Hello everyone…
can someone please help me understand what those “*.keyword” fields are?
They seem to be generated only for fields of type “string”…
I am new to opensearch, all i am doing is pushing some data from a logstash pipeline.
Those fields are discovered by opensearch when i click on “refresh field list” button in dashboards.
I understand that the field “type” might not be correct because of auto discovery, ande as such a should be creating a mapping but what i don’t understand are those new fields automatically added by opensearch that i never create.
every field of type string, gets another field with .keyword suffix like in the picture below
Hey!
The difference is that fields of type “string” analyzed and broken into tokens while “keywords” are not. So when you search for documents when matching the keyword, the whole string has to match. So for example “apple” would match the string “apple tree” but would not keyword “apple tree”. You would have to search for the exact keyword to be able to find your desired documents.
Each type has their own use-cases.
More information can be found here.
I hope this helps
BR AES
Thank you, that is a first level of explanation.
Do you know also why opensearch automatically creates a keyword field?
I think this is configured this way because it just makes sense. The string is stored either way somewhere and it just provides you with multiple different ways of searching for your string with minimal impact on your system.
But if anyone actually knows a specific reason feel free to correct me.
