Elasticsearch 6.4.1 index size reduce

Hi Everyone,
got a problem with index size reducing and data optimization.
Problems for now:

1. by default all text fields duplicated with fieldname and fieldname.keyword. How I can leave just fieldname ? without fieldname.keyword;
2. fields with "type": "keyword" do not have keywords in Kibana filter search. If I got fieldname and fieldname.keyword Kibana filter search works fine;

I found recomendation for ES 5
"properties": {
"@version": {
"type": "keyword",
"include_in_all": false
},

BUT "include_in_all" removed in ES 6.4

I would be grateful for your help

This is a good place to start.

thanks, but it was not a good advice.
I found solution -

GET /_template/logs
{
"logs": {
"order": 0,
"index_patterns": [
"log-*"
],
"settings": {
"index": {
"number_of_shards": "1"
}
},
"mappings": {
"doc": {
"properties": {
"@timestamp": {
"type": "date"
},
"Method": {
"type": "keyword",
"ignore_above": 256
},
"Service": {
"type": "keyword",
"ignore_above": 256
},
"User": {
"type": "keyword",
"ignore_above": 256
},
"body": {
"type": "text",
"norms": false
},
"ip": {
"type": "keyword",
"ignore_above": 256
}
},
"_all": {
"enabled": false
},
"dynamic_templates": [
{
"string_fields": {
"match_mapping_type": "string",
"mapping": {
"type": "keyword",
"norms": false
}
}
}
]
}
},
"aliases": {}
}
}

maybe I can optimise it more?

Notice another problem - ip does not have pop up values in Kibana.
Any ideas why?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.