Elasticsearch Index Mapping issues

motts · October 11, 2018, 4:30pm

Hello,

I am on ES 2.4. I am having issues with my mapping it seems. If i go into Kibana and set my index pattern name, I do not see any ".raw" fields. However, if I change my index pattern to just "*", then I get to see the .raw fields I expect to see in my index, so it must be an issue with how I create the mapping.

Here is what I do

curl -XPUT 'localhost:9200/_template/firewall?pretty' -H 'Content-Type: application/json' -d'
{
 "template": "firewall-*",
  "settings": {
    "number_of_shards": 1
  },
  "mappings": {
    "type1": {
      "_source": {
        "enabled": true
      },
      "properties": {
        "host_name": {
          "type": "string",
          "index": "not_analyzed"
        },
        "created_at": {
          "type": "date",
          "format": "EEE MMM dd HH:mm:ss Z YYYY"
        }
      }
    }
  }
}
'

Please give me some assistance.

thanks

motts · October 11, 2018, 9:08pm

Basically, I just want something simple to apply to all the indices. The default mapping works fine, but it seems to only apply to logstash-* indices. I am not sure if there is a way to change that to apply to everything and then I don't have to do this step.

system · November 8, 2018, 9:08pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.