Elasticsearch not using template correctly?

Rolf_Nufable · November 8, 2018, 4:39pm

Hi All,

I'am fairly new to the elastic stack so apologies if this is a very noob question.

I am using ELK within security solutions OS where I created a custom template to cater my needs on one of the CSV files I want to ingest in ELK.

The custom template is listed along with the other templates ( default templates at the ELK stack ). I've also specified in my config file in logstash to use the custom template. But when I would create the index in the Kibana UI ( the index name specified in the config file is seen in kibana ) . The fields displayed are a mix from the custom template and the default templates.

How could I fix this issue??

Plus I cannot see data from the CSV file as well. although Logstash is running completely fine and elasticsearch as well.

Any ideas on what is happening here?

Thanks in advance!

spinscale · November 9, 2018, 11:08am

can you share the output of retrieving the template as well as the call of the index creation?

Thanks!

Rolf_Nufable · November 14, 2018, 5:08pm

Hi spinscale,

Apologies I didn't respond immediately. I forgot I asked a question here in the Elastic group.

Though I have added the csv file now in my ELK instance , ( housed inside Security Onion).

Thanks for your response!

system · December 12, 2018, 5:08pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.