How do I handle fields in elasticsearch that contain a '_'?
I am using a Mongo-Connector targeting elasticsearch. This works great for keeping elasticsearch up to date, but I have a problem with one of the fields because it contains an '_'. The data is being replicated/streamed from mongodb continually if I run a rename/reindex the new documents will start showing up with underscores again.
Kibana does not support underscores at the start of a field. What is the best practice for handling this?
I have filed an issue with elastic2-doc-manager for Mongo-Connector to support ingest nodes, but this feels like a much bigger issue with kibana all my attempts at fixing this issue using scripted fields and renaming the field have failed.
This seems like a huge problem. I see underscores in data everywhere, seems like a very poor decision on the side of the kibana team.
Kibana Error:
I have found some github referencese to this issue, but no work arounds.
- Closed Issue: fields starting with underscore ( _ ) doesn't show
- Never merged Pull request: Lift restriction of not allowing '_'-prefixed fields.
- Open Issue: Allow fields prefixed with _ (originally #4291)
Fields beginning with _ are reserved for use within Elasticsearch. Kibana does not support fields with _ currently, at least not yet. A request for this - https://github.com/elastic/kibana/issues/14856 is still open.
Until then if you would like to use the field in visualizations etc, I believe you need to rename it.
While you can't rename the field easily without using logstash or filebeat and Mongo-Connector doesn't support either of them you can instead use a scripted field as below to create a new filed and copy the _ field's value. That way you can use the new field to visualize etc. Add a new scripted field for ex. itemType with the below script and see if it works.
doc['_itemType.keyword'].value
Please note though that only keyword fields can be used like this, text type fields won't work. If your _itemType field is of type text, modify the mapping to include a sub field keyword of keyword type under _itemType and try the scripted field.
- mongo db docker image authentication failed
- MongoDB Aggregate on huge documents
- How to persist MongoDB data between container restarts?
- Mongodb $loopkup: Lookup only those documents which satisfy a condition
- Get background image url value
- Looking for help to aggregating user orders data
- Add an aggregate pipeline stage changing to another model or type in MongoDB C# driver
- node js/mongodb: Update document while looping object/array
- MERN Stack User create Post Mongoose MongoError : 11000
- Can't establish SSL connection to MongoDB from NodeJS program
- Update a field or create it if it is not present in mongoDb
- MongooseError: Cast to embedded failed for value
- Update MongoDB field using value of another field
- MongoDB Error: <timeField> must be present and contain a valid BSON UTC datetime value
- Cannot start MongoDB: System error 1067 in Windows
- Why $nin is slower than $in, Mongodb
- mongoDB whitelist IP
- All charts apps need to be terminated before the project can be deleted
- Spring Data MongoDB Annotation @CreatedDate isn't working, when ID is assigned manually
- Mongoose Unique index not working!
- findOne() is returning the whole model instead of a document
- Failed to instantiate com.fasterxml.jackson.databind.node.ObjectNode using constructor NO_CONSTRUCTOR with arguments In MongoDB
- Can't connect with Mongokitten from iOS device
- PyMongo on Azure Cosmos and MongoDB
- Using Flyway with MongoDB and Spring Boot
- MongoServerSelectionError: connect ECONNREFUSED when connecting Node.js app with MongoDB running on Docker
- How to do a Mongo aggregation query in Spring Data?
- How to use MongoItemWriter to write a List<T>
- RuntimeError: Task attached to a different loop
- Azure cosmosDB(mongoDB), how to disable the automatic indexing in a collection in GO lang or via Shell