Hi,
I am using Elasticsearch GA 5.0.0.
My log file has a field called serverName. It has servers server_a, server_b, and server_c. This is the situation. I pick one specific date from the date picker. From the side panel, when I click the servers term, it expands and shows me server_a, server_b, and server_c. When I click / positive filter server_a, I can see there are 100 entries. I then went to visualization and created a Data Table, with metric as Count and then buckets>Split Rows>Aggregation>Terms. In field, I select Terms and then picks serverName from it. When I run it , I get a yellow banner on top saying;
Courier Fetch: 25 of 70 shards failed.
In the table it shows 75 entries for server_a. Then I selected serverName.keyword and run it. Now the yellow banner is gone and 75 changed to 25.
75+25=100.
What I understood is that some of my entries have serverName.keyword, and some have serverName. I am expecting a table entry showing 100 for server_a. Why is this happening and how can I fix this?
Thanks in advance.