ELK中fieldname和fieldname.raw之间的区别？(Difference between fieldname and fieldname.raw in ELK?)

 在网络上的一些资源之后，我一直在尝试使用ELK堆栈。 但是我没有发现任何明显的资源，可以清楚地解释fieldname和fieldname.raw之间的区别，这个区域名称为fieldname 。 
 
 在这种情况下没有什么可尝试的，但我确实尝试过搜索，但没有运气。 我对此的唯一主要理解是形成Kibana窗口（我不知道如何重现，遗憾地）说： fieldname是一个分析字段。 没有关于fieldname.raw信息 
 
 我注意到的另一件事是，当我在Kibana4 Discover中使用fieldname.raw: "value" ，它显示的结果比我看到的fieldname: "value"更少。 由于我分别从这些输入中获得了559和554个结果，所以我看不出哪些丢失了。 
 
 我在猜测后缀.raw说明它的含义 - 它可能是来自日志本身的一个字段，无需Logstash的干预。 但我想确定这是否意味着什么。 如果是这样，那么在一个分析领域，我是如何（也是更重要的是，为什么？）得到较少的结果？ 有什么Logstash不正确或者是某种错误配置？ 任何指针赞赏。 

I have been experimenting with ELK stack for a while now following a few resources on the web. But I didn't find any significant resource that clearly explains the difference between fieldname and fieldname.raw for a field with say name fieldname. 
 
There is nothing much to try in this context but I did try and search this but no luck. The only primary understanding that I have on this is form Kibana window (which I don't know how to reproduce, sadly) that said: fieldname is an analyzed field. There was not such info regarding fieldname.raw
 
One other thing I noticed is that when I use fieldname.raw: "value" in the Kibana4 Discover it shows little more results than what I see fieldname: "value". I could not see which ones were missing since I had 559 and 554 results form these inputs, respectively.
 
I am guessing the suffix .raw says what it means - It might be a field from the logs itself without any intervention by Logstash. But I want to make sure if that is what it means. If so, then how (and more importantly, why?) did I get less results in an analyzed field? Is there anything that Logstash isn't doing right or is it some kind of misconfiguration? Any pointers are appreciated.

原文：https://stackoverflow.com/questions/31440011