I've installed latest versions of elasticsearch, kibana and logstash (8.11.1) on test cluster. Next, created new simple logstash pipeline that listens tcp port, next send data to elasticsearch with simple ingest pipeline with 1 JSON processor
Everything seems alright, except 1 problem - mapping of index. It must contains about 50 fields, but somehow elasticsearch with it dynamic mapping added ALL of possible fields (about 1200+), that never presents in this index (data).
On elasticsearch cluster with 8.4 version this never happens, it dynamically added only fields that exists in data. Please help, what I'm doing wrong?
Yes, I have auto-generated index template called same as index (kata2) which contains multiple fields that not used in data in my index. It looks similar to prod-cluster.
Perhaps now I understand my problem. Mapping is incorrect because of my settings in both versions, only difference is how kibana show fields (in Discover). 8.4 show only fields that contain data, 8.11 show everything that exists in mapping. Is there any way that helps me to show only fields that contain data in 8.11 ? And maybe there are exists template for auto-generated index templates? Thank you!
Thanks for answers!
Find solution for me. Simply create empty index template before adding new logstash pipeline makes everything correct. Zero unnecesary fields, zero problems
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
