After "_source" : { "enabled" : false } , I am not able to see data in discover tab?

Hi Experts,

I have the following Mapping for my index .
{
"template_main":{
"template" : "cef*",
"settings" : {
"number_of_shards" : 5,
"index.cache.field.type" : "soft",
"index.refresh_interval" : "5s",
"index.store.compress.stored" : true,
"index.routing.allocation.total_shards_per_node" : 5,
"index":{
"analysis":{
"analyzer":{
"analyzer_keyword":{
"type" : "custom",
"tokenizer": "standard",
"filter": [ "lowercase", "stop" ]
}
}
}
}
},

 "mappings" : {
        "_default_" : {
            "_all" : {"enabled" : false},
"_source" : { "enabled" : false },
                        "properties" : {
                        "rt": {"type": "date","store":"yes","include_in_all" : true},
                        "alertmsg": {"type": "string","store":"yes","include_in_all" : true}
                                }
                        }
                }
        }
}

since I am storing 2 field rt and alertmsg why I cannot see anything in discover tab ? Any idea what I am missing.

Thanks
VG

Did you set a default field to search instead of _all? Cause that is what KB uses unless you specify something.

Also, why are you disabling _source and _all?

Did you set a default field to search instead of _all? Cause that is what KB uses unless you specify something.

I see what are you saying , since I do not want KB to search _all so i disabled it , but yes I did not set any default field to search , will do that and check .

Also, why are you disabling _source and _all?

I only want to store some fields out of 180 fields , also with this I will consume less disk space also query will be much faster .That is why I am disabling _source as well.

You also won't be able to leverage the reindex API when it comes.

ok, so does that mean I cannot reindex from an existing Index something like index from index ? . Because if this is the case i usually avoid as i prefer complete reindexing .

That is correct.