Each field has a field data type, or field type. This type indicates the
kind of data the field contains, such as strings or boolean values, and its
intended use. For example, you can index strings to both
text field values are analyzed for full-text
keyword strings are left as-is for filtering and sorting.
Field types are grouped by family. Types in the same family support the same search functionality but may have different space usage or performance characteristics.
Currently, the only type family is
keyword, which consists of the
wildcard field types. Other type families have only a
single field type. For example, the
boolean type family consists of one field
- Binary value encoded as a Base64 string.
The keyword family, including
Numeric types, such as
double, used to express amounts.
Date types, including
- Defines an alias for an existing field.
Objects and relational typesedit
Structured data typesedit
Range types, such as
- IPv4 and IPv6 addresses.
- Software versions. Supports Semantic Versioning precedence rules.
- Compute and stores hashes of values.
Aggregate data typesedit
- Pre-aggregated metric values.
- Pre-aggregated numerical values in the form of a histogram.
Text search typesedit
- Analyzed, unstructured text.
- Text containing special markup. Used for identifying named entities.
- Used for auto-complete suggestions.
text-like type for as-you-type completion.
- A count of tokens in a text.
Document ranking typesedit
- Records dense vectors of float values.
- Records sparse vectors of float values.
- Records a numeric feature to boost hits at query time.
- Records numeric features to boost hits at query time.
Spatial data typesedit
- Indexes queries written in Query DSL.
In Elasticsearch, arrays do not require a dedicated field data type. Any field can contain zero or more values by default, however, all values in the array must be of the same field type. See Arrays.
It is often useful to index the same field in different ways for different
purposes. For instance, a
string field could be mapped as
text field for full-text search, and as a
keyword field for
sorting or aggregations. Alternatively, you could index a text field with
standard analyzer, the
english analyzer, and the
This is the purpose of multi-fields. Most field types support multi-fields
Intro to Kibana
ELK for Logs & Metrics