I have index mapping like below:
{
"mapping": {
"properties": {
"MyMapProperty": {
"type": "nested",
"properties": {
"first": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"second": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
}
},
"SecondProperty": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"ThirdProperty": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"Timestamp": {
"type": "date"
}
}
}
}
After new document added, it source looks like below:
{
"_index": "indexName",
"_type": "_doc",
"_id": "idlklkm43rgre",
"_version": 1,
"_score": 0,
"_source": {
"MyMapProperty": {
"first": "value1",
"second": "value2",
},
"SecondProperty": "value3",
"ThirdProperty": "value4",
},
"fields": {
"Timestamp": [
"2020-05-11T12:54:49.049Z"
]
}
}
So acltually I see in Kibana available fields: MyMapProperty.fist | MyMapProperty.second |SecondProperty | ThirdProperty
Problem is that when I am trying to search MyMapProperty.fist : value - it finds nothing... However if I will search SecondProperty : value3 - it returns result.
I am trying to understand what I did wrong, is it kibana problem or elastic search, or maybe I am performing some strange actions. Could you please advise...
The solution was to remove type from index definition for "MyMapProperty".
"type": "nested"
After that nested attributes became searchable...