I am using synonym token filter in my mapping but it has a property called synonyms_path
.
PUT /_template/ise
{
"index_patterns" : ["log-ise-*"],
"settings": {
"index.lifecycle.name":"ise_policy",
"index.lifecycle.rollover_alias":"log-ise",
"number_of_replicas": 0,
"analysis": {
"analyzer": {
"my_analyzer_1":{
"type":"custom",
"tokenizer":"standard",
"filter":["lowercase","autocomplete"]
},
"my_keyword_analyzer" : {
"filter" : [
"lowercase",
"custom_synonyms"
],
"type" : "custom",
"tokenizer" : "keyword"
}
},
"filter": {
"autocomplete" : {
"type" : "edge_ngram",
"min_gram" : "3",
"max_gram" : "20"
},
"custom_synonyms" : {
"type" : "synonym",
"synonyms_path" : "analysis/ise_synonyms.txt"
}
}
}
},
"mappings": {
"properties": {
"username" : {
"analyzer" : "my_analyzer_1",
"type" : "text",
"search_analyzer": "standard"
},
"event_name":{
"analyzer":"my_keyword_analyzer",
"type":"text"
},
"geoip" : {
"type" : "object",
"properties" : {
"ip" : {
"type" : "ip"
},
"latitude" : {
"type" : "half_float"
},
"location" : {
"type" : "geo_point"
},
"longitude" : {
"type" : "half_float"
}
}
},
"source_ip" : {
"type" : "ip"
}
}
}
}
I have file called ise_synonyms.txt in /etc/Elasticsearch/ i have provided the synonym words.
I am running 8 Elasticsearch server in a cluster and i have to provide this file ise_synonyms.txt
in all 8 servers and adding one new word to this file lead me to do editing in all servers.
Isn't it very hactic ?