Sometimes, it will appear that a field in Kibana Discover is not mapped. The mapping icon will show a question mark, indicating that the field is not mapped in Kibana.

Kibana field not indexed

Whenever you see the message Field not indexed, this is simply an indication that the field is not indexed because nothing in your Kibana account is dependent on it. It wasn’t required for any of your account’s alerts, filters, saved searches, visualizations, dashboards, or any other Kibana objects.

If a field is not indexed

If a field is not mapped in Kibana, there are a few actions you won’t be able to perform on it:

  1. You can’t visualize it.
  2. You can’t filter on it. It simply won’t appear in the drop-down filter list.

About array fields

Arrays are not natively supported by the Kibana interface. When an array is included in a log, the full array is displayed as a single field marked with the icon next to the field name.

In the example below, the array [“a”,”b”] = [{“a”:”1”}, {“b”:”2”}] becomes a single field. Arrays in Kibana

Depending on the array, you may be able to seach for the string elements inside an array, as in the filter syntax example below. Filter syntax

In general, the more organized and consitent your log structure is (especially if the structure includes unique keys), the more accurate the result of transforming the data in the array will be. ### Add a field to Kibana’s default mapping

You can always add a field to Kibana’s list of required fields.

In Kibana Discover, on the left preview menu, identify the unmapped field. Click on the unmapped field to select it and click on the button Field not indexed.

The field will now be added to your default Kibana mapping.