问题
I have index mapping like below:
{
"mapping": {
"properties": {
"MyMapProperty": {
"type": "nested",
"properties": {
"first": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"second": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
}
},
"SecondProperty": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"ThirdProperty": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"Timestamp": {
"type": "date"
}
}
}
}
After new document added, it source looks like below:
{
"_index": "indexName",
"_type": "_doc",
"_id": "idlklkm43rgre",
"_version": 1,
"_score": 0,
"_source": {
"MyMapProperty": {
"first": "value1",
"second": "value2",
},
"SecondProperty": "value3",
"ThirdProperty": "value4",
},
"fields": {
"Timestamp": [
"2020-05-11T12:54:49.049Z"
]
}
}
So acltually I see in Kibana available fields: MyMapProperty.fist | MyMapProperty.second |SecondProperty | ThirdProperty
Problem is that when I am trying to search MyMapProperty.fist : value - it finds nothing... However if I will search SecondProperty : value3 - it returns result.
I am trying to understand what I did wrong, is it kibana problem or elastic search, or maybe I am performing some strange actions. Could you please advise...
回答1:
Before ES 7.6, it was not possible to search on nested fields inside Kibana. As of ES 7.6, it is now possible to do so using a specific search syntax, like this:
MyMapProperty:{ first:value }
You can try it out.
Note: this only works with KQL and not with Lucene because the Lucene expression language doesn't support nested fields
回答2:
The solution was to remove type from index definition for "MyMapProperty".
"type": "nested"
After that nested attributes became searchable...
来源:https://stackoverflow.com/questions/61750176/elk-nested-values-are-not-found