Sorry I am new to ES. I have to give quick demo on my application log analysis.
Question:
in summary update:
from: logname='APPLog'
to: logname='AppLog'
Can anyone give exact query?
You can give a look at update by query in the docs.
But do you really to change it? Is it for display purpose? For search? Aggregations?
Only for aggregation.
I have pumped many documents but I have made mistake in logstash so few documents have typo. So kibana aggregations give separate barchart for terms( though I changed to uppercase in kibana).
Yeah. I see.
Ideally in a next version of elasticsearch, we will support an option to lowercase keyword fields.
Are you using elasticsearch 5.0?
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.