Help to customizing Index and Type

Hi,

I have migrated ELK 6.x to ELK 7.8.In previous version I used to ship log using logship.py where as now I have to use filebeats.
I am facing two issues here
1)'index' and 'type' I am getting as meta format that is as '_index' and '_type'.
How to get it without underscore??

2)In previous configuration I can easily define index and types..
ex: if I create a index name shopebill under the same index I can create 3 different types that is---
shopebill-stat
shopebill-item
shopebill-rate

But in the ne method when if I am defining the index I am not able to create different type under same index.

Can anybody help me to create that??

Thanks in advance...

#stack-elasticsearch, #stack-kibana, #stack-logstash, #stack-beats

Are the original types you have the same document, with different values, or totally different document structures?

It's a same document structure.
Somehow I manged to generate the type. but the index is still coming as _index..
is there any way to remove the ' _ '

Also after shipping the log I can see there are lots of unwanted field in the Kibana Logs.
Should I create a restrict it in the filter section of the lostash.conf?
If that is the case what should be the syntax(my goal is to only ship the fields I mentioned in my grok patterns for my message)??

If they are the same structure, then just create a new field called shopebill-type and then assign the appropriate value to that in the doc.

Hi Mate..
Can you help me with another issue as I am very new to this filebeat shipping thing.
Once I ship the log to kibana I am getting so many meta data field both for kibana and filebeat...now I can filter it in kibana visualisation but is there any way to filter out/exclude those field during log ingestion .

Thanks in advance..

It'd be better to create a new topic on that one, just to keep things clear

sure.... post created

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.