not_analyzed mapping property not working properly

Question

I have been working on a side project in order to learn elasticsearch. I am using the Marvel plugin to POST the index/mapping for my elasticsearch project. Everything works fine with one exception. For some reason, on my Kibana dashboard, the charts grab value "country" and split it into multiple values (for examples, "United States" shows up as two separate entries "United" and "State") even though I am indicating "index" : "not_analyzed" for that field.

This is the command/index/mapping I am feeding to elastic search:

PUT /traffic_mon

{"traffic": 

        {
                     "_timestamp" : {
                "enabled" : true,
                    "path" : "timestamp"
                },
                "properties": {
                        "timestamp": {"type": "date","format":"basic_date_time"},
                        "source_ip": {"type": "string"},
                        "dest_ip": {"type": "string"},
                        "country": {"type": "string", "index": "not_analyzed"},
                        "source_port": {"type": "integer"},
                        "destination_port": {"type": "integer"},
                        "traffic_type": {"type": "string"}
                               }
                    }
            }       
}

Is it a syntax issue?

I have researched this issue extensively and still cannot come up with what is causing this. Like I said, I am fairly new to elasticsearch and any help/suggestion is welcomed.

not_analyzed mapping property not working properly

Answers (1)

Related Questions