Create template is failing - "Could not resolve host:localhost"

Elastic Stack Elasticsearch
1

I use elastic search for logging.Eevery day I have a new log index automatically created, the pattern for the name of the index is "log-*".

I have a property in this index called Message which is being split into multiple words when I try view it in Kibana.The solution seems to be that I need to set this field to not_analyzed but seems like this is harder than it looks.

I created a .bat file which contains a template which is supposed to set Messge to not_analyzed but when I try execute the batch file in cmd I get the following error:

And here is my .bat file:

curl -XPUT 'localhost:9200/_template/template_1' -d '{
"template": "log-",
"settings": {
"index.refresh_interval": "5s"
},
"mappings": {
"default": {
"_all": {
"enabled": true
},
"dynamic_templates": [
{
"string_fields": {
"match": "",
"match_mapping_type": "string",
"mapping": {
"index": "not_analyzed",
"omit_norms": true,
"type": "string"
}
}
}
],
"properties": {
"@Message": {
"type": "string",
"index": "not_analyzed"
},
"geoip": {
"type": "object",
"dynamic": true,
"path": "full",
"properties": {
"location": {
"type": "geo_point"
}
}
}
}
}
}
}'

pause

Please help me guys, I'm struggling with this for almost a week now, what I want is really simple:

  1. For all old and new templates starting with "log-*"
  2. Make sure that the Message field is set to not_analyzed
2

Please don't post screenshots. Use copy/paste.

It looks like the quote right before "localhost" isn't a regular straight single quote so it's passed verbatim to curl that thinks it's part of the hostname.

But there are no command interpreter metacharacters in "localhost:9200/_template/template_1" so you can just drop the quotes around it.

Secondly, I don't think Windows's command interpreter supports this kind of multi-line arguments (so it thinks each line a new command that it can't recognize). As I suggested earlier you might be better served by Sense, Postman, or some other browser plugin for making REST calls.

  1. For all old and new templates starting with "log-*"

If you had just gone with the default index name pattern of logstash-* you wouldn't have had these problems. A good rule of thumb is to stick to defaults for a while.