Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

What's the difference between the 'field' and 'field.keyword' fields in Kibana?

Tags:

When adding a filter in kibana all string fields have a entry and .keyword entry. What is the difference?

like image 588
PaulB Avatar asked Nov 18 '17 19:11

PaulB

People also ask

What is field keyword?

keyword field takes the same input and keeps as one large string, meaning it can be aggregated on, and you can use wildcard searches on it. Aggregatable means you can use it in aggregations in elasticsearch, which resembles a sql group by if you are familiar with that.

What is field type keyword in Elasticsearch?

The keyword family includes the following field types: keyword , which is used for structured content such as IDs, email addresses, hostnames, status codes, zip codes, or tags. constant_keyword for keyword fields that always contain the same value. wildcard for unstructured machine-generated content.

What are fields in Kibana?

Numeric fields support Bytes, Color, Duration, Histogram, Number, Percentage, String, and Url formatters. The Bytes, Number, and Percentage formatters enable you to choose the display formats of numbers in the field using the Elastic numeral pattern syntax that Kibana maintains.

What is difference between keyword and text in Elasticsearch?

The crucial difference between them is that Elasticsearch will analyze the Text before it's stored into the Inverted Index while it won't analyze Keyword type. Analyzed or not analyzed will affect how it will behave when getting queried.

2 Answers

From elasticsearch 5 there is no string field type, instead there is two types:

Keyword - use it for filter, aggregation and sort.

Text - use it for search text.

When you index documents with string field, for example name, elasticsearch mapping the field to text field for search and to keyword for filter.

Kibana use the field for filter and aggregation, therefore using the keyword.

Look at elasticsearch documentation

like image 186
Lax Avatar answered Oct 02 '22 16:10

Lax

In fact, it is not an Kibana issue, it's an ElasticSearch issue which make full-text and keyword search both conformable. The filed.keyword is for keyword search and aggregation, while the original field is used for full-text search.

There is an official blog specialized for this: https://www.elastic.co/cn/blog/strings-are-dead-long-live-strings

There is also a post on the official discuss board, here is the link for your reference: https://discuss.elastic.co/t/why-am-i-getting-keyword-for-my-feilds-in-index-pattern/137983

like image 42
welkinwalker Avatar answered Oct 02 '22 15:10

welkinwalker
Sign in to Comment

Related questions

sealed class's objects mysteriously becoming null when referenced by other companion object
What is the difference between num_boost_round and n_estimators
"Error: unbound module" in OCaml
Is there a way to lazy load components, not modules, in Angular?
App submission failed - 1+ corrupted binaries/non-public API usage and no additional details
How to SSH into a Kubernetes Node or Server
Airflow dynamic tasks at runtime
Static vector internal data layout - `union` vs `std::aligned_storage_t` - huge performance difference
What's the difference between Foo::new and () -> new Foo()?
How to setup 1D-Convolution and LSTM in Keras
How do I check the default decimal precision when converting float to str?
When are profiles renewed when using "Automatically manage signing"/allowProvisioningUpdates?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!