I want to create a query for elastic search where I get data for each user with there latest login time, and they must sort by there username, I want each user not multiple data of each user, I’m able to create the query using agg but right now I’m stuck at out sort on buckets based on username or any other field.

Im porting a query from ELK 6 to ELK 8. The field names have changed significantly between these versions.
In ELK 6, the field was geoip.country_code2. In ELK8 its changed to source.geo.country_iso_code.
But when I try to filter on that field, its not picking anything up.
I can dump out the hits, and see the field with values. But my filter doesnt collect them.

I was using Elastic Search 8.14.2, and the service would crash every week. The log output showed that x-pack-security-8.14.1 was not found, but the installed Elastic Search version was 8.14.2. I tried reinstalling Elastic Search, removing all old files and configurations. I installed version 8.14.3, but the same problem occurred, and now it complains about the x-pack-security version 8.14.2. Has anyone experienced this? Any tips?
The log output:

I know that Elasticsearch supports object and nested field type. According to my understanding they represent an individual object and an array of objects respectively. However, is it possible to have a field which is a hash-map of objects?

I have a small Elasticsearch cluster having 3 master nodes(2core,2gb t3.small ec2) and 2 data nodes data-0 and data-1 (2core 8GB m6a.large ec2 4gb max heap for data nodes). Cluster runs in an EKS cluster. Cluster has one index(40p1r) currently having around 920 million docs with index size of around 1.9TB.
Cluster receives continuous live doc indexing traffic 24/7 at avg 60calls/sec and search query rate of 2calls/sec

I try to replace storage for all 64 nodes in my elasticsearch k8s cluster in batches , but when I exclude a range of nodes , for example first 32 , elastic relocate all indexes shards to other available nodes , but do not reallocate data from the node1 and node32 ( always first and last from a range) , this si the command I use to exclude the node range: