Confusions around ELK6 types

Krzysztof_Szarlej · March 14, 2018, 11:37pm

Hi guys,

I am totally confused about document types in new ELK.

I am now migrating from v5 to v6. When reading the Elasticsearch guide on getting rid of types (https://www.elastic.co/guide/en/elasticsearch/reference/master/removal-of-types.html#_custom_type_field) it says that it is best to use "_doc" mapping name as the only mapping type in index templates. Fair enough.

Now, beats are assuming that default event type is always "doc" - Document_type deprecated?

Also when reading logstash documentation https://www.elastic.co/guide/en/logstash/current/upgrading-logstash-6.0.html it mentions that to fix issue with multiple types one can set document_type => doc (and not _doc) even though it is actually deprecated.

What is true then? Should we use doc? or maybe _doc?
Best Regards

When reading

warkolm · March 14, 2018, 11:55pm

We’ve renamed ELK to the Elastic Stack, otherwise Beats and APM feel left out! Check out https://www.elastic.co/elk-stack

In regards to your question though, both Logstash and Filebeat use doc. You are right about Elasticsearch being different though, I will raise that internally.

Whatever you choose though, it just needs to be the same if you have different sources going into the one index.

Krzysztof_Szarlej · March 15, 2018, 12:27am

Thanks for quick reply,

IMO it is actually major problem.

When using available elastic.co docs on migration from 5x to 6x people will end up with documents not being indexed.

According to the docs they will create _doc mappign type name so it will be good when 7.0 is released
Then they will remove document_type settings from logstash(cause it is deprecated).
They will end up with error the final mapping would have more than 1 type: [_doc, doc] because logstash will set doc and elasticsearch based on mapping will set _doc.

Or maybe I am doing something wrong - but thats what happened to me

gfigoni · March 16, 2018, 6:10am

Same here : I had to redo all my template mappings to change type from "_doc" to "doc" because of Logstash behavior.

Note that this has already been reported here a month ago : Default value of the type field

Krzysztof_Szarlej · March 16, 2018, 4:13pm

Seems like elastic team also got lost in all this document_type changes

system · April 13, 2018, 4:13pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Confusion on Removal of Mapping Types and document_type in LS7.x Logstash	1	260	July 31, 2019
Elasticsearch 6.2.4 Preparing for removal of mapping types Elasticsearch	7	722	June 28, 2018
Where is the "doc" mapping defined? Logstash	4	1834	March 14, 2019
Elasticsearch doc type deprecation: "doc" vs. "_doc" Logstash	1	3054	August 9, 2018
Logstash6 recommended way of filtering for the future? Logstash	5	864	December 14, 2017

Confusions around ELK6 types

Related topics