How to change the field type of data loaded in Kibana

kibana_novice · June 21, 2018, 3:37pm

Hello everyone!

I am working on creating a real-time timeline for my company, I am using kibana for this purpose.
Process so far

Installed kibana and elastic search
Exported log data from AWS and stored it in json format
uploaded the raw data to kibana using postman (POST command)

Problem: The data loaded into kibana with all default field types as string. I read the documentation on mapping and indexing but I could not get a clear understanding of what must be done. I created a mapping in the kibana console and reloaded the data to try and fix this. Although I got an error which said the mapping for this index has more than one parameter. When I tried to change the mapping for an existing index, I got the error mapping already exists for this index.

Please help me resolve the issue. If someone could list out the steps or share a tutorial video for this process that would be great! Thanks in advance!

a5a · June 21, 2018, 5:27pm

You cannot PUT a mapping for an existing index. You have 2 options: create a new index with the correct mappings and move the documents over with a reindex, or delete the index and recreate it with the correct mappings and then index the documents again.

Reindex:

Here's an article on how to change mappings (with zero downtime).
You can also read the docs on reindexing.

What this means is, basically, you have to create a new index with the correct mappings, just like in the starting over option. But additionally, you also need to reindex documents from the old to the new index. That's because they're in one format in the old index, and you're reformatting them as you put them in the new index with the correct mappings already defined.

Start over:
Deleting the index and starting over with the correct mappings means, you'll have to PUT the new index with the mappings when you create that index. Then you import/upload your data into that index. If you start out with an index and already some documents have been indexed into it, the mapping will be set for those fields in the documents, and you cannot change that mapping unless you do a reindex. So just remember when going this route, create your new index with the correct mappings first. (Same as the reindex option, except you don't need to transform/move documents from old index into new index.)

kibana_novice · June 22, 2018, 6:22pm

Thank you for your help!

system · July 20, 2018, 6:22pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.