Changing mapping on existing data

Elastic Stack Elasticsearch
1

Hello again!

I am having another problem with the ELK-Stack.

I have now parsed a lot (100GB+) of logfiles into ES and now i saw that the
timestamp from the logfile (the format is dd.MM.yyyy HH:mm:ss.SSS
11.12.2014 17:27:15.178) but ES interpreted it as string.

How can i solve this problem?
With als low as effort as possible because indexing that much data would
need a hell lot of time.

Thanks!

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/037c7914-8fd7-4480-92a8-e77bbaaaf037%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

2

I’m afraid you need to reindex.

--
David Pilato | Technical Advocate | Elasticsearch.com
@dadoonet https://twitter.com/dadoonet | @elasticsearchfr https://twitter.com/elasticsearchfr | @scrutmydocs https://twitter.com/scrutmydocs

Le 11 déc. 2014 à 17:28, Stefan stefan.taucher93@gmail.com a écrit :

Hello again!

I am having another problem with the ELK-Stack.

I have now parsed a lot (100GB+) of logfiles into ES and now i saw that the timestamp from the logfile (the format is dd.MM.yyyy HH:mm:ss.SSS 11.12.2014 17:27:15.178) but ES interpreted it as string.

How can i solve this problem?
With als low as effort as possible because indexing that much data would need a hell lot of time.

Thanks!

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com mailto:elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/037c7914-8fd7-4480-92a8-e77bbaaaf037%40googlegroups.com https://groups.google.com/d/msgid/elasticsearch/037c7914-8fd7-4480-92a8-e77bbaaaf037%40googlegroups.com?utm_medium=email&utm_source=footer.
For more options, visit https://groups.google.com/d/optout https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/F1A2984C-8196-48F4-8E2A-61591D665759%40pilato.fr.
For more options, visit https://groups.google.com/d/optout.

3

And what would be the best way to achive this?

The things is that we don't have enought storage the generate a new index
and leave the old one as it is

Am Donnerstag, 11. Dezember 2014 17:28:52 UTC+1 schrieb Stefan:

Hello again!

I am having another problem with the ELK-Stack.

I have now parsed a lot (100GB+) of logfiles into ES and now i saw that
the timestamp from the logfile (the format is dd.MM.yyyy HH:mm:ss.SSS
11.12.2014 17:27:15.178) but ES interpreted it as string.

How can i solve this problem?
With als low as effort as possible because indexing that much data would
need a hell lot of time.

Thanks!

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/498f0c4c-92fe-4ecc-82f5-7d360b20dd07%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

4

May be you could do this one index at a time?

David

Le 12 déc. 2014 à 08:34, Stefan stefan.taucher93@gmail.com a écrit :

And what would be the best way to achive this?

The things is that we don't have enought storage the generate a new index and leave the old one as it is

Am Donnerstag, 11. Dezember 2014 17:28:52 UTC+1 schrieb Stefan:

Hello again!

I am having another problem with the ELK-Stack.

I have now parsed a lot (100GB+) of logfiles into ES and now i saw that the timestamp from the logfile (the format is dd.MM.yyyy HH:mm:ss.SSS 11.12.2014 17:27:15.178) but ES interpreted it as string.

How can i solve this problem?
With als low as effort as possible because indexing that much data would need a hell lot of time.

Thanks!

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/498f0c4c-92fe-4ecc-82f5-7d360b20dd07%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/3FADB661-52FD-4979-ACEA-DF49B3C29EA3%40pilato.fr.
For more options, visit https://groups.google.com/d/optout.

5

That would work out!

How can this be done?

Am Donnerstag, 11. Dezember 2014 17:28:52 UTC+1 schrieb Stefan:

Hello again!

I am having another problem with the ELK-Stack.

I have now parsed a lot (100GB+) of logfiles into ES and now i saw that
the timestamp from the logfile (the format is dd.MM.yyyy HH:mm:ss.SSS
11.12.2014 17:27:15.178) but ES interpreted it as string.

How can i solve this problem?
With als low as effort as possible because indexing that much data would
need a hell lot of time.

Thanks!

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/50b42330-c729-4133-b9fb-e8a532ba0d92%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

6

scan and scroll one single index.
index in the new index with new mapping
remove the old index

If you are using aliases, just switch the alias to the new index before removing the old one and your users won’t ever notice a change :slight_smile:

repeat this for all indices.

--
David Pilato | Technical Advocate | Elasticsearch.com
@dadoonet https://twitter.com/dadoonet | @elasticsearchfr https://twitter.com/elasticsearchfr | @scrutmydocs https://twitter.com/scrutmydocs

Le 12 déc. 2014 à 12:44, Stefan stefan.taucher93@gmail.com a écrit :

That would work out!

How can this be done?

Am Donnerstag, 11. Dezember 2014 17:28:52 UTC+1 schrieb Stefan:
Hello again!

I am having another problem with the ELK-Stack.

I have now parsed a lot (100GB+) of logfiles into ES and now i saw that the timestamp from the logfile (the format is dd.MM.yyyy HH:mm:ss.SSS 11.12.2014 17:27:15.178) but ES interpreted it as string.

How can i solve this problem?
With als low as effort as possible because indexing that much data would need a hell lot of time.

Thanks!

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com mailto:elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/50b42330-c729-4133-b9fb-e8a532ba0d92%40googlegroups.com https://groups.google.com/d/msgid/elasticsearch/50b42330-c729-4133-b9fb-e8a532ba0d92%40googlegroups.com?utm_medium=email&utm_source=footer.
For more options, visit https://groups.google.com/d/optout https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/521F9053-8A26-4F61-BDCE-88620929AC89%40pilato.fr.
For more options, visit https://groups.google.com/d/optout.

7

Thank you very much david!

Best wishes from austria!

Am Donnerstag, 11. Dezember 2014 17:28:52 UTC+1 schrieb Stefan:

Hello again!

I am having another problem with the ELK-Stack.

I have now parsed a lot (100GB+) of logfiles into ES and now i saw that
the timestamp from the logfile (the format is dd.MM.yyyy HH:mm:ss.SSS
11.12.2014 17:27:15.178) but ES interpreted it as string.

How can i solve this problem?
With als low as effort as possible because indexing that much data would
need a hell lot of time.

Thanks!

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/be6b4a4a-7b78-46f9-8ba5-5792fdf35157%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.