Hi.
Elasticsearch ; 1.7.1
logstash : 1.5.3
kibana : 4
My logstash put my log file on elasticsearch.
And I discover logstash raw data in kibana 4.
But I hava a problem. kibana 4 seperate field's value by "-"..
A value of Host name field has a String like "xxx-xxxx".
Logstash index name has a pattern "logstash-yyyy-mm-dd".
So I found i have to apply not analyzed field with dynamic template.
Could you tell me how to do it? (I use sense of marvel.)
It's not really clear what you want to do here, can you try explaining it again?
here is my setting.
PUT /_template/default_template
{
"template": "logstash-",
"settings": {
"index.number_of_replicas": "1",
"index.number_of_shards": "5"
},
"mappings": {
"default": {
"dynamic_templates": [
{
"string_match": {
"mapping": {
"index": "not_analyzed",
"doc_values": true,
"type": "string"
},
"match": "",
"match_mapping_type": "string"
}
},
{
"other": {
"mapping": {
"doc_values": true
},
"match": "",
"match_mapping_type": ""
}
}
],
"_all": {
"enabled": false
}
}
},
"aliases": {}
}
Thanks a lot for your replay.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.