Hi,
We're about to upgrade filebeat 5.5.2 to filebeat 6.2.2
But then the default index template were changed from .json file to .yml file
My question is, how could I put the below json to yml format for us to be able to have a dynamic templates?
"dynamic_templates": [
{
"ipAddress": {
"match": "ipAddress",
"mapping": {
"type": "ip"
}
}
}
]
Thank you!
According to your documentation:
By default Elasticsearch will map string fields as a text field with a sub keyword field. However if you are only indexing structured content and not interested in full text search, you can make Elasticsearch map your fields only as keywords.
But why am I seeing on my logs is the below dynamic_templates:
"strings_as_keyword": {
"match_mapping_type": "string",
"mapping": {
"ignore_above": 1024,
"type": "keyword"Few things here:
type: object and then use object_type: ... to specify the type. For example: - name: fields
type: object
object_type: keyword
description: >
Contains user configurable fields.
filebeat export template to get the raw template and then load it yourself. We are also planning to make loading from a template available again.Hi ruflin,
That was a great help!
So what if I use filebeat export template, does it mean that it'll also be applied to the future logs or will it still be loaded the default template from filebeat 6.2.2?
Thanks.
If you export the template to a file and load it manually, make sure you disable automatic template loading in your Beat.
To simplify loading a template I just opened https://github.com/elastic/beats/pull/7039 It's not done yet, but we get there 
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.