Elasticsearch not using template correctly?

Rolf_Nufable · November 8, 2018, 4:39pm

Hi All,

I'am fairly new to the elastic stack so apologies if this is a very noob question.

I am using ELK within security solutions OS where I created a custom template to cater my needs on one of the CSV files I want to ingest in ELK.

The custom template is listed along with the other templates ( default templates at the ELK stack ). I've also specified in my config file in logstash to use the custom template. But when I would create the index in the Kibana UI ( the index name specified in the config file is seen in kibana ) . The fields displayed are a mix from the custom template and the default templates.

How could I fix this issue??

Plus I cannot see data from the CSV file as well. although Logstash is running completely fine and elasticsearch as well.

Any ideas on what is happening here?

Thanks in advance!

spinscale · November 9, 2018, 11:08am

can you share the output of retrieving the template as well as the call of the index creation?

Thanks!

Rolf_Nufable · November 14, 2018, 5:08pm

Hi spinscale,

Apologies I didn't respond immediately. I forgot I asked a question here in the Elastic group.

Though I have added the csv file now in my ELK instance , ( housed inside Security Onion).

Thanks for your response!

system · December 12, 2018, 5:08pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash 7.10 is ignoring custom index template Logstash	27	1782	January 15, 2021
Logstash templates? Are they needed? Logstash	2	471	October 22, 2017
Mapping created using Template does not work Elasticsearch	5	1026	July 6, 2017
Template is not being used, mapping not working Elasticsearch	17	9236	August 10, 2019
Impossible to find index template path Kibana	5	313	September 19, 2022

Elasticsearch not using template correctly?

Related topics