Elastic Search: Alternative of flattened datatype in Elastic Search 7.1

Question

I have two Elastic Search version one is 7.3 and the second is 7.1. I am using flattened data type for Elastic Search 7.3 and I also want to use this data type in Elastic Search 7.1. So that I can store my data as I stored in Elastic Search 7.3.
I researched about flattened data type and get to know that it's supported to 7.x but when I tried in 7.1 it gives me the mapper_parsing_exception error.
What I tried is as shown below.

• In Elastic Search 7.3

  Index Creation

  PUT demo-flattened
  

  Response:

     {
      "acknowledged": true,
      "shards_acknowledged": true,
      "index": "demo-flattened"
     }
  

  Insert Mapping

      PUT demo-flattened/_mapping
      {
          "properties": {
              "host": {
                  "type": "flattened"
              }
          }
      }
  

  Response:

      {
          "acknowledged": true
      }
  

• In Elastic Search 7.1

   PUT demo-flattened
  

  Response:

     {
      "acknowledged": true,
      "shards_acknowledged": true,
      "index": "demo-flattened"
     }
  

  Insert Mapping

      PUT demo-flattened/_mapping
      {
          "properties": {
              "host": {
                  "type": "flattened"
              }
          }
      }
  

  Response:

     {
         "error": {
             "root_cause": [
                 {
                     "type": "mapper_parsing_exception",
                     "reason": "No handler for type [flattened] declared on field [host]"
                 }
             ],
             "type": "mapper_parsing_exception",
             "reason": "No handler for type [flattened] declared on field [host]"
         },
         "status": 400
     }
  

I want to use the flattened data type in Elastic Search 7.1. Is there any alternative to use flattened data type in the 7.1 version because flattened data type is supported from Elastic Search 7.3.

Any help or suggestions will be appreciated.

Answer 1

First the flattened is available in 7.1 with X-pack (X-pack is paid feature), so what I think you can use object type with enabled flag as false This will help you store that field as it is without any indexing.

{
        "properties": {
            "host": {
                "type": "object",
                "enabled": false
            }
        }
    }

Answer 2

Check the version of your ElasticSearch. If its the OSS version, then it won't work for you.

You can check it by running GET \ in the Kibana. You would get something like:

{
  "version" : {
    "number" : "7.10.2",
    "build_flavor" : "oss",
  }
}

But for ElasticSearch that does support flattened type, you would get something like:

  "version" : {
    "number" : "7.10.2",
    "build_flavor" : "default",
   }
}

You can find more details on the official Kibana Github page No handler for type [flattened] declared on field [state] #52324.

Answer 3

Interally, it works like this

Similarities in the way values are indexed, flattened fields share much of the same mapping and search functionality as keyword fields

Here, You have only one field called host. You can replace this with keyword.

What similarities:

Mapping:

"labels": {
        "type": "flattened"
      }

Data:

"labels": {
    "priority": "urgent",
    "release": ["v1.2.5", "v1.3.0"],
    "timestamp": {
      "created": 1541458026,
      "closed": 1541457010
    }
  }

During indexing, tokens are created for each leaf value in the JSON object. The values are indexed as string keywords, without analysis or special handling for numbers or dates

To query them, you can use "term": {"labels": "urgent"} or "term": {"labels.release": "v1.3.0"}.

When it is keyword, you can have them as separate fields.

{
 "host":{
   "type":"keyword"
 }
}

Reference