I’m new to siren technology. I tried to import data with logstash into elastic and create a virtual index in siren.
I don’t understand why some fields are aggregatble or not ?
Regards,
Hi Romaderi,
Aggregation of the fields for the types is a default Elasticsearch behavior.
As you cannot have the aggregation of the text field but you can do the aggregations on the keywords field.
If you want to run the aggregate on the text field then you have to enable the “fielddata:true” as it is disabled by default to make the text field aggregatble.
For example:
If you are not defining any mapping in elasticsearch, then elasticsearch tries to automatically guess the mapping for you. If you sent a text within a xyz field, then elasticsearch created 2 fields behind the scene xyz and xyz.keyword. The former is more for full text search, the later more for computing aggregations, do sorting…
More details are here on this:
https://www.elastic.co/guide/en/elasticsearch/reference/current/fielddata.html
Regards
Manu Agarwal
1 Like