Could use some help with using Doc Values

Scott_Chapman · June 16, 2015, 1:53pm

So, I am a bit (ok more than a bit) of a newbie. We are using ELK for
collecting storing logs, and recently we started seeing these errors:
[FIELDDATA] New used memory 2570680025 [2.3gb] from field [@timestamp]
would be larger than configured breaker

I am using (more or less) the standard logstash template:

{
"allstash" : {
"order" : 0,
"template" : "stash-",
"settings" : {
"index.refresh_interval" : "5s"
},
"mappings" : {
"default" : {
"dynamic_templates" : [ {
"message_field" : {
"mapping" : {
"index" : "analyzed",
"omit_norms" : true,
"type" : "string"
},
"match" : "message",
"match_mapping_type" : "string"
}
}, {
"string_fields" : {
"mapping" : {
"index" : "analyzed",
"omit_norms" : true,
"type" : "string",
"fields" : {
"raw" : {
"index" : "not_analyzed",
"ignore_above" : 256,
"type" : "string"
}
}
},
"match" : "*",
"match_mapping_type" : "string"
}
} ],
"properties" : {
"geoip" : {
"dynamic" : true,
"path" : "full",
"properties" : {
"location" : {
"type" : "geo_point"
}
},
"type" : "object"
},
"@version" : {
"index" : "not_analyzed",
"type" : "string"
}
},
"_all" : {
"enabled" : true
}
}
},
"aliases" : { }
}
}

I am assuming that I should be using Doc Value for the @timestamp field?

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/f643a1a3-d795-470a-b32f-310a707e0015%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

warkolm · June 16, 2015, 3:26pm

You should, ideally, be using it for anything that isn't analysed.

On 16 April 2015 at 05:45, Scott Chapman scottedchapman@gmail.com wrote:

So, I am a bit (ok more than a bit) of a newbie. We are using ELK for
collecting storing logs, and recently we started seeing these errors:
[FIELDDATA] New used memory 2570680025 [2.3gb] from field [@timestamp]
would be larger than configured breaker

I am using (more or less) the standard logstash template:

{
"allstash" : {
"order" : 0,
"template" : "stash-",
"settings" : {
"index.refresh_interval" : "5s"
},
"mappings" : {
"default" : {
"dynamic_templates" : [ {
"message_field" : {
"mapping" : {
"index" : "analyzed",
"omit_norms" : true,
"type" : "string"
},
"match" : "message",
"match_mapping_type" : "string"
}
}, {
"string_fields" : {
"mapping" : {
"index" : "analyzed",
"omit_norms" : true,
"type" : "string",
"fields" : {
"raw" : {
"index" : "not_analyzed",
"ignore_above" : 256,
"type" : "string"
}
}
},
"match" : "*",
"match_mapping_type" : "string"
}
} ],
"properties" : {
"geoip" : {
"dynamic" : true,
"path" : "full",
"properties" : {
"location" : {
"type" : "geo_point"
}
},
"type" : "object"
},
"@version" : {
"index" : "not_analyzed",
"type" : "string"
}
},
"_all" : {
"enabled" : true
}
}
},
"aliases" : { }
}
}

I am assuming that I should be using Doc Value for the @timestamp field?

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/f643a1a3-d795-470a-b32f-310a707e0015%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/f643a1a3-d795-470a-b32f-310a707e0015%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAEYi1X_m5mbfCNmzv22SsrM%2Bg%3Dgbics8uSYVyC__D_rQLEqa_g%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Scott_Chapman · June 16, 2015, 3:26pm

Probably. I just need some help figuring out how to do that. Help?

On Wednesday, April 15, 2015 at 5:42:55 PM UTC-4, Mark Walkom wrote:

You should, ideally, be using it for anything that isn't analysed.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/95184c87-6471-489b-bc01-0883ea80181f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

warkolm · June 16, 2015, 3:26pm

Start here and you'll be good to go -
http://www.elastic.co/guide/en/elasticsearch/guide/current/doc-values.html

On 16 April 2015 at 08:03, Scott Chapman scottedchapman@gmail.com wrote:

Probably. I just need some help figuring out how to do that. Help?

On Wednesday, April 15, 2015 at 5:42:55 PM UTC-4, Mark Walkom wrote:

You should, ideally, be using it for anything that isn't analysed.

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/95184c87-6471-489b-bc01-0883ea80181f%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/95184c87-6471-489b-bc01-0883ea80181f%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAEYi1X9P4TLdNdVpL5QKoKTFtnFhKtX255VacOtyQnOqMEtUKw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Scott_Chapman · June 16, 2015, 3:26pm

Yea, that's where I started with it. But, if I understand it, that looks
like how I can change the mapping for a specific property. But I would
think I need to make a similar change to my index template otherwise new
indexes that get created will no long have that mapping. Or am I
misunderstanding?

On Wednesday, April 15, 2015 at 7:20:22 PM UTC-4, Mark Walkom wrote:

Start here and you'll be good to go -
http://www.elastic.co/guide/en/elasticsearch/guide/current/doc-values.html

On 16 April 2015 at 08:03, Scott Chapman <scotted...@gmail.com
<javascript:>> wrote:

Probably. I just need some help figuring out how to do that. Help?

On Wednesday, April 15, 2015 at 5:42:55 PM UTC-4, Mark Walkom wrote:

You should, ideally, be using it for anything that isn't analysed.

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearc...@googlegroups.com <javascript:>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/95184c87-6471-489b-bc01-0883ea80181f%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/95184c87-6471-489b-bc01-0883ea80181f%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/df144d62-feaa-4249-aba9-b6c8aa117c50%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

warkolm · June 16, 2015, 3:26pm

Yes that is correct, you have to update your mappings and wait for new
indices to be created from it, it's not something that can be applied
retroactively without reindexing.

On 16 April 2015 at 09:55, Scott Chapman scottedchapman@gmail.com wrote:

Yea, that's where I started with it. But, if I understand it, that looks
like how I can change the mapping for a specific property. But I would
think I need to make a similar change to my index template otherwise new
indexes that get created will no long have that mapping. Or am I
misunderstanding?

On Wednesday, April 15, 2015 at 7:20:22 PM UTC-4, Mark Walkom wrote:

Start here and you'll be good to go - http://www.elastic.co/guide/
en/elasticsearch/guide/current/doc-values.html

On 16 April 2015 at 08:03, Scott Chapman scotted...@gmail.com wrote:

Probably. I just need some help figuring out how to do that. Help?

On Wednesday, April 15, 2015 at 5:42:55 PM UTC-4, Mark Walkom wrote:

You should, ideally, be using it for anything that isn't analysed.

--
You received this message because you are subscribed to the Google
Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to elasticsearc...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/
msgid/elasticsearch/95184c87-6471-489b-bc01-0883ea80181f%
40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/95184c87-6471-489b-bc01-0883ea80181f%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/df144d62-feaa-4249-aba9-b6c8aa117c50%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/df144d62-feaa-4249-aba9-b6c8aa117c50%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAEYi1X_Sh_Nszp82u5XbSJDOZCXr2%2B%2BVWFO%3D3EXk7ssT2-kPpA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Scott_Chapman · June 16, 2015, 3:26pm

Thanks, that's what I thought.

So, please help me with my template I gave above. I am familiar with up to
update it, I am just not real sure on how to change it so that a specific
field uses Doc View. Or if it is easier to make it the default for all
fields I suppose that's fine too since it sounds like that will happen
eventually.

Just need help with what the structure of the template should be... Thanks!

On Wednesday, April 15, 2015 at 8:29:28 PM UTC-4, Mark Walkom wrote:

Yes that is correct, you have to update your mappings and wait for new
indices to be created from it, it's not something that can be applied
retroactively without reindexing.

On 16 April 2015 at 09:55, Scott Chapman <scotted...@gmail.com
<javascript:>> wrote:

Yea, that's where I started with it. But, if I understand it, that looks
like how I can change the mapping for a specific property. But I would
think I need to make a similar change to my index template otherwise new
indexes that get created will no long have that mapping. Or am I
misunderstanding?

On Wednesday, April 15, 2015 at 7:20:22 PM UTC-4, Mark Walkom wrote:

Start here and you'll be good to go - http://www.elastic.co/guide/
en/elasticsearch/guide/current/doc-values.html

On 16 April 2015 at 08:03, Scott Chapman scotted...@gmail.com wrote:

Probably. I just need some help figuring out how to do that. Help?

On Wednesday, April 15, 2015 at 5:42:55 PM UTC-4, Mark Walkom wrote:

You should, ideally, be using it for anything that isn't analysed.

--
You received this message because you are subscribed to the Google
Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to elasticsearc...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/
msgid/elasticsearch/95184c87-6471-489b-bc01-0883ea80181f%
40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/95184c87-6471-489b-bc01-0883ea80181f%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearc...@googlegroups.com <javascript:>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/df144d62-feaa-4249-aba9-b6c8aa117c50%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/df144d62-feaa-4249-aba9-b6c8aa117c50%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/eb799d79-c4ec-4fbf-ab21-d67862f08bb0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

warkolm · June 16, 2015, 3:26pm

As per the docs just add this;

"@version" : {
"index" : "not_analyzed",
"type" : "string",

```
       "doc_values": true*
    }
```

On 17 April 2015 at 09:35, Scott Chapman scottedchapman@gmail.com wrote:

Thanks, that's what I thought.

So, please help me with my template I gave above. I am familiar with up to
update it, I am just not real sure on how to change it so that a specific
field uses Doc View. Or if it is easier to make it the default for all
fields I suppose that's fine too since it sounds like that will happen
eventually.

Just need help with what the structure of the template should be... Thanks!

On Wednesday, April 15, 2015 at 8:29:28 PM UTC-4, Mark Walkom wrote:

Yes that is correct, you have to update your mappings and wait for new
indices to be created from it, it's not something that can be applied
retroactively without reindexing.

On 16 April 2015 at 09:55, Scott Chapman scotted...@gmail.com wrote:

Yea, that's where I started with it. But, if I understand it, that looks
like how I can change the mapping for a specific property. But I would
think I need to make a similar change to my index template otherwise new
indexes that get created will no long have that mapping. Or am I
misunderstanding?

On Wednesday, April 15, 2015 at 7:20:22 PM UTC-4, Mark Walkom wrote:

Start here and you'll be good to go - http://www.elastic.co/guide/
en/elasticsearch/guide/current/doc-values.html

On 16 April 2015 at 08:03, Scott Chapman scotted...@gmail.com wrote:

Probably. I just need some help figuring out how to do that. Help?

On Wednesday, April 15, 2015 at 5:42:55 PM UTC-4, Mark Walkom wrote:

You should, ideally, be using it for anything that isn't analysed.

--
You received this message because you are subscribed to the Google
Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to elasticsearc...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/
msgid/elasticsearch/95184c87-6471-489b-bc01-0883ea80181f%
40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/95184c87-6471-489b-bc01-0883ea80181f%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google
Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to elasticsearc...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/df144d62-feaa-4249-aba9-b6c8aa117c50%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/df144d62-feaa-4249-aba9-b6c8aa117c50%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/eb799d79-c4ec-4fbf-ab21-d67862f08bb0%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/eb799d79-c4ec-4fbf-ab21-d67862f08bb0%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAEYi1X_Zww%2BFtg6Pxcmmn_Ak8FAenF9Ui17f7BCnZwsvrjKOeQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Scott_Chapman · June 16, 2015, 3:26pm

Thanks. The field I wanted to map was @timestamp which isn't explicitly in
the template. What would it look like?

Also, once I have made the change to my template, what's the right way to
test it (validate that for a new index i is using Doc Value for the
specific field)?

On Thursday, April 16, 2015 at 7:57:41 PM UTC-4, Mark Walkom wrote:

As per the docs just add this;

"@version" : {
"index" : "not_analyzed",
"type" : "string",
       "doc_values": true*
    }
On 17 April 2015 at 09:35, Scott Chapman <scotted...@gmail.com
<javascript:>> wrote:

Thanks, that's what I thought.

So, please help me with my template I gave above. I am familiar with up
to update it, I am just not real sure on how to change it so that a
specific field uses Doc View. Or if it is easier to make it the default for
all fields I suppose that's fine too since it sounds like that will happen
eventually.

Just need help with what the structure of the template should be...
Thanks!

On Wednesday, April 15, 2015 at 8:29:28 PM UTC-4, Mark Walkom wrote:

Yes that is correct, you have to update your mappings and wait for new
indices to be created from it, it's not something that can be applied
retroactively without reindexing.

On 16 April 2015 at 09:55, Scott Chapman scotted...@gmail.com wrote:

Yea, that's where I started with it. But, if I understand it, that
looks like how I can change the mapping for a specific property. But I
would think I need to make a similar change to my index template otherwise
new indexes that get created will no long have that mapping. Or am I
misunderstanding?

On Wednesday, April 15, 2015 at 7:20:22 PM UTC-4, Mark Walkom wrote:

Start here and you'll be good to go - http://www.elastic.co/guide/
en/elasticsearch/guide/current/doc-values.html

On 16 April 2015 at 08:03, Scott Chapman scotted...@gmail.com wrote:

Probably. I just need some help figuring out how to do that. Help?

On Wednesday, April 15, 2015 at 5:42:55 PM UTC-4, Mark Walkom wrote:

You should, ideally, be using it for anything that isn't analysed.

--
You received this message because you are subscribed to the Google
Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to elasticsearc...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/
msgid/elasticsearch/95184c87-6471-489b-bc01-0883ea80181f%
40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/95184c87-6471-489b-bc01-0883ea80181f%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google
Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to elasticsearc...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/df144d62-feaa-4249-aba9-b6c8aa117c50%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/df144d62-feaa-4249-aba9-b6c8aa117c50%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearc...@googlegroups.com <javascript:>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/eb799d79-c4ec-4fbf-ab21-d67862f08bb0%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/eb799d79-c4ec-4fbf-ab21-d67862f08bb0%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/39619d42-60ce-45bd-805e-de6306d34477%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

warkolm · June 16, 2015, 3:26pm

You can add it in and it'll map it correctly.

"@timestamp" : {
"index" : "not_analyzed",
"type" : "date",

```
       "doc_values": true*
    }
```

On 17 April 2015 at 10:14, Scott Chapman scottedchapman@gmail.com wrote:

Thanks. The field I wanted to map was @timestamp which isn't explicitly in
the template. What would it look like?

Also, once I have made the change to my template, what's the right way to
test it (validate that for a new index i is using Doc Value for the
specific field)?

On Thursday, April 16, 2015 at 7:57:41 PM UTC-4, Mark Walkom wrote:
As per the docs just add this;

"@version" : {
"index" : "not_analyzed",
"type" : "string",
       "doc_values": true*
    }
On 17 April 2015 at 09:35, Scott Chapman scotted...@gmail.com wrote:

Thanks, that's what I thought.

So, please help me with my template I gave above. I am familiar with up
to update it, I am just not real sure on how to change it so that a
specific field uses Doc View. Or if it is easier to make it the default for
all fields I suppose that's fine too since it sounds like that will happen
eventually.

Just need help with what the structure of the template should be...
Thanks!

On Wednesday, April 15, 2015 at 8:29:28 PM UTC-4, Mark Walkom wrote:

Yes that is correct, you have to update your mappings and wait for new
indices to be created from it, it's not something that can be applied
retroactively without reindexing.

On 16 April 2015 at 09:55, Scott Chapman scotted...@gmail.com wrote:

Yea, that's where I started with it. But, if I understand it, that
looks like how I can change the mapping for a specific property. But I
would think I need to make a similar change to my index template otherwise
new indexes that get created will no long have that mapping. Or am I
misunderstanding?

On Wednesday, April 15, 2015 at 7:20:22 PM UTC-4, Mark Walkom wrote:

Start here and you'll be good to go - http://www.elastic.co/guide/
en/elasticsearch/guide/current/doc-values.html

On 16 April 2015 at 08:03, Scott Chapman scotted...@gmail.com
wrote:

Probably. I just need some help figuring out how to do that. Help?

On Wednesday, April 15, 2015 at 5:42:55 PM UTC-4, Mark Walkom wrote:

You should, ideally, be using it for anything that isn't analysed.

--
You received this message because you are subscribed to the Google
Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to elasticsearc...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/95184c87-
6471-489b-bc01-0883ea80181f%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/95184c87-6471-489b-bc01-0883ea80181f%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google
Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to elasticsearc...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/df144d62-feaa-4249-aba9-b6c8aa117c50%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/df144d62-feaa-4249-aba9-b6c8aa117c50%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google
Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to elasticsearc...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/eb799d79-c4ec-4fbf-ab21-d67862f08bb0%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/eb799d79-c4ec-4fbf-ab21-d67862f08bb0%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/39619d42-60ce-45bd-805e-de6306d34477%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/39619d42-60ce-45bd-805e-de6306d34477%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAEYi1X_FY99dhkJYQG6WKcQEdt-4Hg90ZrtFwea%3DM5-LooA9cg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Scott_Chapman · June 16, 2015, 3:26pm

Thanks Mark. Exactly what I was looking for. Once I make the change is
there any way I can tell it is being used properly for a specific field?

On Friday, April 17, 2015 at 10:23:15 PM UTC-4, Mark Walkom wrote:

You can add it in and it'll map it correctly.

"@timestamp" : {
"index" : "not_analyzed",
"type" : "date",
       "doc_values": true*
    }
On 17 April 2015 at 10:14, Scott Chapman <scotted...@gmail.com
<javascript:>> wrote:
Thanks. The field I wanted to map was @timestamp which isn't explicitly
in the template. What would it look like?

Also, once I have made the change to my template, what's the right way to
test it (validate that for a new index i is using Doc Value for the
specific field)?

On Thursday, April 16, 2015 at 7:57:41 PM UTC-4, Mark Walkom wrote:
As per the docs just add this;

"@version" : {
"index" : "not_analyzed",
"type" : "string",
       "doc_values": true*
    }
On 17 April 2015 at 09:35, Scott Chapman scotted...@gmail.com wrote:

Thanks, that's what I thought.

So, please help me with my template I gave above. I am familiar with up
to update it, I am just not real sure on how to change it so that a
specific field uses Doc View. Or if it is easier to make it the default for
all fields I suppose that's fine too since it sounds like that will happen
eventually.

Just need help with what the structure of the template should be...
Thanks!

On Wednesday, April 15, 2015 at 8:29:28 PM UTC-4, Mark Walkom wrote:

Yes that is correct, you have to update your mappings and wait for new
indices to be created from it, it's not something that can be applied
retroactively without reindexing.

On 16 April 2015 at 09:55, Scott Chapman scotted...@gmail.com wrote:

Yea, that's where I started with it. But, if I understand it, that
looks like how I can change the mapping for a specific property. But I
would think I need to make a similar change to my index template otherwise
new indexes that get created will no long have that mapping. Or am I
misunderstanding?

On Wednesday, April 15, 2015 at 7:20:22 PM UTC-4, Mark Walkom wrote:

Start here and you'll be good to go - http://www.elastic.co/guide/
en/elasticsearch/guide/current/doc-values.html

On 16 April 2015 at 08:03, Scott Chapman scotted...@gmail.com
wrote:

Probably. I just need some help figuring out how to do that. Help?

On Wednesday, April 15, 2015 at 5:42:55 PM UTC-4, Mark Walkom wrote:

You should, ideally, be using it for anything that isn't analysed.

--
You received this message because you are subscribed to the Google
Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to elasticsearc...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/95184c87-
6471-489b-bc01-0883ea80181f%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/95184c87-6471-489b-bc01-0883ea80181f%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google
Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to elasticsearc...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/df144d62-feaa-4249-aba9-b6c8aa117c50%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/df144d62-feaa-4249-aba9-b6c8aa117c50%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google
Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to elasticsearc...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/eb799d79-c4ec-4fbf-ab21-d67862f08bb0%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/eb799d79-c4ec-4fbf-ab21-d67862f08bb0%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearc...@googlegroups.com <javascript:>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/39619d42-60ce-45bd-805e-de6306d34477%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/39619d42-60ce-45bd-805e-de6306d34477%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/90564fca-a73e-428a-a3ed-c84d479a649d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

warkolm · June 16, 2015, 3:27pm

It's a little difficult to see what is currently in field data to check
(you need a heap dump). You could probably keep an eye on existing field
data and see if it increases slower than before but that's a little
abstract.

Really, as long as it doesn't complain about the mapping you're good.

On 18 April 2015 at 12:32, Scott Chapman scottedchapman@gmail.com wrote:

Thanks Mark. Exactly what I was looking for. Once I make the change is
there any way I can tell it is being used properly for a specific field?

On Friday, April 17, 2015 at 10:23:15 PM UTC-4, Mark Walkom wrote:
You can add it in and it'll map it correctly.

"@timestamp" : {
"index" : "not_analyzed",
"type" : "date",
       "doc_values": true*
    }
On 17 April 2015 at 10:14, Scott Chapman scotted...@gmail.com wrote:
Thanks. The field I wanted to map was @timestamp which isn't explicitly
in the template. What would it look like?

Also, once I have made the change to my template, what's the right way
to test it (validate that for a new index i is using Doc Value for the
specific field)?

On Thursday, April 16, 2015 at 7:57:41 PM UTC-4, Mark Walkom wrote:
As per the docs just add this;

"@version" : {
"index" : "not_analyzed",
"type" : "string",
       "doc_values": true*
    }
On 17 April 2015 at 09:35, Scott Chapman scotted...@gmail.com wrote:

Thanks, that's what I thought.

So, please help me with my template I gave above. I am familiar with
up to update it, I am just not real sure on how to change it so that a
specific field uses Doc View. Or if it is easier to make it the default for
all fields I suppose that's fine too since it sounds like that will happen
eventually.

Just need help with what the structure of the template should be...
Thanks!

On Wednesday, April 15, 2015 at 8:29:28 PM UTC-4, Mark Walkom wrote:

Yes that is correct, you have to update your mappings and wait for
new indices to be created from it, it's not something that can be applied
retroactively without reindexing.

On 16 April 2015 at 09:55, Scott Chapman scotted...@gmail.com
wrote:

Yea, that's where I started with it. But, if I understand it, that
looks like how I can change the mapping for a specific property. But I
would think I need to make a similar change to my index template otherwise
new indexes that get created will no long have that mapping. Or am I
misunderstanding?

On Wednesday, April 15, 2015 at 7:20:22 PM UTC-4, Mark Walkom wrote:

Start here and you'll be good to go - http://www.elastic.co/guide/
en/elasticsearch/guide/current/doc-values.html

On 16 April 2015 at 08:03, Scott Chapman scotted...@gmail.com
wrote:

Probably. I just need some help figuring out how to do that. Help?

On Wednesday, April 15, 2015 at 5:42:55 PM UTC-4, Mark Walkom
wrote:

You should, ideally, be using it for anything that isn't analysed.

--
You received this message because you are subscribed to the Google
Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to elasticsearc...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/95184c87-
6471-489b-bc01-0883ea80181f%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/95184c87-6471-489b-bc01-0883ea80181f%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google
Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to elasticsearc...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/df144d62-feaa-4249-aba9-b6c8aa117c50%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/df144d62-feaa-4249-aba9-b6c8aa117c50%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google
Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to elasticsearc...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/eb799d79-c4ec-4fbf-ab21-d67862f08bb0%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/eb799d79-c4ec-4fbf-ab21-d67862f08bb0%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google
Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to elasticsearc...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/39619d42-60ce-45bd-805e-de6306d34477%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/39619d42-60ce-45bd-805e-de6306d34477%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/90564fca-a73e-428a-a3ed-c84d479a649d%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/90564fca-a73e-428a-a3ed-c84d479a649d%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAEYi1X-GGN_OzsF52emvQAstg4-%2BC%2BK7c9bxTKP%3DGf0vv5X_bw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

system · July 6, 2017, 12:18am