I am trying to update mapping to make certain fields not_analyzed. The
index gets created from default template, now I'm trying to add the
following mapping to it (long) and get an error. The index is empty.
I am trying to update mapping to make certain fields not_analyzed. The
index gets created from default template, now I'm trying to add the
following mapping to it (long) and get an error. The index is empty.
Thank you Mark, I'll keep trying, will also try elasticdump to load custom
mapping or play with templates.
Cheers,
David
On Tuesday, March 24, 2015 at 3:44:55 PM UTC-7, Mark Walkom wrote:
Try deleting the index and recreating using the updated mapping?
Also as a suggestion, avoid using TTL, it's very resource intensive and if
you are using time based data then you should use time based indices.
On 25 March 2015 at 08:28, David Kleiner <david....@gmail.com
<javascript:>> wrote:
Greetings,
I am trying to update mapping to make certain fields not_analyzed. The
index gets created from default template, now I'm trying to add the
following mapping to it (long) and get an error. The index is empty.
I got the index template to work, turns out it's really straightforward. I
now do have .raw fields and all the world is green.
I'll add the template to my other index so it gets geoip mapping when I
roll to April.
Cheers,
David
On Tuesday, March 24, 2015 at 2:28:38 PM UTC-7, David Kleiner wrote:
Greetings,
I am trying to update mapping to make certain fields not_analyzed. The
index gets created from default template, now I'm trying to add the
following mapping to it (long) and get an error. The index is empty.
So the mapping is updated, all string fields now have .raw copies but I
don't see them in Kibana. Perhaps my understanding of this mechanism is
incomplete and I need to manually copy fields to their .raw counterparts in
logstash so that ES query returns documents with .raw fields in them..
And I did remove the TTL so my cluster is happy again.
On Tuesday, March 24, 2015 at 4:36:05 PM UTC-7, David Kleiner wrote:
I got the index template to work, turns out it's really straightforward. I
now do have .raw fields and all the world is green.
I'll add the template to my other index so it gets geoip mapping when I
roll to April.
So the mapping is updated, all string fields now have .raw copies but I
don't see them in Kibana. Perhaps my understanding of this mechanism is
incomplete and I need to manually copy fields to their .raw counterparts in
logstash so that ES query returns documents with .raw fields in them..
And I did remove the TTL so my cluster is happy again.
On Tuesday, March 24, 2015 at 4:36:05 PM UTC-7, David Kleiner wrote:
I got the index template to work, turns out it's really straightforward.
I now do have .raw fields and all the world is green.
I'll add the template to my other index so it gets geoip mapping when I
roll to April.
On Tuesday, March 24, 2015 at 5:49:16 PM UTC-7, Mark Walkom wrote:
Are you using KB4 or 3?
If 4 then you need to refresh the fields under the index settings.
On 25 March 2015 at 11:06, David Kleiner <david....@gmail.com
<javascript:>> wrote:
My confusion just leveled-up
So the mapping is updated, all string fields now have .raw copies but I
don't see them in Kibana. Perhaps my understanding of this mechanism is
incomplete and I need to manually copy fields to their .raw counterparts in
logstash so that ES query returns documents with .raw fields in them..
And I did remove the TTL so my cluster is happy again.
On Tuesday, March 24, 2015 at 4:36:05 PM UTC-7, David Kleiner wrote:
I got the index template to work, turns out it's really straightforward.
I now do have .raw fields and all the world is green.
I'll add the template to my other index so it gets geoip mapping when I
roll to April.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
