I found that for me the easyest way to follow the guide is using a full ELK stack docker compose suite. Here you can find one https://github.com/deviantony/docker-elk
- Getting started
- Tutorial search
- More-Complicated Searches(p. 19) Instead of
- Tutorial search
GET /megacorp/employee/_search
{
"query" : {
"filtered" : {
"filter" : {
"range" : {
"age" : { "gt" : 30 }
}
},
"query" : {
"match" : {
"last_name" : "smith"
}
}
}
}
}
Use
GET /megacorp/employee/_search
{
"query": {
"bool": {
"must": [
{
"match": {
"last_name": "smith"
}
}
],
"filter": [
{
"range" : {
"age" : { "gt" : 30 }
}
}
]
}
}
}
Due to the deprecation of filtered
Getting started Tutorial Aggregations
If you try to run this aggregation example:
GET /megacorp/employee/_search
{
"aggs": {
"all_interests": {
"terms": { "field": "interests" }
}
}
}
You will get this error:
{
"error": {
"root_cause": [
{
"type": "illegal_argument_exception",
"reason": "Fielddata is disabled on text fields by default. Set fielddata=true on [interests] in order to load fielddata in memory by uninverting the inverted index. Note that this can however use significant memory. Alternatively use a keyword field instead."
}
],
"type": "search_phase_execution_exception",
"reason": "all shards failed",
"phase": "query",
"grouped": true,
"failed_shards": [
{
"shard": 0,
"index": "megacorp",
"node": "cjNFIjRpR7GkjUIt_fuxQw",
"reason": {
"type": "illegal_argument_exception",
"reason": "Fielddata is disabled on text fields by default. Set fielddata=true on [interests] in order to load fielddata in memory by uninverting the inverted index. Note that this can however use significant memory. Alternatively use a keyword field instead."
}
}
]
},
"status": 400
}
In order to run the aggregation example in the tutorial part you need to tell elasticsearch to enable Fielddata on the interests field.
PUT megacorp/_mapping/employee
{
"properties": {
"interests": {
"type": "text",
"fielddata": true
}
}
}