diff --git a/auditbeat/docs/fields.asciidoc b/auditbeat/docs/fields.asciidoc
index c38c202cf1af..31d73d471037 100644
--- a/auditbeat/docs/fields.asciidoc
+++ b/auditbeat/docs/fields.asciidoc
@@ -2149,10 +2149,18 @@ These are the fields generated by the file_integrity module.
 [float]
 === `audit.file.path`
 
-type: keyword
+type: text
 
 The path to the file.
 
+[float]
+=== `audit.file.path.raw`
+
+type: keyword
+
+The path to the file. This is an non-analyzed field that is useful for aggregations.
+
+
 [float]
 === `audit.file.target_path`
 
diff --git a/auditbeat/module/file_integrity/_meta/fields.yml b/auditbeat/module/file_integrity/_meta/fields.yml
index a4637a94d021..f211e94852e6 100644
--- a/auditbeat/module/file_integrity/_meta/fields.yml
+++ b/auditbeat/module/file_integrity/_meta/fields.yml
@@ -9,8 +9,14 @@
       type: group
       fields:
       - name: path
-        type: keyword
+        type: text
         description: The path to the file.
+        multi_fields:
+        - name: raw
+          type: keyword
+          description: >
+            The path to the file. This is an non-analyzed field that is useful
+            for aggregations.
 
       - name: target_path
         type: keyword