ES 2.4 Index Template Problem need a little help figuring it out!

gh0stid · September 27, 2016, 7:04pm

Hello all,

Stupid problem over here im sure... i just cant place the finger on it... If you could point me to the problem it would be greatly apreciated.

heres the template :

curl -XPUT 'http://localhost:9200/_template/ftg' -d '
{
  "order" : 0,
  "template": "ftg-*",
  "settings" : {
    "index.refresh_interval" : "5s"
    "index.number_of_replicas" : 0
    "index.codec" : "best_compression"
    "number_of_shards" : 5
        }
  },
  "mappings" : {
    "_default_" : {
       "_all" : { "enabled" : false },
       "dynamic_templates" : [ {
         "message_field" : {
           "match" : "message",
           "match_mapping_type" : "string",
           "mapping" : {
             "type" : "string", "index" : "analyzed", "omit_norms" : true,
             "fields" : {
              "raw" : {"type": "string", "index" : "not_analyzed", "ignore_above" : 256}
             }
           }
         }
       }, {
         "string_fields" : {
           "match" : "*",
           "match_mapping_type" : "string",
           "mapping" : {
             "type" : "string", "index" : "analyzed", "omit_norms" : true,
               "fields" : {
                 "raw" : {"type": "string", "index" : "not_analyzed", "ignore_above" : 256}
               }
           }
         }
       } ],
"properties" : {
         "@version": { "type": "string", "index": "not_analyzed" },
         "geoip"  : {
           "type" : "object",
             "dynamic": true,
             "properties" : {
               "location" : { "type" : "geo_point" }
             }
         }
       }
    }
  }
}'

im sure the problem is pretty dumb, but I keep getting error code 34, execting a comma... Cant find where.

please pretty please ?

thank you

johtani · September 27, 2016, 8:55pm

Hi,

There is one end brace too many for settings.
And commas are necessary for the end of each lines except the last line in settings.

gh0stid · September 28, 2016, 1:50pm

awesome.... so stupid of me

unfortunately still have another question. an easy one, again

im trying to use a index template, as you noticed..., stilllll even if the template gets used, ( in term of setting and such ) it doesnt work with the "type"

in my logstash file ive setup it to be type "FTG" yet, apparentely the log it self have a "field" that I cant drop. that push the type for the logs.. "event" "traffic" "utm"

How would someone be able to make em all "ftg" ?

Not sure if im clear enought, sorry for that :\