=>"failed to parse field [levelStatus] of type [text]"

So I went to kibana and found that the "levelStatus" field which I expected it as a join datatype actually is a string type.

Is there andthing wrong with my index_patterns or mutate scripts?

cythwell · January 10, 2019, 2:58am

hmm. seems elasticsearch take “type” as a common field...

"levelStatus" : {
"properties" : {
"relations" : {
"properties" : {
"unique" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"user" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
}
}
},
"type" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
}
}
}

cythwell · January 10, 2019, 3:02am

my sent request is "Post index_patterns/my_index-*"

while the docment is "put my_index"

does it matter?

cythwell · January 10, 2019, 3:51am

Yes..
It work fine when "put my_index", but doesn't work when "post index_patterns/my_index-*"

How I can make it avaiable to all my indeieswhen my indeies looks like: my_index-yyyy.mm.dd ?

dadoonet · January 10, 2019, 6:04am

You probably want this: https://www.elastic.co/guide/en/elasticsearch/reference/6.5/indices-templates.html

cythwell · January 10, 2019, 6:06am

Hi, You means I should post to "_template/my_index-*"?
As I though, index_patterns and template are the same meaning.
Just as the _template will be remove in the furture,
Am I right?

cythwell · January 10, 2019, 6:20am

Hi, thanks a lot.I had tried _template and it finally success.
But I still get confused with it..

dadoonet · January 10, 2019, 8:03am

A template is applied when you create a new index.
It helps to define which settings/mappings you would like to apply automatically when an index name matches the template.

Christian_Dahlqvist · January 10, 2019, 8:34am

I do not see parent-child relations used together with time-based indices very often as all documents related too each other must be located in the same shard (which is why routing is used). What is the rationale behind using parent-child here instead of e.g. flattening the model through denormalisation?

cythwell · January 10, 2019, 8:52am

thanks for reply.
So what's diffrence with template(get _template/) and index_patterns(get index_patterns)?
I was though they are the same. Seems it is not.

cythwell · January 10, 2019, 8:57am

Just like a usermanagement.
the top level will save userinfo, it is also the parent of the second level
the second level will save the devices did this user login. it is also the partent of the last level
the last level will record everthing the user had did in the devices.

Christian_Dahlqvist · January 10, 2019, 9:04am

How often are the different types of data updated?

cythwell · January 10, 2019, 9:30am

The top level will update when user change the userinfo or new register.
the second level will update when action login disappeared
the lastest level will update more often, as the device will keep sending message to elastic.

So the docs inside top level and second level may will not update often, while docs of the latest level will increase fast(every message sended will treat as a new doc).

dadoonet · January 10, 2019, 10:04am

I've never heard about

GET index_patterns

Where did you see that?

cythwell · January 10, 2019, 10:16am

My elasticsearch version is 6.5.4

cythwell · January 10, 2019, 10:20am

I once using "_template" , and elasticsearch noted me that "_template" will will no more use in the further version , and "index_patterns" will take the place of it?
I am not good at english, maybe I had make some understand mistake...

dadoonet · January 10, 2019, 10:29am

That's an index which name is index_patterns.

dadoonet · January 10, 2019, 10:30am

This message was related to the parameters not to the API name.

cythwell · January 10, 2019, 10:31am

Ar I see. You are right...
Haha, So stupid I am...
thanks a lots

system · February 7, 2019, 10:31am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Visualizing Nested Data Type in Kibana Kibana	3	4193	May 14, 2020
Error in creating Index patterns for Join Field Kibana	5	444	December 16, 2021
Join query type in Query DSL Elasticsearch	5	385	February 16, 2021
Could someone help me ? --How to implement join datatype by Java API Elasticsearch	1	469	October 15, 2018
Elasticsearch 6.x Join behaviour Elasticsearch	6	2983	November 26, 2017

Why index_patterns add join datatype, but show string in kibana

Related topics