Hi guys, recently I'm trying to setup multiple indices in ES for log storage of different services. And I noticed that I might need to set field value types for them respectively, which involves applying different templates accordingly.
The thing I'm trying to figure out now is the difference between elasticsearch-template.json in logstash, and _template in elasticsearch, as both are "template". If I would achieve my goal, which template should I tune on?
I'd also much like to grab any idea on ways to add template into ES. Is there any choice apart from curl put RESTful api? That cmd is crude and ugly enough.
1 Like
Any voice regarding this is appreciated>
The thing I'm trying to figure out now is the difference between elasticsearch-template.json in logstash, and _template in elasticsearch, as both are "template". If I would achieve my goal, which template should I tune on?
Either one. Well, you should never modify the original elasticsearch-template.json that's distributed as part of Logstash (make a copy of it and modify that file), but whether you want Logstash to manage your templates for you or if you prefer doing it outside of Logstash is a matter of taste.
I'd also much like to grab any idea on ways to add template into ES. Is there any choice apart from curl put RESTful api? That cmd is crude and ugly enough.
As documented you can also place the index template files in a subdirectory of the ES configuration directory, but this needs to be done on all cluster nodes.
Thanks so much Magnus!~