I am trying to ignore certain fields if no field is provided in the query string. index.query.default_field can whitelist all the fields in an array. is there a way to blacklist certain fields, e.g. by name or by type?
We have about total 500+ fields in total, and the fields to ignore is about 1%
I think there are arrays referenced in the supplied filebeat-7.x (7.4.2 for me) template, I think fields.. It seems to work for xxx also, not even array fields.
@rugenl thanks for your reply. Forgot to mention, we are still on 6.3.x, and not familiar with filebeat, but will check the template there. Also do you know ES 6.3.x supports that too, or a link to the details would be helpful, thanks
We just discovered this option after 7.x upgrade. Searches without field names in Kibana are failing for fields not listed, so I'm skeptical that it works in 6.x.
Right, ES 6.X may not support that..
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.