Term aggregation not working with a certain field

Hello,

Following aggregation does not work. Can someone please tell me what is wrong?

(1)
GET /pattern_match-*/_search
{
“size”: 0,
“aggs” : {
“message_info” : {
“terms” : { “field” : “message.keyword” }
}
}
}

Output:

{
  "took" : 0,
  "timed_out" : false,
  "_shards" : {
    "total" : 1,
    "successful" : 1,
    "skipped" : 0,
    "failed" : 0
  },
  "hits" : {
    "total" : {
      "value" : 2,
      "relation" : "eq"
    },
    "max_score" : null,
    "hits" : [ ]
  },
  "aggregations" : {
    "message_info" : {
      "doc_count_error_upper_bound" : 0,
      "sum_other_doc_count" : 0,
      "buckets" : [ ]
    }
  }
}

The following works

(2)
GET /pattern_match-*/_search
{
“size”: 0,
“aggs” : {
“host_info” : {
“terms” : { “field” : “host.name.keyword” }
}
}
}

Output:

{
  "took" : 0,
  "timed_out" : false,
  "_shards" : {
    "total" : 1,
    "successful" : 1,
    "skipped" : 0,
    "failed" : 0
  },
  "hits" : {
    "total" : {
      "value" : 2,
      "relation" : "eq"
    },
    "max_score" : null,
    "hits" : [ ]
  },
  "aggregations" : {
    "host_info" : {
      "doc_count_error_upper_bound" : 0,
      "sum_other_doc_count" : 0,
      "buckets" : [
        {
          "key" : "A700459-W10",
          "doc_count" : 2
        }
      ]
    }
  }
}

Thanks

Apologies for the delay. Please download the latest version of Open Distro for Elasticsearch. In case you are still facing this issue, please raise a Github Issue.