Hey Elastic dudes,
I only have a couple of years experience programming and am completely new to anything Elastic.
My problem is that I figured out how to submit a document to elastic search in kibana locally, but I can't search the document. For example, I can submit the document below:
PUT /logs/faultEvent/testDoc1
{
"entityId" : "someId",
"eventData" : [
{
"logMsg": "someMsg",
"logSeverity": "INFORMATION",
"logTimestamp": "2016-11-28T18:25:31.1086304Z"
},
{
"logMsg": "someMsg2",
"logSeverity": "INFORMATION",
"logTimestamp": "2016-11-28T18:25:31.1086304Z"
}
}]
However, when I go to search for "information" or "someId" in the discover tab, it finds nothing. I made sure the search time range is for 2 years so the log would be captured. At this point I figured I might need a mapping to tell elastic what I want to be able to search. After attempting many times to create a proper mapping and failing, this is what I still have:
PUT /logs
{
"mappings" : {
"faultEvent" : {
"_all" : {"enabled": true},
"properties": {
"entityID" : {"type" : "keyword", "index": true},
"eventData" : {"type" : "nested"}
}
}
}
}
Of note, I want elasticsearch to know that the eventData field may contain anywhere from 1 to n logs.
I'm sure I'm doing many things incorrectly, but I'm eager to learn if anyone is willing to help a newbie.