Hi there,
I'm happily parsing a bunch of syslog files in Logstash, but notice that an entry like %{DATA:Something} creates a Something field and additionally a Something.keyword field in Elasticsearch.
Is there a way to suppress the generation of this additional Something.keyword field and it's duplicate data?
Thank you!
This is really an elasticsearch question. The default template creates a keyword for every text field. This blog post provides background on why. You will need to supply a different template.
Thank you - that's really helpful.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.