Changing the field to not_Analyzed(Noob)

avc · July 14, 2015, 5:02pm

Hi,

I load a file to elasticsearch from Logstash.

input {
  file {
    path => ["/home/user/iops.csv"]
    start_position => "beginning"
  }
}

filter {
         csv {
                separator => ","
                columns => ["Array","LUN","Availability (%)","Storage Group","Storage Pool","Storage Pool type","RAID Level","Capacity (GB)",
                "IOPS","Bandwidth (MB/s)","Utilization (%)","Service Time (ms)","Response Time (ms)","Queue Length"]
                 }
                mutate {convert => ["Capacity (GB)", "float"]}
                mutate {convert => ["LUN", "string"]}
                mutate {convert => ["Storage Pool", "string"]}
                mutate {convert => ["IOPS", "float"]}
                mutate {convert => ["Bandwidth (MB/s)", "float"]}
                mutate {convert => ["Utilization (%)", "float"]}
                mutate {convert => ["Service Time (ms)", "float"]}
                mutate {convert => ["Response Time (ms)", "float"]}
                mutate {convert => ["Queue Length", "float"] }


        }
output {
    elasticsearch {
                action => "index"
                host => "localhost"
                index => "kpi"
                workers => 1
        }
    stdout { codec => rubydebug}
}

I want to convert the LUN field to "Not Analyzed".

How Can I do it ?

Getting the Indexes returns this,

curl -XGET 'http://localhost:9200/kpi/_mappings'
{"kpi":{"mappings":{"logs":{"properties":{"@timestamp":{"type":"date","format":"dateOptionalTime"},"@version":{"type":"string"},"Array":{"type":"string"},"Availability (%)":{"type":"string"},"Bandwidth (MB/s)":{"type":"double"},"Capacity (GB)":{"type":"double"},"IOPS":{"type":"double"},"LUN":{"type":"string"},"Queue Length":{"type":"double"},"RAID Level":{"type":"string"},"Response Time (ms)":{"type":"double"},"Service Time (ms)":{"type":"double"},"Storage Group":{"type":"string"},"Storage Pool":{"type":"string"},"Storage Pool type":{"type":"string"},"Utilization (%)":{"type":"double"},"host":{"type":"string"},"message":{"type":"string"},"path":{"type":"string"}}}}}}

However, I don't have much idea on changing the mapping.

Really appreciate any help.

Regards

warkolm · July 15, 2015, 4:20am

You need to define your own mapping for this, before you send the data to Elasticsearch.

So take the one you pasted there, modify it and then either delete your existing index and reindex the data, or rename the mapping for a new index and send your data there.

avc · July 15, 2015, 11:09am

Worked. I did create a new Index using what I got from GET.

When the field was Analyzed string was getting broken, like "Hello world" only world is getting displayed on the Kibana Xaxis.

Now by making it not_analyzed, it is working fine.

Regards

Gaurav_Harsola · April 22, 2016, 7:26am

I am also facing same issue on kibana .Can you please help,how you solved it ??

Thanks
Gaurav

warkolm · April 22, 2016, 9:11am

Please start a new thread.

anonymous · December 6, 2016, 7:30am

@avc I am having the same issue.How did you make the analysed field as non-analysed field?

warkolm · December 6, 2016, 8:22am

Please start your own thread, this one is super old

Topic		Replies	Views
Logstash conf file with not_analyzed field Logstash	12	3406	July 6, 2017
Force field to be analysed in indices Elasticsearch	8	1175	July 5, 2017
How to change the fields to 'not-analyzed'? Logstash	7	19201	July 6, 2017
Fields Mapping \| not_analyzed Elasticsearch	7	1348	July 5, 2017
Not analyzing string data Logstash	3	1272	July 6, 2017

Changing the field to not_Analyzed(Noob)

Related Topics