Elasticsearch supports a number of different datatypes for the fields in a document:
ipfor IPv4 and IPv6 addresses
- Completion datatype
completionto provide auto-complete suggestions
- Token count
token_countto count the number of tokens in a string
murmur3to compute hashes of values at index-time and store them in the index
annotated-textto index text containing special markup (typically used for identifying named entities)
- Accepts queries from the query-dsl
- Defines parent/child relation for documents within the same index
- Rank feature
- Record numeric feature to boost hits at query time.
- Rank features
- Record numeric features to boost hits at query time.
- Dense vector
- Record dense vectors of float values.
- Sparse vector
- Record sparse vectors of float values.
- A text-like field optimized for queries to implement as-you-type completion
- Defines an alias to an existing field.
- Allows an entire JSON object to be indexed as a single field.
In Elasticsearch, arrays do not require a dedicated field datatype. Any field can contain zero or more values by default, however, all values in the array must be of the same datatype. See Arrays.
It is often useful to index the same field in different ways for different
purposes. For instance, a
string field could be mapped as
text field for full-text search, and as a
keyword field for
sorting or aggregations. Alternatively, you could index a text field with
standard analyzer, the
english analyzer, and the
This is the purpose of multi-fields. Most datatypes support multi-fields
Intro to Kibana
ELK for Logs & Metrics