3

I am using Elasticsearch and Kibana as plugin to view the data in the indices. I am using Kibana's DevTools to send commands for adding/deleting/updating indices etc.

I want to add a field to a certain text property so it will have a keyword field to be able to both make a full text searches and aggregate using this property.

1) Does a change like that means I need to update Kibana's index pattern as well?

2) I have read the ElasticSearch's docs on PUT Mappings and know how to use it to update the indices themselves, but I don't know how to update the index patterns.. I read the same API should be used to update it, but I don't know how to see the index pattern's original mapping in order to update it.

CodeMonkey
  • 11,196
  • 30
  • 112
  • 203

1 Answers1

6

  1. Yes, if you change the index mapping in ES, then you need to go in Kibana and refresh the related index patterns.

  2. Right now, you need to go inside Kibana (Management > Index patterns), select the index pattern, and press the "Refresh" button at the top right of the window in order to pick up the mapping changes.

Also note that if you updated some text fields in order to have a keyword sub-field, you'll also need to call the _update_by_query API on your index in order to reindex the changed field in all your documents

Val
  • 207,596
  • 13
  • 358
  • 360
  • If all it takes is to refresh the index patterns, then why does Kibana itself says (if I understood it correctly) that you need to update it using the mapping API? It seems strange that I need to create a full index pattern to begin with in order for Kibana to identify the index, but when I change it I can simply refresh it and it picks up the change? – CodeMonkey Aug 21 '18 at 12:32
  • See [my second comment to your other question](https://stackoverflow.com/a/51948311/4604579) – Val Aug 21 '18 at 12:43
  • Regarding the update_by_query, I'm not sure what exactly does it do.. I'm assuming that for a new field it will simply add the same value as in the properties to the field for me? but I didn't understand what happens if I run it after adding a new property - what exactly does it have to update if its a new property with no value? – CodeMonkey Aug 21 '18 at 13:04
  • At first you only had the `text` field, so when you indexed your document the data of that field got indexed according to the rules of `text` fields. Then you updated your mapping to add a `keyword` sub-field, but all your existing data is not yet indexed according to the rules of that new keyword field. For that, you need to cal update_by_query and all the existing data will be reindexed properly according the the rules of the `text` **AND** `keyword` fields. – Val Aug 21 '18 at 13:17
  • I have updated the indices and reloaded the index patterns. When I try running the update by query command, I get an error code 504 - Gateway Time-out. I read that a longer timeout might solve this. Do you know what is an appropriate timeout for this action? – CodeMonkey Aug 21 '18 at 13:57
  • You don't need to see any timeout, the task is still ongoing in the background. You can check the status of the update by query task by running `GET _tasks?actions=*byquery&detailed`. – Val Aug 21 '18 at 14:14