How do I handle fields in elasticsearch that contain a '_'?
I am using a Mongo-Connector targeting elasticsearch. This works great for keeping elasticsearch up to date, but I have a problem with one of the fields because it contains an '_'. The data is being replicated/streamed from mongodb continually if I run a rename/reindex the new documents will start showing up with underscores again.
Kibana does not support underscores at the start of a field. What is the best practice for handling this?
I have filed an issue with elastic2-doc-manager for Mongo-Connector to support ingest nodes, but this feels like a much bigger issue with kibana all my attempts at fixing this issue using scripted fields and renaming the field have failed.
This seems like a huge problem. I see underscores in data everywhere, seems like a very poor decision on the side of the kibana team.
Kibana Error:
I have found some github referencese to this issue, but no work arounds.
- Closed Issue: fields starting with underscore ( _ ) doesn't show
- Never merged Pull request: Lift restriction of not allowing '_'-prefixed fields.
- Open Issue: Allow fields prefixed with _ (originally #4291)
Fields beginning with _ are reserved for use within Elasticsearch. Kibana does not support fields with _ currently, at least not yet. A request for this - https://github.com/elastic/kibana/issues/14856 is still open.
Until then if you would like to use the field in visualizations etc, I believe you need to rename it.
While you can't rename the field easily without using logstash or filebeat and Mongo-Connector doesn't support either of them you can instead use a scripted field as below to create a new filed and copy the _ field's value. That way you can use the new field to visualize etc. Add a new scripted field for ex. itemType with the below script and see if it works.
doc['_itemType.keyword'].value
Please note though that only keyword fields can be used like this, text type fields won't work. If your _itemType field is of type text, modify the mapping to include a sub field keyword of keyword type under _itemType and try the scripted field.
- Find/Remove in @DBref list items in MongoDB for Spring
- How to import dumped Mongodb?
- Group embedded array of documents only
- How to use kubernetes secrets in nodejs application?
- How to return ISO date format in PHP for MongoDB?
- No quotes in MongoDB JSON
- mongodb aggregate get current date
- Querying only the field name in Mongodb
- How to use nanoid module on NodeJS?
- MongoServerError: Plan executor error during findAndModify :: caused by :: Performing an update on the path '_id' would modify the immutable field _id
- Aggregate framework can't use indexes
- MongoDB, Convert a string with commas to double in $convert(aggregation). Failed to parse number '1,533.07'
- How to set MongoDB ReadPreference in Spring MVC's contextConfigLocation
- Reactive Mongo secondaryPreferred
- All charts apps need to be terminated before the project can be deleted
- I am having an issue with replaceAll in MongoDB
- PostgreSQL COPY command from csv file problem for array data
- How to exclude number in MongoDB filter $gte and $lte
- Copy field of each element in an array of a sub-property to another field
- How can I count Mongoose Schema documents with a filter?
- MongoDB Change Stream: Can I get value before update/delete?
- How to change mongodb password in docker compose
- Implement for all classes BsonIgnoreExtraElements
- How to connect to MongoDB with certificate using DataGrip?
- Mongoose - using Populate on an array of ObjectId
- How to null-safe and missing-field-safe determine max length of field in mongodb?
- Why is PyMongo 3 giving ServerSelectionTimeoutError?
- In hosting Next.js app to Vercel, backend API is not working
- How can I use the .find() output for schema validation?
- Environment variable MONGODB_CONFIG_OVERRIDE_NOFORK == 1, overriding \"processManagement.fork\" to false"