Why such a huge number of 'other values' showing?

I have loaded 3 of data onto my 4-node ES cluster using logstash.
Everything seems to have worked nicely.

Stats are:
7,545,866,876 documents
58 indices
232 shards
4.7TB

However when I look at the data with Kibana I see the 3 types and a huge
number of 'other values'.

Document types:
term '1' 2,142,281,401
term '2' 1,077,175,717
term '3' 31,442,462
Missing field 0
Other values 4,294,967,296

What is that 'other values' all about? Can anyone explain what it is and
should I do anything about it?
Thanks

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/f08bd648-89ac-4f25-b2aa-55254371fb44%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

It basically means that in your "type" field you have a lot of 1, 2 and 3
And a lot of other values which are not 1, 2 or 3.

But this is obvious.

I guess you asked Kibana to give you only the TOP 3 values?
Try with 10 or 20 and you will See what other values could look like.

Also in Kibana, you can add a table panel and add filters which exclude type 1, type 2 and type 3.
So you will see your related documents in table panel.

HTH

--
David
Twitter : @dadoonet / @elasticsearchfr / @scrutmydocs

Le 24 sept. 2014 à 08:17, bob.webman@gmail.com a écrit :

I have loaded 3 of data onto my 4-node ES cluster using logstash. Everything seems to have worked nicely.

Stats are:
7,545,866,876 documents
58 indices
232 shards
4.7TB

However when I look at the data with Kibana I see the 3 types and a huge number of 'other values'.

Document types:
term '1' 2,142,281,401
term '2' 1,077,175,717
term '3' 31,442,462
Missing field 0
Other values 4,294,967,296

What is that 'other values' all about? Can anyone explain what it is and should I do anything about it?
Thanks

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/f08bd648-89ac-4f25-b2aa-55254371fb44%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/57D5A8E0-CEBF-435F-8E1B-1753D227A7AF%40pilato.fr.
For more options, visit https://groups.google.com/d/optout.

And this is what I don't understand!

I tried that, and did an exclude on types 1,2 &3 and the result was nothing!
No missing and no 'other values'

The filters I did were of the form:
must not
field: _type
value: type1

I have just found something that might explain it to someone who
understands this stuff!

If I filter to MATCH on 'field: _type' = 'type2' or 'type3' then the "other
values" is 0

However if I filter on 'type1' then I get my 4 billion other values, so it
is something to do with 'type1'

eg;
must
field: _type
value: type1

Term Count
type1 2142281401
Missing field 0
Other values 4294967296

With that in mind, how do I now troubleshoot further? I still don't
understand.

On Wednesday, September 24, 2014 7:26:53 AM UTC+1, David Pilato wrote:

It basically means that in your "type" field you have a lot of 1, 2 and 3
And a lot of other values which are not 1, 2 or 3.

But this is obvious.

I guess you asked Kibana to give you only the TOP 3 values?
Try with 10 or 20 and you will See what other values could look like.

Also in Kibana, you can add a table panel and add filters which exclude
type 1, type 2 and type 3.
So you will see your related documents in table panel.

HTH

--
David
Twitter : @dadoonet / @elasticsearchfr / @scrutmydocs

Le 24 sept. 2014 à 08:17, bob.w...@gmail.com <javascript:> a écrit :

I have loaded 3 of data onto my 4-node ES cluster using logstash.
Everything seems to have worked nicely.

Stats are:
7,545,866,876 documents
58 indices
232 shards
4.7TB

However when I look at the data with Kibana I see the 3 types and a huge
number of 'other values'.

Document types:
term '1' 2,142,281,401
term '2' 1,077,175,717
term '3' 31,442,462
Missing field 0
Other values 4,294,967,296

What is that 'other values' all about? Can anyone explain what it is and
should I do anything about it?
Thanks

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearc...@googlegroups.com <javascript:>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/f08bd648-89ac-4f25-b2aa-55254371fb44%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/f08bd648-89ac-4f25-b2aa-55254371fb44%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/48ca6d39-e67f-4cf9-afac-3c5db871a365%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

You could try to run this:

curl -XGET "http://localhost:9200/index/_search" -d'
{
"post_filter": {
"not": {
"filter": {
"or": [
{
"term": {
"_type": "type1"
}
},
{
"term": {
"_type": "type2"
}
},
{
"term": {
"_type": "type3"
}
}
]
}
}
}
}'

--
David Pilato | Technical Advocate | elasticsearch.com
david.pilato@elasticsearch.com
@dadoonet | @elasticsearchfr | @scrutmydocs

Le 24 septembre 2014 à 08:47:41, bob.webman@gmail.com (bob.webman@gmail.com) a écrit:

And this is what I don't understand!

I tried that, and did an exclude on types 1,2 &3 and the result was nothing!
No missing and no 'other values'

The filters I did were of the form:
must not
field: _type
value: type1

I have just found something that might explain it to someone who understands this stuff!

If I filter to MATCH on 'field: _type' = 'type2' or 'type3' then the "other values" is 0

However if I filter on 'type1' then I get my 4 billion other values, so it is something to do with 'type1'

eg;
must
field: _type
value: type1

Term Count
type1 2142281401
Missing field 0
Other values 4294967296

With that in mind, how do I now troubleshoot further? I still don't understand.

On Wednesday, September 24, 2014 7:26:53 AM UTC+1, David Pilato wrote:
It basically means that in your "type" field you have a lot of 1, 2 and 3
And a lot of other values which are not 1, 2 or 3.

But this is obvious.

I guess you asked Kibana to give you only the TOP 3 values?
Try with 10 or 20 and you will See what other values could look like.

Also in Kibana, you can add a table panel and add filters which exclude type 1, type 2 and type 3.
So you will see your related documents in table panel.

HTH

--
David
Twitter : @dadoonet / @elasticsearchfr / @scrutmydocs

Le 24 sept. 2014 à 08:17, bob.w...@gmail.com a écrit :

I have loaded 3 of data onto my 4-node ES cluster using logstash. Everything seems to have worked nicely.

Stats are:
7,545,866,876 documents
58 indices
232 shards
4.7TB

However when I look at the data with Kibana I see the 3 types and a huge number of 'other values'.

Document types:
term '1' 2,142,281,401
term '2' 1,077,175,717
term '3' 31,442,462
Missing field 0
Other values 4,294,967,296

What is that 'other values' all about? Can anyone explain what it is and should I do anything about it?
Thanks

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearc...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/f08bd648-89ac-4f25-b2aa-55254371fb44%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/48ca6d39-e67f-4cf9-afac-3c5db871a365%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/etPan.54226e8e.79e2a9e3.3194%40MacBook-Air-de-David.local.
For more options, visit https://groups.google.com/d/optout.

Thanks for your help with this. I appreciate it.

Here is the result of that query:

{
"took": 5251,
"timed_out": false,
"_shards": {
"total": 232,
"successful": 232,
"failed": 0
},
"hits": {
"total": 0,
"max_score": null,
"hits":
}
}

On Wednesday, September 24, 2014 8:11:25 AM UTC+1, David Pilato wrote:

You could try to run this:

curl -XGET "http://localhost:9200/index/_search" -d'
{
"post_filter": {
"not": {
"filter": {
"or": [
{
"term": {
"_type": "type1"
}
},
{
"term": {
"_type": "type2"
}
},
{
"term": {
"_type": "type3"
}
}
]
}
}
}
}'

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/12393554-3306-4fc3-80b2-4005071f0daf%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

o_O

What does this give?

curl -XGET "http://192.168.59.103:9200/index/_search" -d'
{
"size": 0,
"aggs": {
"by_type": {
"terms": {
"field": "_type"
}
}
}
}'

--
David Pilato | Technical Advocate | elasticsearch.com
david.pilato@elasticsearch.com
@dadoonet | @elasticsearchfr | @scrutmydocs

Le 24 septembre 2014 à 09:39:47, bob.webman@gmail.com (bob.webman@gmail.com) a écrit:

Thanks for your help with this. I appreciate it.

Here is the result of that query:

{
"took": 5251,
"timed_out": false,
"_shards": {
"total": 232,
"successful": 232,
"failed": 0
},
"hits": {
"total": 0,
"max_score": null,
"hits": []
}
}

On Wednesday, September 24, 2014 8:11:25 AM UTC+1, David Pilato wrote:
You could try to run this:

curl -XGET "http://localhost:9200/index/_search" -d'
{
"post_filter": {
"not": {
"filter": {
"or": [
{
"term": {
"_type": "type1"
}
},
{
"term": {
"_type": "type2"
}
},
{
"term": {
"_type": "type3"
}
}
]
}
}
}
}'

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/12393554-3306-4fc3-80b2-4005071f0daf%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/etPan.54227760.109cf92e.3194%40MacBook-Air-de-David.local.
For more options, visit https://groups.google.com/d/optout.

{
"took": 9247,
"timed_out": false,
"_shards": {
"total": 232,
"successful": 232,
"failed": 0
},
"hits": {
"total": 7545866876,
"max_score": 0,
"hits":
},
"aggregations": {
"by_type": {
"buckets": [
{
"key": "type1",
"doc_count": 6437248697
},
{
"key": "type2",
"doc_count": 1077175717
},
{
"key": "type3",
"doc_count": 31442462
}
]
}
}
}

That count in "type1" is the total including "other values" so it appears
that the "type:" or "_type:" fields are screwed somehow?
The total doc_count is right but with those "other values".....

On Wednesday, September 24, 2014 8:48:59 AM UTC+1, David Pilato wrote:

o_O

What does this give?

curl -XGET "http://192.168.59.103:9200/index/_search" -d'
{
"size": 0,
"aggs": {
"by_type": {
"terms": {
"field": "_type"
}
}
}
}'

--
David Pilato | Technical Advocate | elasticsearch.com
http://elasticsearch.com
david....@elasticsearch.com <javascript:>
@dadoonet https://twitter.com/dadoonet | @elasticsearchfr
https://twitter.com/elasticsearchfr | @scrutmydocs
http://twitter.com/scrutmydocs
https://twitter.com/scrutmydocs

Le 24 septembre 2014 à 09:39:47, bob.w...@gmail.com <javascript:> (
bob.w...@gmail.com <javascript:>) a écrit:

Thanks for your help with this. I appreciate it.

Here is the result of that query:

{
"took": 5251,
"timed_out": false,
"_shards": {
"total": 232,
"successful": 232,
"failed": 0
},
"hits": {
"total": 0,
"max_score": null,
"hits":
}
}

On Wednesday, September 24, 2014 8:11:25 AM UTC+1, David Pilato wrote:

You could try to run this:

curl -XGET "http://localhost:9200/index/_search" -d'
{
"post_filter": {
"not": {
"filter": {
"or": [
{
"term": {
"_type": "type1"
}
},
{
"term": {
"_type": "type2"
}
},
{
"term": {
"_type": "type3"
}
}
]
}
}
}
}'

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearc...@googlegroups.com <javascript:>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/12393554-3306-4fc3-80b2-4005071f0daf%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/12393554-3306-4fc3-80b2-4005071f0daf%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/bf0e674e-e9a2-49cd-9bfc-21d5a941bc89%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Sorry. I don't follow. Are you talking about _type field or do you have a type field in your docs?

--
David Pilato | Technical Advocate | elasticsearch.com
david.pilato@elasticsearch.com
@dadoonet | @elasticsearchfr | @scrutmydocs

Le 24 septembre 2014 à 10:01:39, bob.webman@gmail.com (bob.webman@gmail.com) a écrit:

{
"took": 9247,
"timed_out": false,
"_shards": {
"total": 232,
"successful": 232,
"failed": 0
},
"hits": {
"total": 7545866876,
"max_score": 0,
"hits": []
},
"aggregations": {
"by_type": {
"buckets": [
{
"key": "type1",
"doc_count": 6437248697
},
{
"key": "type2",
"doc_count": 1077175717
},
{
"key": "type3",
"doc_count": 31442462
}
]
}
}
}

That count in "type1" is the total including "other values" so it appears that the "type:" or "_type:" fields are screwed somehow?
The total doc_count is right but with those "other values".....

On Wednesday, September 24, 2014 8:48:59 AM UTC+1, David Pilato wrote:
o_O

What does this give?

curl -XGET "http://192.168.59.103:9200/index/_search" -d'
{
"size": 0,
"aggs": {
"by_type": {
"terms": {
"field": "_type"
}
}
}
}'

--
David Pilato | Technical Advocate | elasticsearch.com
david....@elasticsearch.com
@dadoonet | @elasticsearchfr | @scrutmydocs

Le 24 septembre 2014 à 09:39:47, bob.w...@gmail.com (bob.w...@gmail.com) a écrit:

Thanks for your help with this. I appreciate it.

Here is the result of that query:

{
"took": 5251,
"timed_out": false,
"_shards": {
"total": 232,
"successful": 232,
"failed": 0
},
"hits": {
"total": 0,
"max_score": null,
"hits": []
}
}

On Wednesday, September 24, 2014 8:11:25 AM UTC+1, David Pilato wrote:
You could try to run this:

curl -XGET "http://localhost:9200/index/_search" -d'
{
"post_filter": {
"not": {
"filter": {
"or": [
{
"term": {
"_type": "type1"
}
},
{
"term": {
"_type": "type2"
}
},
{
"term": {
"_type": "type3"
}
}
]
}
}
}
}'

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearc...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/12393554-3306-4fc3-80b2-4005071f0daf%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/bf0e674e-e9a2-49cd-9bfc-21d5a941bc89%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/etPan.54227ace.1befd79f.3194%40MacBook-Air-de-David.local.
For more options, visit https://groups.google.com/d/optout.

Yes I have a field called 'type' which matches a string generated in
logstash when send the logs.
eg; type="type1"

The "_type" field is autogenerated somewhere isn't it?

In my fields I can see both "_type" and "type" and they are both "type1" in
this case

On Wednesday, September 24, 2014 9:03:36 AM UTC+1, David Pilato wrote:

Sorry. I don't follow. Are you talking about _type field or do you have a
type field in your docs?

--
David Pilato | Technical Advocate | elasticsearch.com
http://elasticsearch.com
david....@elasticsearch.com <javascript:>
@dadoonet https://twitter.com/dadoonet | @elasticsearchfr
https://twitter.com/elasticsearchfr | @scrutmydocs
http://twitter.com/scrutmydocs
https://twitter.com/scrutmydocs

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/93d15e54-4a5a-4ec2-be8c-f2472c815786%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Might this actually be a problem with the way Kibana is
reporting/displaying?

If I do your query with ("field" = "type") or if I use ("field" = "_type")
I get an answer of 6,440,557,651 for my type1

Might Kibana be timing out or limiting in some way so that it
returns 2,142,281,401 fpr the term="type1" and simply leaves everything
else in the "other" bucket because it timed out? In other words Kibana
leaves it in 'Other values' because it got bored?

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/c36d7fdb-6b0e-46e1-9579-edc5da9a3a4c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

There is a small (i) icon on top right of each panel which can show you what Kibana is exactly running.

--
David Pilato | Technical Advocate | elasticsearch.com
david.pilato@elasticsearch.com
@dadoonet | @elasticsearchfr | @scrutmydocs

Le 24 septembre 2014 à 11:52:22, bob.webman@gmail.com (bob.webman@gmail.com) a écrit:

Might this actually be a problem with the way Kibana is reporting/displaying?

If I do your query with ("field" = "type") or if I use ("field" = "_type") I get an answer of 6,440,557,651 for my type1

Might Kibana be timing out or limiting in some way so that it returns 2,142,281,401 fpr the term="type1" and simply leaves everything else in the "other" bucket because it timed out? In other words Kibana leaves it in 'Other values' because it got bored?

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/c36d7fdb-6b0e-46e1-9579-edc5da9a3a4c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/etPan.5422aefe.643c9869.3a2f%40MacBook-Air-de-David.local.
For more options, visit https://groups.google.com/d/optout.

Yeah, forgot about that! Thanks.

Got this result, which is not right! Before I waste any more time I will
restart my ES cluster....

{
"took": 8894,
"timed_out": false,
"_shards": {
"total": 232,
"successful": 232,
"failed": 0
},
"hits": {
"total": 7556182409,
"max_score": 0,
"hits": []
},
"facets": {
"terms": {
"_type": "terms",
"missing": 0,
"total": 7556182409,
"other": 8589934592,
"terms": [
{
"term": "type1",
"count": -2143083582
},
{
"term": "type2",
"count": 1077854963
},
{
"term": "type3",
"count": 31476436
}
]
}
}
}

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/534cf9da-71c7-44bc-bffa-3c85dc134c73%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Restarted the ES cluster. Same result.

Now I am completely confused. A count of -2143083582 doesn't make much
sense to me. Sigh

On Wednesday, September 24, 2014 2:23:58 PM UTC+1, bob.w...@gmail.com wrote:

Yeah, forgot about that! Thanks.

Got this result, which is not right! Before I waste any more time I will
restart my ES cluster....

{
"took": 8894,
"timed_out": false,
"_shards": {
"total": 232,
"successful": 232,
"failed": 0
},
"hits": {
"total": 7556182409,
"max_score": 0,
"hits":
},
"facets": {
"terms": {
"_type": "terms",
"missing": 0,
"total": 7556182409,
"other": 8589934592,
"terms": [
{
"term": "type1",
"count": -2143083582
},
{
"term": "type2",
"count": 1077854963
},
{
"term": "type3",
"count": 31476436
}
]
}
}
}

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/d50d554b-f6f0-42ab-8039-cebd7baef943%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Finally I think I have solved it!!!! Pretty sure this is it?

Its a BUG

Facets with large value counts (> 2 billion) return a negative number #4856

On Wednesday, September 24, 2014 2:27:55 PM UTC+1, bob.w...@gmail.com wrote:

Restarted the ES cluster. Same result.

Now I am completely confused. A count of -2143083582 doesn't make much
sense to me. Sigh

On Wednesday, September 24, 2014 2:23:58 PM UTC+1, bob.w...@gmail.com
wrote:

Yeah, forgot about that! Thanks.

Got this result, which is not right! Before I waste any more time I will
restart my ES cluster....

{
"took": 8894,
"timed_out": false,
"_shards": {
"total": 232,
"successful": 232,
"failed": 0
},
"hits": {
"total": 7556182409,
"max_score": 0,
"hits":
},
"facets": {
"terms": {
"_type": "terms",
"missing": 0,
"total": 7556182409,
"other": 8589934592,
"terms": [
{
"term": "type1",
"count": -2143083582
},
{
"term": "type2",
"count": 1077854963
},
{
"term": "type3",
"count": 31476436
}
]
}
}
}

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/fb43c693-6f38-49d0-8799-bdb65cf9ad9e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.