I notice that starting from elasticsearch 8.x everything has changed in relation to working with templates and I am very confused and I would like a Samaritan to help me solve this problem.
curl -s -H "Content-type: application/json" -X PUT -u elastic:password https://127.0.0.1:9200/_template/scan -d'
{
"template": "scan-*",
"settings": {
"number_of_shards": 1,
"index.refresh_interval": "5s"
},
"mappings": {
"_default_": {
"_all": {
"enabled": false
},
"properties": {
"@timestamp": {
"type": "date",
"format": "dateOptionalTime"
},
"@version": {
"type": "integer",
"index": "not_analyzed"
},
"time_t": {
"type": "date",
"format": "strict_date_optional_time||epoch_millis"
},
"ip": {
"type": "ip",
"norms": {
"enabled": false
}
},
"ip_proto": {
"type": "string",
"index": "not_analyzed"
},
"port": {
"type": "integer",
"index": "not_analyzed"
},
"service": {
"type": "string",
"index": "not_analyzed"
},
"state": {
"type": "string",
"index": "not_analyzed"
},
"banner": {
"type": "string",
"index": "analyzed"
},
"geoip": {
"type": "object",
"dynamic": true,
"properties": {
"location": {
"type": "geo_point"
}
}
}
}
}
}
}'
Response:
{
"error": {
"root_cause": [
{
"type": "x_content_parse_exception",
"reason": "[2:15] [template] template doesn't support values of type: VALUE_STRING"
}
],
"type": "x_content_parse_exception",
"reason": "[2:15] [template] template doesn't support values of type: VALUE_STRING"
},
"status": 400
}