Custom analyser not working

Malefitz · July 6, 2015, 12:28pm

Hi,

i'm working on a new template for my syslog messages. Here's my template:

PUT _template/syslog
{
"template": "syslog*",
"settings": {
"analysis": {
  "analyzer": {
    "only_lowercase": {
      "type": "custom",
      "tokenizer": "keyword",
      "filter": [
        "lowercase"
      ]
    }
  }
}
},
"mappings": {
"_default_": {
  "properties": {
    "syslog_pid": {
      "type": "integer",
      "index": "not_analyzed"
    },
    "syslog_program": {
      "type": "string",
      "index": "not_analyzed",
      "analyzer": "only_lowercase"
    },
    "syslog_hostname": {
      "type": "string",
      "analyzer": "only_lowercase"
    },
    "syslog_message": {
      "type": "string",
      "analyzer": "only_lowercase"
    },
    "received_from": {
      "type": "ip"
    },
    "host": {
      "type": "ip"
    }
  }
}
}
}

I want to lowercase incomming syslog_hostname, but it's not working. But, if i'm testing with

curl 'http://localhost:9200/syslog-2015.07.06/_analyze?analyzer=only_lowercase' -d "Hostname"

"Hostname" will be lowercase. So what is going wrong ?

Michael

Topic		Replies	Views
Create custom analyzer in index template Elasticsearch	2	496	December 17, 2018
Defining analyzers globally Elasticsearch	1	361	July 9, 2018
Elasticsearch custom analyzer not working Elasticsearch	4	959	July 5, 2017
Specifying default custom analyzer Elasticsearch	2	449	September 19, 2017
Use standard analyzer for specific field in template Elasticsearch	1	322	July 6, 2018

Custom analyser not working

Related topics