Dynamic index creation

siakc · July 1, 2024, 7:52am

From what I understand ES tries to create index by some rules from incoming logs (which I think we call documents).
Now I have too many fields in my docs which ES creates index for. What I need is to stop it from including each new field it sees into index.
I could create and index template and somehow tell ES to only include the fields that are in that template.
Am I seeing it from the right angle and is that what I want to do sane and valid? If so how can I achieve it?

Alex_Salgado-Elastic · July 1, 2024, 10:11am

Please see if this helps to clarify: How to index only some of the fields of the entire document? - #9 by stephenb

siakc · July 1, 2024, 12:47pm

It gives some clarity. Can we change the behaviour of adding each new field to index by ES?

leandrojmp · July 1, 2024, 12:59pm

You can create a template and set dynamic to false as mentioned in the documentation.

stephenb · July 1, 2024, 2:07pm

Hi @siakc

@leandrojmp advice is correct,

The link above was in reference to the Elastic App Search solution which is easier to use but less flexible.

If you are just using plain elasticsearch setting dynamic to false In an index template is How to stop additional fields from being added that are not already defined in your mapping.

Topic		Replies	Views
Index creation templates Elasticsearch	3	355	October 25, 2018
Elasticsearch index without template? Elasticsearch	2	1529	July 5, 2017
Dynamic data and none index fields Elasticsearch	4	673	May 18, 2020
A question about dynamic templates Elasticsearch	8	1425	July 2, 2020
Forbid templateless index creation? Elasticsearch	3	568	April 3, 2017

Dynamic index creation

Related Topics