Changing the field to not_Analyzed(Noob)

avc · July 14, 2015, 5:02pm

Hi,

I load a file to elasticsearch from Logstash.

input {
  file {
    path => ["/home/user/iops.csv"]
    start_position => "beginning"
  }
}

filter {
         csv {
                separator => ","
                columns => ["Array","LUN","Availability (%)","Storage Group","Storage Pool","Storage Pool type","RAID Level","Capacity (GB)",
                "IOPS","Bandwidth (MB/s)","Utilization (%)","Service Time (ms)","Response Time (ms)","Queue Length"]
                 }
                mutate {convert => ["Capacity (GB)", "float"]}
                mutate {convert => ["LUN", "string"]}
                mutate {convert => ["Storage Pool", "string"]}
                mutate {convert => ["IOPS", "float"]}
                mutate {convert => ["Bandwidth (MB/s)", "float"]}
                mutate {convert => ["Utilization (%)", "float"]}
                mutate {convert => ["Service Time (ms)", "float"]}
                mutate {convert => ["Response Time (ms)", "float"]}
                mutate {convert => ["Queue Length", "float"] }


        }
output {
    elasticsearch {
                action => "index"
                host => "localhost"
                index => "kpi"
                workers => 1
        }
    stdout { codec => rubydebug}
}

I want to convert the LUN field to "Not Analyzed".

How Can I do it ?

Getting the Indexes returns this,

curl -XGET 'http://localhost:9200/kpi/_mappings'
{"kpi":{"mappings":{"logs":{"properties":{"@timestamp":{"type":"date","format":"dateOptionalTime"},"@version":{"type":"string"},"Array":{"type":"string"},"Availability (%)":{"type":"string"},"Bandwidth (MB/s)":{"type":"double"},"Capacity (GB)":{"type":"double"},"IOPS":{"type":"double"},"LUN":{"type":"string"},"Queue Length":{"type":"double"},"RAID Level":{"type":"string"},"Response Time (ms)":{"type":"double"},"Service Time (ms)":{"type":"double"},"Storage Group":{"type":"string"},"Storage Pool":{"type":"string"},"Storage Pool type":{"type":"string"},"Utilization (%)":{"type":"double"},"host":{"type":"string"},"message":{"type":"string"},"path":{"type":"string"}}}}}}

However, I don't have much idea on changing the mapping.

Really appreciate any help.

Regards

warkolm · July 15, 2015, 4:20am

You need to define your own mapping for this, before you send the data to Elasticsearch.

So take the one you pasted there, modify it and then either delete your existing index and reindex the data, or rename the mapping for a new index and send your data there.

avc · July 15, 2015, 11:09am

Worked. I did create a new Index using what I got from GET.

When the field was Analyzed string was getting broken, like "Hello world" only world is getting displayed on the Kibana Xaxis.

Now by making it not_analyzed, it is working fine.

Regards

Gaurav_Harsola · April 22, 2016, 7:26am

I am also facing same issue on kibana .Can you please help,how you solved it ??

Thanks
Gaurav

warkolm · April 22, 2016, 9:11am

Please start a new thread.

anonymous · December 6, 2016, 7:30am

@avc I am having the same issue.How did you make the analysed field as non-analysed field?

warkolm · December 6, 2016, 8:22am

Please start your own thread, this one is super old

Topic		Replies	Views
Setting a field as non analyzed before sending it to elasticsearch Logstash	5	1129	July 6, 2017
Force field to be analysed in indices Elasticsearch	8	1194	July 5, 2017
Not analyzing string data Logstash	3	1289	July 6, 2017
How to change the fields to 'not-analyzed'? Logstash	7	19298	July 6, 2017
Not_analyzed field being analyzed Elasticsearch	6	1080	July 5, 2017

Changing the field to not_Analyzed(Noob)

Related topics