elasticsearch - Aggregation returns terms in key , but not the complete field, how can I get full field returned?
You need to have untokenized copies of the terms in the index, in your mapping use multi-fields:
{ "test": { "mappings": { "book": { "properties": { "author": { "type": "string", "fields": { "untouched": { "type": "string", "index": "not_analyzed" } } }, "title": { "type": "string", "fields": { "untouched": { "type": "string", "index": "not_analyzed" } } }, "docType": { "type": "string", "fields": { "untouched": { "type": "string", "index": "not_analyzed" } } } } } } }}In your aggregation query reference the untokenized fields:
"aggs" : { "author" : { "terms" : { "field" : "author.untouched", "size": 20, "order" : { "_term" : "asc" } } }, "title" : { "terms" : { "field" : "title.untouched", "size": 20 } }, "contentType" : { "terms" : { "field" : "docType.untouched", "size": 20 } }}
seems the multi_fields specified in the above post is deprecatedhttp://www.elasticsearch.org/guide/en/elasticsearch/reference/current/_multi_fields.html#_multi_fields
I ran into a similar issue.When I ran the command:
curl -XGET "localhost:9200/logstash*/_mapping?pretty"response had following in it which was useful:
"host" : { "type" : "string", "norms" : { "enabled" : false }, "fields" : { "raw" : { "type" : "string", "index" : "not_analyzed", "ignore_above" : 256 } } },...I realised than that adding .raw should change the output and will get the desired output.
so something like:
"aggs": { "computes": { "terms": { "field": "host.raw", "size": 0 } } }Did the trick for me.
Newbie to the elasticsearch but I am seeing many field of type string has a "raw" field which can be used within query.
It would be good if some experts can shed a light on my findings. Correct/Partially correct/Wrong ?!